fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add mastodon active record encryption secrets

Browse source
This commit is contained in:
Fiona Grzebien 2024-10-29 16:22:12 +01:00
parent b9852f3bfd
commit 755d92bb96
3 changed files with 28 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/hosts/mastodon/mastodon.nix
View file

@ -46,6 +46,9 @@ in
fromAddress = "Nekoverse <nyareply@nekover.se>";
};
streamingProcesses = 3;
activeRecordEncryptionPrimaryKeyFile = "/secrets/mastodon-active-record-encryption-primary-key.secret";
activeRecordEncryptionKeyDerivationSaltFile = "/secrets/mastodon-active-record-encryption-key-derivation-salt.secret";
activeRecordEncryptionDeterministicKeyFile = "/secrets/mastodon-active-record-encryption-deterministic-key.secret";
extraConfig = {
SMTP_TLS = "true";
ES_PRESET = "single_node_cluster";

24
config/hosts/mastodon/secrets.nix
View file

@ -41,5 +41,29 @@
permissions = "0640";
uploadAt = "pre-activation";
};
"mastodon-active-record-encryption-primary-key.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/active-record-encryption-primary-key" ];
destDir = "/secrets";
user = "mastodon";
group = "mastodon";
permissions = "0640";
uploadAt = "pre-activation";
};
"mastodon-active-record-encryption-key-derivation-salt.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/active-record-encryption-key-derivation-salt" ];
destDir = "/secrets";
user = "mastodon";
group = "mastodon";
permissions = "0640";
uploadAt = "pre-activation";
};
"mastodon-active-record-encryption-deterministic-key.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mastodon/active-record-encryption-deterministic-key" ];
destDir = "/secrets";
user = "mastodon";
group = "mastodon";
permissions = "0640";
uploadAt = "pre-activation";
};
};
}

1
hosts.nix
View file

@ -65,6 +65,7 @@ in
environment = "proxmox";
};
mastodon = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
environment = "proxmox";
};