os/host/dev/seed/mastodon.nix — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

.. bootstrap sops zone attic.nix default.nix files.nix grafana.nix knot.nix mastodon.nix radicle.nix ssh.nix tor.nix victorialogs.nix

{
  config,
  lib,
  pkgs,
  secrets,
  ...
}: let
  domain = "toot.radicle.dev";

  mastodon-cleanup = pkgs.writeShellScriptBin "mastodon-cleanup" ''
    set -exuo pipefail
    cd /
    tootctl=/run/current-system/sw/bin/mastodon-tootctl
    $tootctl accounts prune
    $tootctl statuses remove --days=7
    $tootctl media remove --days=7
    $tootctl media remove --remove-headers --include-follows --days=0
    $tootctl preview_cards remove --days=7
    $tootctl media remove-orphans
  '';
in {
  services.mastodon = {
    enable = true;
    localDomain = domain;
    configureNginx = true;
    smtp.fromAddress = "mastodon@toot.radicle.dev";
    streamingProcesses = 7;
    extraEnvFiles = [config.sops.secrets.mastodon.path];
    extraConfig = {
      SINGLE_USER_MODE = "true";
      S3_ENABLED = "true";
      S3_REGION = "eu-north";
      S3_ENDPOINT = "https://hel1.your-objectstorage.com";
      S3_HOSTNAME = "hel1.your-objectstorage.com";
      S3_BUCKET = "radicle-mastodon";
    };
  };

  systemd.services.mastodon-cleanup = {
    enable = false;
    startAt = "03:28";
    wants = ["network-online.target"];
    after = ["network-online.target"];
    serviceConfig = {
      User = config.services.mastodon.user;
      Group = config.services.mastodon.group;
      ExecStart = lib.getExe mastodon-cleanup;
    };
  };

  environment.systemPackages = [mastodon-cleanup];

  sops.secrets.mastodon = {
    format = "binary";
    owner = config.services.mastodon.user;
    sopsFile = ./sops/mastodon.bin.json;
  };
}