From 631e9c0fc66e7c0493ea447dfcfcfca93ce0d72c Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 20:49:27 +0200 Subject: feat(treewide): add mastodon --- system/services/mastodon/default.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 system/services/mastodon/default.nix (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix new file mode 100644 index 0000000..6fb821e --- /dev/null +++ b/system/services/mastodon/default.nix @@ -0,0 +1,17 @@ +{config, ...}: let + emailAddress = "mastodon@vhack.eu"; +in { + services.mastodon = { + enable = true; + localDomain = "mstdn.vhack.eu"; + configureNginx = true; + smtp = { + authenticate = true; + createLocally = false; + fromAddress = emailAddress; + user = emailAddress; + host = "server1.vhack.eu"; + passwordFile = "${config.age.secrets.mastdonMail.path}"; + }; + }; +} -- cgit 1.4.1 From b8f786bf568187f83da586df9e5d354e79b59cb2 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 20:56:51 +0200 Subject: fix(system/services/mastodon): correct age secret path --- system/services/mastodon/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 6fb821e..3a983c3 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -11,7 +11,7 @@ in { fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; - passwordFile = "${config.age.secrets.mastdonMail.path}"; + passwordFile = "${config.age.secrets.mastodonMail.path}"; }; }; } -- cgit 1.4.1 From cb49aa5ed36f38aa9608695fb1884846b9f859f9 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 21:35:13 +0200 Subject: fix(system/services/mastodon): separate domains for user handles and webinterface --- system/services/mastodon/default.nix | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 3a983c3..96c2744 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -3,8 +3,7 @@ in { services.mastodon = { enable = true; - localDomain = "mstdn.vhack.eu"; - configureNginx = true; + localDomain = "vhack.eu"; smtp = { authenticate = true; createLocally = false; @@ -13,5 +12,38 @@ in { host = "server1.vhack.eu"; passwordFile = "${config.age.secrets.mastodonMail.path}"; }; + extraConfig.WEB_DOMAIN = "mastodon.vhack.eu"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; # required for redirections to work + virtualHosts = { + "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { + root = "${config.services.mastodon.package}/public/"; + # mastodon only supports https, but you can override this if you offload tls elsewhere. + forceSSL = true; + enableACME = true; + + locations."/system/".alias = "/var/lib/mastodon/public-system/"; + + locations."/" = { + tryFiles = "$uri @proxy"; + }; + + locations."@proxy" = { + proxyPass = "http://unix:/run/mastodon-web/web.socket"; + proxyWebsockets = true; + }; + + locations."/api/v1/streaming/" = { + proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; + proxyWebsockets = true; + }; + }; + "vhack.eu" = { + locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; + }; + }; }; } -- cgit 1.4.1 From bd824945407c1db99d35e1b56fc19ef08abd6c36 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 21:39:35 +0200 Subject: fix(system/services/mastodon): allow registration only with vhack.eu/sils.li mail --- system/services/mastodon/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 96c2744..5007d0e 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -12,7 +12,10 @@ in { host = "server1.vhack.eu"; passwordFile = "${config.age.secrets.mastodonMail.path}"; }; - extraConfig.WEB_DOMAIN = "mastodon.vhack.eu"; + extraConfig = { + WEB_DOMAIN = "mastodon.vhack.eu"; + EMAIL_DOMAIN_ALLOWLIST = "vhack.eu|sils.li"; + }; }; services.nginx = { -- cgit 1.4.1 From 1ddfb655c9cb35a40cc13dca84652678f7a30f1a Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 21:52:37 +0200 Subject: fix(system/services/mastodon): add nginx to group 'mastodon' --- system/services/mastodon/default.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 5007d0e..ea49fc5 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -49,4 +49,6 @@ in { }; }; }; + + users.groups.${config.services.mastodon.group}.members = config.services.nginx.user; } -- cgit 1.4.1 From 478437be715c965a4028693582bef650ce190198 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 21:54:21 +0200 Subject: fix(system/services/mastodon): change string to list of string --- system/services/mastodon/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index ea49fc5..fee472e 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -50,5 +50,7 @@ in { }; }; - users.groups.