lor.sh/mastodon.nix

175 lines
4.9 KiB
Nix
Raw Normal View History

2023-01-09 13:13:56 +00:00
{ config, pkgs, lib, ... }:
let
secrets = import ./secrets.nix;
mastodon-source = pkgs.callPackage "${toString pkgs.path}/pkgs/servers/mastodon/source.nix" {};
2023-04-09 10:26:02 +00:00
mastodon-lor-sh = pkgs.mastodon.override {
2023-01-09 13:13:56 +00:00
srcOverride = pkgs.applyPatches {
2023-11-20 15:46:09 +00:00
version = mastodon-source.version;
yarnHash = mastodon-source.yarnHash;
2023-07-31 21:05:26 +00:00
src = pkgs.fetchFromGitHub {
2024-01-17 12:38:43 +00:00
owner = mastodon-source.owner;
repo = mastodon-source.repo;
rev = mastodon-source.rev;
hash = mastodon-source.outputHash;
2023-01-09 13:13:56 +00:00
};
2023-04-09 10:26:02 +00:00
patches = [
2023-01-09 13:13:56 +00:00
./patches/logo.patch
2023-01-10 19:50:57 +00:00
./patches/app-icon.patch
2023-01-09 13:13:56 +00:00
./patches/logo-symbol-wordmark.patch
./patches/mascot.patch
./patches/add-tango-theme.patch
./patches/add-merveilles-theme.patch
./patches/add-black-theme.patch
./patches/themes-config.patch
./patches/fix-character-limit.patch
./patches/max-toot-chars-api.patch
./patches/simple-form.patch
2023-01-12 12:31:03 +00:00
./patches/not-so-scary-500.patch
2024-01-17 12:38:43 +00:00
] ++ mastodon-source.patches;
2023-01-10 21:42:20 +00:00
postPatch = (import ./branding.nix { pkgs = pkgs; }).branding;
2023-01-09 13:13:56 +00:00
};
};
sidekiq-manager = pkgs.writers.writePython3 "sidekiq-manager" {} ''
from itertools import permutations
from subprocess import Popen
def sidekiq(queues, connections=16):
mastodon = "${mastodon-lor-sh}"
cmd = [f"{mastodon}/bin/sidekiq", "-r", mastodon]
cmd += ["-c", f"{connections}"]
for q in queues:
cmd += ['-q', q]
return Popen(cmd)
procs = [sidekiq(['mailers', 'pull'])]
queues = ['default', 'push', 'ingress']
procs += [sidekiq(qs) for qs in permutations(queues)]
p = sidekiq([])
p.wait()
'';
2023-01-11 13:24:38 +00:00
s3cmd = pkgs.writeShellScript "s3cmd" ''
${pkgs.s3cmd}/bin/s3cmd \
--access_key='${secrets.backup.accessKey}' \
--secret_key='${secrets.backup.secretKey}' \
--host='${secrets.backup.host}' \
--host-bucket='${secrets.backup.hostBucket}' \
$@
'';
2023-01-12 12:19:13 +00:00
2023-01-11 13:24:38 +00:00
bucket = secrets.backup.bucket;
2023-01-12 12:19:13 +00:00
domainName = "lor.sh";
2023-01-09 13:13:56 +00:00
in {
2023-01-09 22:41:57 +00:00
services.postgresqlBackup = {
enable = true;
databases = [ "mastodon" ];
2023-01-11 13:24:38 +00:00
compression = "gzip";
2023-01-09 22:41:57 +00:00
};
2023-01-11 13:24:38 +00:00
systemd.services.postgresqlBackup-mastodon.serviceConfig.ExecStartPost =
pkgs.writeShellScript "backup-to-s3" ''
cd /var/backup/postgresql
${pkgs.gnupg}/bin/gpg --batch --passphrase '${secrets.backup.password}' \
--symmetric mastodon.sql.gz
${s3cmd} rm ${bucket}/mastodon.prev.sql.gz.gpg
${s3cmd} mv ${bucket}/mastodon.sql.gz.gpg ${bucket}/mastodon.prev.sql.gz.gpg
${s3cmd} put mastodon.sql.gz.gpg ${bucket}/
rm mastodon.sql.gz.gpg
'';
systemd.services.mastodon-sidekiq-all.serviceConfig.ExecStart =
lib.mkForce "${sidekiq-manager}";
2023-01-09 13:13:56 +00:00
# https://github.com/mperham/sidekiq/wiki/Memory#bloat
systemd.services.mastodon-sidekiq-all.environment.MALLOC_ARENA_MAX = "2";
2023-01-09 13:13:56 +00:00
2023-01-12 12:19:13 +00:00
services.caddy = {
enable = true;
virtualHosts."${domainName}".extraConfig = ''
root * ${mastodon-lor-sh}/public
encode gzip
@static file
handle @static {
file_server
}
handle /api/v1/streaming* {
2024-01-06 21:54:36 +00:00
reverse_proxy unix//run/mastodon-streaming/streaming-1.socket
2023-01-12 12:19:13 +00:00
}
handle {
reverse_proxy unix//run/mastodon-web/web.socket
}
header {
Strict-Transport-Security "max-age=31536000;"
}
@5xx expression `{err.status_code} >= 500 && {err.status_code} < 600`
handle_errors {
rewrite @5xx /500.html
file_server
}
'';
};
users.users.caddy.extraGroups = [ "mastodon" ];
2023-01-09 13:13:56 +00:00
services.mastodon = {
enable = true;
package = mastodon-lor-sh;
2023-01-12 12:19:13 +00:00
localDomain = "${domainName}";
configureNginx = false;
2023-01-09 13:13:56 +00:00
2023-11-20 15:46:24 +00:00
streamingProcesses = 8;
2023-01-09 13:13:56 +00:00
smtp = {
createLocally = false;
authenticate = true;
host = "smtp.eu.mailgun.org";
port = 587;
2023-01-12 12:19:13 +00:00
fromAddress = "Mastodon <mastodon@m.${domainName}>";
user = "mastodon@m.${domainName}";
2023-01-09 13:13:56 +00:00
passwordFile = builtins.toFile "smtp-password" secrets.smtpPassword;
};
vapidPublicKeyFile = builtins.toFile "vapidPublicKey" secrets.vapidPublicKey;
secretKeyBaseFile = builtins.toFile "secretKeyBase" secrets.secretKeyBase;
otpSecretFile = builtins.toFile "otpSecret" secrets.otpSecret;
vapidPrivateKeyFile = builtins.toFile "vapidPrivateKey" secrets.vapidPrivateKey;
extraConfig = {
S3_ENABLED = "true";
S3_PROTOCOL = "https";
S3_BUCKET = "lor-sh";
S3_REGION = "eu-central-1";
S3_HOSTNAME = "s3.eu-central-1.wasabisys.com";
S3_ENDPOINT = "https://s3.eu-central-1.wasabisys.com/lor-sh";
S3_ALIAS_HOST = "s3.eu-central-1.wasabisys.com/lor-sh/lor-sh";
AWS_ACCESS_KEY_ID = secrets.AWS_ACCESS_KEY_ID;
AWS_SECRET_ACCESS_KEY = secrets.AWS_SECRET_ACCESS_KEY;
DEEPL_API_KEY = secrets.DEEPL_API_KEY;
DEEPL_PLAN = "pro";
};
};
}