{ pkgs, ... }: let tangerineUI = pkgs.fetchgit { url = "https://github.com/nileane/TangerineUI-for-Mastodon.git"; rev = "v2.2"; hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ="; }; mastodonNekoversePatches = pkgs.fetchgit { url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU="; }; mastodonNekoverseOverlay = final: prev: { mastodon = (prev.mastodon.override rec { version = "4.3.1"; srcOverride = final.applyPatches { src = pkgs.stdenv.mkDerivation { name = "mastodonWithThemes"; src = pkgs.fetchgit { url = "https://github.com/mastodon/mastodon.git"; rev = "v${version}"; sha256 = "sha256-JlpQGyVPTLcB3RcWMBrmYc1AAUT1JLfS4IDas9ZoWh4="; }; installPhase = '' cp -r ./ $out/ cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/ echo "tangerineui: styles/tangerineui.scss tangerineui-purple: styles/tangerineui-purple.scss tangerineui-cherry: styles/tangerineui-cherry.scss tangerineui-lagoon: styles/tangerineui-lagoon.scss" >> $out/config/themes.yml ''; }; patches = [ "${mastodonNekoversePatches}/patches/001_increase_image_dimensions_limit.patch" "${mastodonNekoversePatches}/patches/002_disable_image_reprocessing.patch" "${mastodonNekoversePatches}/patches/003_make_toot_cute.patch" "${mastodonNekoversePatches}/patches/004_improve_custom_emoji_support.patch" "${mastodonNekoversePatches}/patches/005_increase_profile_limits.patch" "${mastodonNekoversePatches}/patches/006_increase_toot_character_limit.patch" ]; }; yarnHash = "sha256-e5c04M6XplAgaVyldU5HmYMYtY3MAWs+a8Z/BGSyGBg="; }); }; pkgs-overlay = pkgs.extend mastodonNekoverseOverlay; vapidPublicKey = pkgs.writeText "vapid-public-key" "BDCbFEDCZ8eFuWr3uEq4Qc30UFZUQeNpF8OCw6OjPwAtaKS1yTM3Ue749Xjqy5WhBDjakzlixh4Gk7gluUhIdsU="; in { services.mastodon = { enable = true; package = pkgs-overlay.mastodon; localDomain = "social.nekover.se"; secretKeyBaseFile = "/secrets/mastodon-secret-key-base.secret"; otpSecretFile = "/secrets/mastodon-otp-secret.secret"; vapidPublicKeyFile = "${vapidPublicKey}"; vapidPrivateKeyFile = "/secrets/mastodon-vapid-private-key.secret"; smtp = { authenticate = true; host = "mail-1.grzb.de"; port = 465; user = "social@nekover.se"; passwordFile = "/secrets/mastodon-email-smtp-pass.secret"; fromAddress = "Nekoverse "; }; streamingProcesses = 3; activeRecordEncryptionPrimaryKeyFile = "/secrets/mastodon-active-record-encryption-primary-key.secret"; activeRecordEncryptionKeyDerivationSaltFile = "/secrets/mastodon-active-record-encryption-key-derivation-salt.secret"; activeRecordEncryptionDeterministicKeyFile = "/secrets/mastodon-active-record-encryption-deterministic-key.secret"; extraConfig = { SMTP_TLS = "true"; ES_PRESET = "single_node_cluster"; OIDC_CLIENT_ID = "mastodon"; OIDC_ENABLED = "true"; OMNIAUTH_ONLY = "false"; OIDC_DISPLAY_NAME = "Login with Nekoverse ID"; OIDC_ISSUER = "https://id.nekover.se/realms/nekoverse"; OIDC_DISCOVERY = "true"; OIDC_SCOPE = "openid,profile,email"; OIDC_UID_FIELD = "preferred_username"; OIDC_REDIRECT_URI = "https://social.nekover.se/auth/auth/openid_connect/callback"; OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED = "true"; OIDC_END_SESSION_ENDPOINT = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/logout"; }; extraEnvFiles = [ "/secrets/mastodon-keycloak-client-secret.secret" ]; elasticsearch.host = "127.0.0.1"; }; }