nix-infra/config/hosts/mastodon/mastodon.nix

{ pkgs, nixpkgs-unstable, ... }:
let
  mastodonNekoversePatches = pkgs.fetchgit {
    url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
    hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o=";
  };
  mastodonNekoverseOverlay = final: prev: {
    mastodon = (prev.mastodon.override rec {
      version = "4.2.13";
      srcOverride = final.applyPatches {
        src = final.fetchgit {
          url = "https://github.com/mastodon/mastodon.git";
          rev = "v${version}";
          sha256 = "sha256-+HGu02fjYJ1x6Tk9AdqmFN7JHk3UnlvCdiQ/5yMu69M=";
        };
        patches = [
          "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch"
          "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch"
          "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch"
          "${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch"
          "${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch"
          "${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch"
        ];
      };
      yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE=";
    });
  };
  pkgs-overlay = nixpkgs-unstable.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay;
  vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU=";
in
{
  services.mastodon = {
    enable = true;
    package = pkgs-overlay.mastodon;
    localDomain = "social.nekover.se";
    secretKeyBaseFile = "/secrets/mastodon-secret-key-base.secret";
    otpSecretFile = "/secrets/mastodon-otp-secret.secret";
    vapidPublicKeyFile = "${vapidPublicKey}";
    vapidPrivateKeyFile = "/secrets/mastodon-vapid-private-key.secret";
    smtp = {
      authenticate = true;
      host = "mail-1.grzb.de";
      port = 465;
      user = "social@nekover.se";
      passwordFile = "/secrets/mastodon-email-smtp-pass.secret";
      fromAddress = "Nekoverse <nyareply@nekover.se>";
    };
    streamingProcesses = 3;
    extraConfig = {
      SMTP_TLS = "true";
      ES_PRESET = "single_node_cluster";
      OIDC_CLIENT_ID = "mastodon";
      OIDC_ENABLED = "true";
      OMNIAUTH_ONLY = "false";
      OIDC_DISPLAY_NAME = "Login with Nekoverse ID";
      OIDC_ISSUER = "https://id.nekover.se/realms/nekoverse";
      OIDC_DISCOVERY = "true";
      OIDC_SCOPE = "openid,profile,email";
      OIDC_UID_FIELD = "preferred_username";
      OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback";
      OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";
      OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout";
    };
    extraEnvFiles = [
      "/secrets/mastodon-keycloak-client-secret.secret"
    ];
    elasticsearch.host = "127.0.0.1";
  };
}
Update valkyrie IP 2024-08-12 20:14:13 +02:00			`{ pkgs, nixpkgs-unstable, ... }:`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`let`
			`mastodonNekoversePatches = pkgs.fetchgit {`
			`url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";`
Patch mastodon for longer profile descriptions 2024-03-08 01:22:37 +01:00			`hash = "sha256-Fcbuj5BGkQd3X/gViqqB+NRIvjUlUED32tNEJrzYh5o=";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`};`
			`mastodonNekoverseOverlay = final: prev: {`
			`mastodon = (prev.mastodon.override rec {`
Update mastodon to 4.2.13 2024-10-04 16:03:21 +02:00			`version = "4.2.13";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`srcOverride = final.applyPatches {`
			`src = final.fetchgit {`
			`url = "https://github.com/mastodon/mastodon.git";`
			`rev = "v${version}";`
Update mastodon to 4.2.13 2024-10-04 16:03:21 +02:00			`sha256 = "sha256-+HGu02fjYJ1x6Tk9AdqmFN7JHk3UnlvCdiQ/5yMu69M=";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`};`
			`patches = [`
			`"${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch"`
update mastodon to 4.2.3 and enable disable image processing patch 2023-12-16 00:22:59 +01:00			`"${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch"`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`"${mastodonNekoversePatches}/patches/003_make_toot_cute.patch"`
			`"${mastodonNekoversePatches}/patches/005_improve_custom_emoji_support.patch"`
Patch mastodon for longer profile descriptions 2024-03-08 01:22:37 +01:00			`"${mastodonNekoversePatches}/patches/006_increase_profile_limits.patch"`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`"${mastodonNekoversePatches}/patches/007_increase_toot_character_limit.patch"`
			`];`
			`};`
Update mastodon to v4.2.1 2023-11-20 23:16:20 +01:00			`yarnHash = "sha256-qoLesubmSvRsXhKwMEWHHXcpcqRszqcdZgHQqnTpNPE=";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`});`
			`};`
Update valkyrie IP 2024-08-12 20:14:13 +02:00			`pkgs-overlay = nixpkgs-unstable.legacyPackages."x86_64-linux".extend mastodonNekoverseOverlay;`
Add vapid public key 2023-11-15 12:18:23 +01:00			`vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU=";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`in`
			`{`
			`services.mastodon = {`
			`enable = true;`
			`package = pkgs-overlay.mastodon;`
			`localDomain = "social.nekover.se";`
			`secretKeyBaseFile = "/secrets/mastodon-secret-key-base.secret";`
			`otpSecretFile = "/secrets/mastodon-otp-secret.secret";`
Add vapid public key 2023-11-15 12:18:23 +01:00			`vapidPublicKeyFile = "${vapidPublicKey}";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`vapidPrivateKeyFile = "/secrets/mastodon-vapid-private-key.secret";`
			`smtp = {`
			`authenticate = true;`
			`host = "mail-1.grzb.de";`
			`port = 465;`
			`user = "social@nekover.se";`
			`passwordFile = "/secrets/mastodon-email-smtp-pass.secret";`
			`fromAddress = "Nekoverse <nyareply@nekover.se>";`
			`};`
Update mastodon to v4.2.1 2023-11-20 23:16:20 +01:00			`streamingProcesses = 3;`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`extraConfig = {`
			`SMTP_TLS = "true";`
			`ES_PRESET = "single_node_cluster";`
Enable SSO with keycloak for mastodon 2024-01-19 12:16:42 +01:00			`OIDC_CLIENT_ID = "mastodon";`
			`OIDC_ENABLED = "true";`
			`OMNIAUTH_ONLY = "false";`
			`OIDC_DISPLAY_NAME = "Login with Nekoverse ID";`
			`OIDC_ISSUER = "https://id.nekover.se/realms/nekoverse";`
			`OIDC_DISCOVERY = "true";`
			`OIDC_SCOPE = "openid,profile,email";`
			`OIDC_UID_FIELD = "preferred_username";`
			`OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback";`
			`OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true";`
			`OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout";`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`};`
Enable SSO with keycloak for mastodon 2024-01-19 12:16:42 +01:00			`extraEnvFiles = [`
			`"/secrets/mastodon-keycloak-client-secret.secret"`
			`];`
Migrate Mastodon to NixOS 2023-10-10 04:14:29 +02:00			`elasticsearch.host = "127.0.0.1";`
			`};`
			`}`