feat(treewide): add mastodon

7 files changed, 50 insertions, 0 deletions

diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix
index f3d792d..f42c084 100644
--- a/system/impermanence/default.nix
+++ b/system/impermanence/default.nix
@@ -3,6 +3,7 @@
   imports = [
     ./mods/acme.nix
     ./mods/mail.nix
+    ./mods/mastodon.nix
     ./mods/matrix.nix
     ./mods/minecraft.nix
     ./mods/murmur.nix
diff --git a/system/impermanence/mods/mastodon.nix b/system/impermanence/mods/mastodon.nix
new file mode 100644
index 0000000..a5bdbfd
--- /dev/null
+++ b/system/impermanence/mods/mastodon.nix
@@ -0,0 +1,10 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/mastodon";
+      user = "mastodon";
+      group = "mastodon";
+      mode = "0700";
+    }
+  ];
+}
diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index 6cd7524..658679b 100644
--- a/system/secrets/default.nix
+++ b/system/secrets/default.nix
@@ -25,6 +25,12 @@
         owner = "root";
         group = "root";
       };
+      mastodonMail = {
+        file = ./mastodon/mail.tix;
+        mode = "700";
+        owner = "mastodon";
+        group = "mastodon";
+      };
     };
   };
 }
diff --git a/system/secrets/mastodon/mail.tix b/system/secrets/mastodon/mail.tix
new file mode 100644
index 0000000..c64a2e7
--- /dev/null
+++ b/system/secrets/mastodon/mail.tix
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT05Uc2hrcFAwd1c5S1o0
+L3hhQURmdUVBbmxSYVFGczdGWThTck9VdkhRCktOZ1JSamN0Ly9pVXJDMDZ4Y0VZ
+bmRyMTlaOU9HOEZ5SitzOVovUkhCNFUKLT4gWDI1NTE5IHlqUTFtODd6QXpNMFBY
+WTY2cTJ2TFI5S0ZGc1doeEVEUi9veGRDKzN5UWsKUC9WZUtXVUs5cnkxL3Y5RlJs
+RTRkNE5zQ0NtbG0vdStuZXZVUzFoeTBwNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg
+Um1qczl3YTM0S3dIb3AzQmpSNVNNUXFzMFNLNEEwQllOSUkrMHNzVy9uMApTdjhz
+U250NGNpdk5SbWhPNjhjWWM0aWovRCt0MjR3M29JSTZjLy9IbTAwCi0+IEwtZ3Jl
+YXNlIEp6KCk4by1jIF0Kd2xoKytCU3d3MGFxZmRmS2gxSDJiVFp1L3hOS2hJVEtz
+NlFHWHhnRW5SNTZRMFFFRUJrVXo2blZvNlZTSXNqeQpVbWFLUmVHN1ptWGdLMkJT
+RVJuUWxTVE4vcDhsCi0tLSA5ckxpdFhrQWErb2NkcXlWaHR6WmVndVppbjRIQ3cw
+VjAxdTlnTEdmTkVrCou6/oezocFtYn7QDWLFzknFPlD5d1xBFutng6dvazWasZXD
+qecouKvAmFFA4mQHUjbmD2QxWdorU7SyYpEPeTJ4rbOuayySkYPxUoo8gqvd7JkS
+0VCavUuSb8nmfk24E3M=
+-----END AGE ENCRYPTED FILE-----
diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix
index cd27612..411f92e 100644
--- a/system/secrets/secrets.nix
+++ b/system/secrets/secrets.nix
@@ -15,4 +15,5 @@ in {
   "invidious/hmac.tix".publicKeys = allSecrets;
   "invidious/settings.tix".publicKeys = allSecrets;
   "miniflux/admin.tix".publicKeys = allSecrets;
+  "mastodon/mail.tix".publicKeys = allSecrets;
 }
diff --git a/system/services/mail/users.nix b/system/services/mail/users.nix
index a30d547..2104a8a 100644
--- a/system/services/mail/users.nix
+++ b/system/services/mail/users.nix
Binary files differdiff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix
new file mode 100644
index 0000000..6fb821e
--- /dev/null
+++ b/system/services/mastodon/default.nix
@@ -0,0 +1,17 @@
+{config, ...}: let
+  emailAddress = "mastodon@vhack.eu";
+in {
+  services.mastodon = {
+    enable = true;
+    localDomain = "mstdn.vhack.eu";
+    configureNginx = true;
+    smtp = {
+      authenticate = true;
+      createLocally = false;
+      fromAddress = emailAddress;
+      user = emailAddress;
+      host = "server1.vhack.eu";
+      passwordFile = "${config.age.secrets.mastdonMail.path}";
+    };
+  };
+}