init social.krebsco.de

2022-12-02 09:05:42 +01:00 · 2022-12-02 09:05:42 +01:00 · 645c3564f7
commit 645c3564f7
parent 2ea3b14cb5
5 changed files with 72 additions and 5 deletions
--- a/kartei/lass/default.nix
+++ b/kartei/lass/default.nix
@ -59,11 +59,12 @@ in {
      cores = 4;
      extraZones = {
        "krebsco.de" = ''
-          cache     IN A ${nets.internet.ip4.addr}
-          p         IN A ${nets.internet.ip4.addr}
-          c         IN A ${nets.internet.ip4.addr}
-          paste     IN A ${nets.internet.ip4.addr}
-          prism     IN A ${nets.internet.ip4.addr}
+          cache     60 IN A ${nets.internet.ip4.addr}
+          p         60 IN A ${nets.internet.ip4.addr}
+          c         60 IN A ${nets.internet.ip4.addr}
+          paste     60 IN A ${nets.internet.ip4.addr}
+          prism     60 IN A ${nets.internet.ip4.addr}
+          social    60 IN A ${nets.internet.ip4.addr}
        '';
        "lassul.us" = ''
          $TTL 3600
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@ -14,6 +14,7 @@
    <stockholm/krebs/2configs/mud.nix>

    <stockholm/krebs/2configs/cal.nix>
+    <stockholm/krebs/2configs/mastodon.nix>

    ## shackie irc bot
    <stockholm/krebs/2configs/shack/reaktor.nix>
--- a/krebs/2configs/mastodon-proxy.nix
+++ b/krebs/2configs/mastodon-proxy.nix
@ -0,0 +1,24 @@
+{ config, lib, pkgs, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."social.krebsco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        # TODO use this in 22.11
+        # recommendedProxySettings = true;
+        proxyPass = "http://hotdog.r";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header        Host $host;
+          proxy_set_header        X-Real-IP $remote_addr;
+          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header        X-Forwarded-Proto $scheme;
+          proxy_set_header        X-Forwarded-Host $host;
+          proxy_set_header        X-Forwarded-Server $host;
+        '';
+      };
+    };
+  };
+}
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    package = pkgs.postgresql_11;
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+
+  services.mastodon = {
+    enable = true;
+    localDomain = "social.krebsco.de";
+    configureNginx = true;
+    trustedProxy = config.krebs.hosts.prism.nets.retiolum.ip6.addr;
+    smtp.createLocally = false;
+    smtp.fromAddress = "mastodon@social.krebsco.de";
+  };
+
+  services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+    forceSSL = lib.mkForce false;
+    enableACME = lib.mkForce false;
+    locations."@proxy".extraConfig = ''
+      proxy_redirect off;
+      proxy_pass_header Server;
+      proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+  ];
+
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "tootctl" ''
+      sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+    '')
+  ];
+}
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -111,6 +111,7 @@ with import <stockholm/lib>;
    <stockholm/lass/2configs/jitsi.nix>
    <stockholm/lass/2configs/fysiirc.nix>
    <stockholm/lass/2configs/bgt-bot>
+    <stockholm/krebs/2configs/mastodon-proxy.nix>
    {
      services.tor = {
        enable = true;