blob: fee472e7439d8e7a1567a31c4f8d9c4e554cd318 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
{config, ...}: let
emailAddress = "mastodon@vhack.eu";
in {
services.mastodon = {
enable = true;
localDomain = "vhack.eu";
smtp = {
authenticate = true;
createLocally = false;
fromAddress = emailAddress;
user = emailAddress;
host = "server1.vhack.eu";
passwordFile = "${config.age.secrets.mastodonMail.path}";
};
extraConfig = {
WEB_DOMAIN = "mastodon.vhack.eu";
EMAIL_DOMAIN_ALLOWLIST = "vhack.eu|sils.li";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true; # required for redirections to work
virtualHosts = {
"${config.services.mastodon.extraConfig.WEB_DOMAIN}" = {
root = "${config.services.mastodon.package}/public/";
# mastodon only supports https, but you can override this if you offload tls elsewhere.
forceSSL = true;
enableACME = true;
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."/api/v1/streaming/" = {
proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket";
proxyWebsockets = true;
};
};
"vhack.eu" = {
locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri";
};
};
};
users.groups.${config.services.mastodon.group}.members = [
config.services.nginx.user
];
}
|