{ config, pkgs, ... }: let emailAddress = "mastodon@vhack.eu"; applyPatches = pkg: pkg.overrideAttrs (attrs: { patches = (attrs.patches or []) ++ [./patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch]; }); in { vhack.persist.directories = [ { directory = "/var/lib/mastodon"; user = "mastodon"; group = "mastodon"; mode = "0700"; } ]; services.mastodon = { enable = true; package = applyPatches pkgs.mastodon; # Unstable Mastodon package, used if # security updates aren't backported. #package = applyPatches pkgs-unstable.mastodon; localDomain = "vhack.eu"; smtp = { authenticate = true; createLocally = false; fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; passwordFile = config.age.secrets.mastodonMail.path; }; streamingProcesses = 5; # Number of Cores - 1 extraConfig = { WEB_DOMAIN = "mastodon.vhack.eu"; EMAIL_DOMAIN_ALLOWLIST = "vhack.eu|sils.li"; }; }; services.nginx = { enable = true; recommendedProxySettings = true; # required for redirections to work virtualHosts = { ${config.services.mastodon.extraConfig.WEB_DOMAIN} = { root = "${config.services.mastodon.package}/public/"; # mastodon only supports https, but you can override this if you offload tls elsewhere. forceSSL = true; enableACME = true; locations = { "/system/".alias = "/var/lib/mastodon/public-system/"; "/".tryFiles = "$uri @proxy"; "@proxy" = { proxyPass = "http://unix:/run/mastodon-web/web.socket"; proxyWebsockets = true; }; "/api/v1/streaming/" = { proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; proxyWebsockets = true; }; }; }; "vhack.eu" = { locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; }; }; }; users.groups.${config.services.mastodon.group}.members = [ config.services.nginx.user ]; }