${config.services.mastodon.group}.members = config.services.nginx.user; + users.groups.${config.services.mastodon.group}.members = [ + config.services.nginx.user + ]; } -- cgit 1.4.1 From cfdd2e350ff5df55beef4fa5b7bc11e9ff5e23c1 Mon Sep 17 00:00:00 2001 From: sils Date: Fri, 13 Oct 2023 13:40:22 +0200 Subject: fix(system/services/mastodon): remove unneccessary stringcasts --- system/services/mastodon/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index fee472e..7522d99 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -10,7 +10,7 @@ in { fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; - passwordFile = "${config.age.secrets.mastodonMail.path}"; + passwordFile = config.age.secrets.mastodonMail.path; }; extraConfig = { WEB_DOMAIN = "mastodon.vhack.eu"; @@ -22,7 +22,7 @@ in { enable = true; recommendedProxySettings = true; # required for redirections to work virtualHosts = { - "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { + "config.services.mastodon.extraConfig.WEB_DOMAIN" = { root = "${config.services.mastodon.package}/public/"; # mastodon only supports https, but you can override this if you offload tls elsewhere. forceSSL = true; -- cgit 1.4.1 From 900d013b708fb84add332fe397a01991cf71a119 Mon Sep 17 00:00:00 2001 From: sils Date: Fri, 13 Oct 2023 17:20:20 +0200 Subject: Revert "fix(system/services/mastodon): remove unneccessary stringcasts" These stringcasts were mandatory. This reverts commit cfdd2e350ff5df55beef4fa5b7bc11e9ff5e23c1. --- system/services/mastodon/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index 7522d99..fee472e 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -10,7 +10,7 @@ in { fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; - passwordFile = config.age.secrets.mastodonMail.path; + passwordFile = "${config.age.secrets.mastodonMail.path}"; }; extraConfig = { WEB_DOMAIN = "mastodon.vhack.eu"; @@ -22,7 +22,7 @@ in { enable = true; recommendedProxySettings = true; # required for redirections to work virtualHosts = { - "config.services.mastodon.extraConfig.WEB_DOMAIN" = { + "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { root = "${config.services.mastodon.package}/public/"; # mastodon only supports https, but you can override this if you offload tls elsewhere. forceSSL = true; -- cgit 1.4.1 From 925e9936646bf071f6de271c8f17727e2ab86616 Mon Sep 17 00:00:00 2001 From: Soispha Date: Fri, 13 Oct 2023 17:36:16 +0200 Subject: fix(system/services/mastodon): Correctly avoid string casts --- system/services/mastodon/default.nix | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) (limited to 'system/services/mastodon/default.nix') diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix index fee472e..39a0f56 100644 --- a/system/services/mastodon/default.nix +++ b/system/services/mastodon/default.nix @@ -10,7 +10,7 @@ in { fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; - passwordFile = "${config.age.secrets.mastodonMail.path}"; + passwordFile = config.age.secrets.mastodonMail.path; }; extraConfig = { WEB_DOMAIN = "mastodon.vhack.eu"; @@ -22,28 +22,26 @@ in { enable = true; recommendedProxySettings = true; # required for redirections to work virtualHosts = { - "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { + ${config.services.mastodon.extraConfig.WEB_DOMAIN} = { root = "${config.services.mastodon.package}/public/"; # mastodon only supports https, but you can override this if you offload tls elsewhere. forceSSL = true; enableACME = true; - locations."/system/".alias = "/var/lib/mastodon/public-system/"; - - locations."/" = { - tryFiles = "$uri @proxy"; - }; - - locations."@proxy" = { - proxyPass = "http://unix:/run/mastodon-web/web.socket"; - proxyWebsockets = true; - }; - - locations."/api/v1/streaming/" = { - proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; - proxyWebsockets = true; + locations = { + "/system/".alias = "/var/lib/mastodon/public-system/"; + "/".tryFiles = "$uri @proxy"; + "@proxy" = { + proxyPass = "http://unix:/run/mastodon-web/web.socket"; + proxyWebsockets = true; + }; + "/api/v1/streaming/" = { + proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; + proxyWebsockets = true; + }; }; }; + "vhack.eu" = { locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; }; -- cgit 1.4.1