{config, ...}: let emailAddress = "mastodon@vhack.eu"; in { services.mastodon = { enable = true; localDomain = "vhack.eu"; smtp = { authenticate = true; createLocally = false; fromAddress = emailAddress; user = emailAddress; host = "server1.vhack.eu"; passwordFile = "${config.age.secrets.mastodonMail.path}"; }; extraConfig.WEB_DOMAIN = "mastodon.vhack.eu"; }; services.nginx = { enable = true; recommendedProxySettings = true; # required for redirections to work virtualHosts = { "${config.services.mastodon.extraConfig.WEB_DOMAIN}" = { root = "${config.services.mastodon.package}/public/"; # mastodon only supports https, but you can override this if you offload tls elsewhere. forceSSL = true; enableACME = true; locations."/system/".alias = "/var/lib/mastodon/public-system/"; locations."/" = { tryFiles = "$uri @proxy"; }; locations."@proxy" = { proxyPass = "http://unix:/run/mastodon-web/web.socket"; proxyWebsockets = true; }; locations."/api/v1/streaming/" = { proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; proxyWebsockets = true; }; }; "vhack.eu" = { locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; }; }; }; }