Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-25 21:30:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(gustave): init mastodon

Browse source
This commit is contained in:
Julien Malka 2025-01-10 02:33:09 +01:00
parent dd163b483e
commit 0bc6dc0ce8
Signed by: Luj
GPG key ID: 6FC74C847011FD83
5 changed files with 73 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
machines/biblios/garage.nix
View file

@ -21,6 +21,12 @@ in
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = ".${api_domain}"; root_domain = ".${api_domain}";
}; };
s3_web = {
bind_addr = "127.0.0.1:3902";
root_domain = ".cdn.luj.fr";
index = "index.html";
};
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
rpc_public_addr = "127.0.0.1:3901"; rpc_public_addr = "127.0.0.1:3901";
@ -43,4 +49,23 @@ in
''; '';
}; };
}; };
services.nginx.virtualHosts."cdn.luj.fr" = {
enableACME = true;
forceSSL = true;
serverAliases = [ "cdn.social.luj.fr" ];
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:3902;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';
};
machine.meta.zones."luj.fr".subdomains."social".subdomains."cdn".A = [
config.machine.meta.ips.public.ipv4
];
machine.meta.zones."luj.fr".subdomains."social".subdomains."cdn".AAAA = [
config.machine.meta.ips.public.ipv6
];
} }

1
machines/gustave/default.nix
View file

@ -15,6 +15,7 @@
./readeck.nix ./readeck.nix
./plausible.nix ./plausible.nix
./nextcloud.nix ./nextcloud.nix
./mastodon.nix
]; ];
machine.meta = { machine.meta = {

41
machines/gustave/mastodon.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, ... }:
{
age.secrets."mastodon-env".file = ../../secrets/mastodon-env.age;
services.mastodon = {
enable = true;
localDomain = "social.luj.fr";
configureNginx = true;
extraConfig.SINGLE_USER_MODE = "true";
streamingProcesses = 10;
extraConfig = {
OIDC_ENABLED = "true";
OIDC_DISPLAY_NAME = "Luj - SSO";
OIDC_DISCOVERY = "true";
OIDC_ISSUER = "https://auth.luj.fr/oauth2/openid/mastodon";
OIDC_SCOPE = "openid,profile,email";
OIDC_UID_FIELD = "email";
OIDC_CLIENT_ID = "mastodon";
OIDC_REDIRECT_URI = "https://social.luj.fr/auth/auth/openid_connect/callback";
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
ONE_CLICK_SSO_LOGIN = "true";
# S3
S3_ENABLED = "true";
S3_BUCKET = "mastodon";
S3_REGION = "paris";
S3_ENDPOINT = "https://s3.luj.fr";
S3_HOSTNAME = "s3.luj.fr";
S3_ALIAS_HOST = "cdn.social.luj.fr";
SMTP_SERVER = "mail.luj.fr";
SMTP_PORT = "587";
SMTP_FROM_ADDRESS = "infra@luj.fr";
SMTP_LOGIN = "luj";
};
extraEnvFiles = [ config.age.secrets."mastodon-env".path ];
};
}

BIN
secrets/mastodon-env.age Normal file
View file

Binary file not shown.

6
secrets/secrets.nix
View file

@ -168,4 +168,10 @@ in
gustave gustave
]; ];
"mastodon-env.age".publicKeys = [
tower
gallifrey
gustave
];
} }