flake/hosts/pek0/services/mastodon.nix

110 lines
3 KiB
Nix
Raw Permalink Normal View History

2024-08-31 02:15:09 +00:00
{
lib,
pkgs,
config,
...
}:
{
2024-08-11 10:08:41 +00:00
services.mastodon = {
enable = true;
localDomain = "ny4.dev";
streamingProcesses = 1;
mediaAutoRemove.olderThanDays = 14;
# FIXME: this doesn't exist
smtp = {
createLocally = false;
fromAddress = "mastodon@ny4.dev";
};
extraConfig = rec {
SINGLE_USER_MODE = "true";
WEB_DOMAIN = "mastodon.ny4.dev";
# keycloak
OMNIAUTH_ONLY = "true";
OIDC_ENABLED = "true";
OIDC_CLIENT_ID = "mastodon";
# OIDC_CLIENT_SECRET # EnvironmentFile
OIDC_DISCOVERY = "true";
OIDC_DISPLAY_NAME = "id.ny4.dev";
OIDC_ISSUER = "https://id.ny4.dev/realms/ny4";
OIDC_REDIRECT_URI = "https://${WEB_DOMAIN}/auth/auth/openid_connect/callback";
OIDC_SCOPE = "openid,profile,email";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
OIDC_UID_FIELD = "preferred_username";
};
};
systemd.services.mastodon-web = {
environment = config.networking.proxy.envVars;
serviceConfig.EnvironmentFile = [ config.sops.secrets."mastodon/environment".path ];
2024-08-11 10:08:41 +00:00
};
systemd.services.mastodon-sidekiq-all.environment = config.networking.proxy.envVars;
2024-08-31 02:15:09 +00:00
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
2024-09-20 17:38:01 +00:00
match = lib.singleton { host = [ "mastodon.ny4.dev" ]; };
2024-08-31 02:15:09 +00:00
handle = lib.singleton {
handler = "subroute";
routes = [
{
2024-09-20 17:38:01 +00:00
match = lib.singleton { path = [ "/api/v1/streaming/*" ]; };
2024-08-31 02:15:09 +00:00
handle = lib.singleton {
handler = "reverse_proxy";
headers.request.set."X-Forwarded-Proto" = [ "https" ];
2024-09-20 17:38:01 +00:00
upstreams = lib.singleton { dial = "unix//run/mastodon-streaming/streaming-1.socket"; };
2024-08-31 02:15:09 +00:00
};
}
{
2024-09-20 17:38:01 +00:00
match = lib.singleton { path = [ "/system/*" ]; };
2024-08-31 02:15:09 +00:00
handle = [
{
handler = "rewrite";
strip_path_prefix = "/system";
}
{
handler = "file_server";
root = "/var/lib/mastodon/public-system";
}
];
}
{
handle = [
{
handler = "file_server";
root = "${pkgs.mastodon}/public";
pass_thru = true;
}
{
handler = "reverse_proxy";
headers.request.set."X-Forwarded-Proto" = [ "https" ];
2024-09-20 17:38:01 +00:00
upstreams = lib.singleton { dial = "unix//run/mastodon-web/web.socket"; };
2024-08-31 02:15:09 +00:00
}
];
}
];
};
};
services.caddy.settings.apps.http.servers.srv0.errors.routes = lib.singleton {
2024-09-20 17:38:01 +00:00
match = lib.singleton { host = [ "mastodon.ny4.dev" ]; };
2024-08-31 02:15:09 +00:00
handle = lib.singleton {
handler = "subroute";
routes = [
{
handle = lib.singleton {
handler = "rewrite";
uri = "500.html";
};
}
{
handle = lib.singleton {
handler = "file_server";
root = "${pkgs.mastodon}/public";
};
}
];
};
};
2024-08-11 10:08:41 +00:00
}