Radish alpha
r
radicle-infra
rad:z254T5p17bdFPmzfDojsdjo4HjpoZ
Radicle Infrastructure as Code (NixOS, OpenTofu, …)
Radicle
Git
Commits c136bd3
os/dev/seed/mastodon: init
Lorenz Leutgeb committed 4 days ago
commit c136bd38fb4666ddad8adb86963e7d2c0051f713
parent 0cfcc4f
4 files changed +86 -4
modified dns/dnsconfig.js
@@ -114,10 +114,6 @@ D("radicle.dev", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
    CNAME("docs", "radicle.dev."),

    CNAME("www", "radicle.dev."),
-
- 
    CNAME("toot", "vip.masto.host."),
-
- 


    // Migadu

    MX("@", 10, "aspmx1.migadu.com."),

    MX("@", 20, "aspmx2.migadu.com."),
@@ -161,6 +157,7 @@ D("radicle.dev", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
    ALIAS("logs", "seed"),

    ALIAS("loki", "seed"),

    ALIAS("metrics", "seed"),
+ 
    ALIAS("toot", "seed", CF_PROXY_ON),

    ALIAS("vault", "seed"),



    PTR("_radicle-node._tcp", "seed._radicle-node._tcp.radicle.dev."),
modified os/host/dev/seed/default.nix
@@ -17,6 +17,7 @@


    ./attic.nix

    ./knot.nix
+ 
    ./mastodon.nix

    ./ssh.nix

    ./tor.nix

    ./radicle.nix
added os/host/dev/seed/mastodon.nix
@@ -0,0 +1,58 @@
+ 
{
+ 
  config,
+ 
  lib,
+ 
  pkgs,
+ 
  secrets,
+ 
  ...
+ 
}: let
+ 
  domain = "toot.radicle.dev";
+
+ 
  mastodon-cleanup = pkgs.writeShellScriptBin "mastodon-cleanup" ''
+ 
    set -exuo pipefail
+ 
    cd /
+ 
    tootctl=/run/current-system/sw/bin/mastodon-tootctl
+ 
    $tootctl accounts prune
+ 
    $tootctl statuses remove --days=7
+ 
    $tootctl media remove --days=7
+ 
    $tootctl media remove --remove-headers --include-follows --days=0
+ 
    $tootctl preview_cards remove --days=7
+ 
    $tootctl media remove-orphans
+ 
  '';
+ 
in {
+ 
  services.mastodon = {
+ 
    enable = true;
+ 
    localDomain = domain;
+ 
    configureNginx = true;
+ 
    smtp.fromAddress = "mastodon@toot.radicle.dev";
+ 
    streamingProcesses = 7;
+ 
    extraEnvFiles = [config.sops.secrets.mastodon.path];
+ 
    extraConfig = {
+ 
      SINGLE_USER_MODE = "true";
+ 
      S3_ENABLED = "true";
+ 
      S3_REGION = "eu-north";
+ 
      S3_ENDPOINT = "https://hel1.your-objectstorage.com";
+ 
      S3_HOSTNAME = "hel1.your-objectstorage.com";
+ 
      S3_BUCKET = "radicle-mastodon";
+ 
    };
+ 
  };
+
+ 
  systemd.services.mastodon-cleanup = {
+ 
    enable = false;
+ 
    startAt = "03:28";
+ 
    wants = ["network-online.target"];
+ 
    after = ["network-online.target"];
+ 
    serviceConfig = {
+ 
      User = config.services.mastodon.user;
+ 
      Group = config.services.mastodon.group;
+ 
      ExecStart = lib.getExe mastodon-cleanup;
+ 
    };
+ 
  };
+
+ 
  environment.systemPackages = [mastodon-cleanup];
+
+ 
  sops.secrets.mastodon = {
+ 
    format = "binary";
+ 
    owner = config.services.mastodon.user;
+ 
    sopsFile = ./sops/mastodon.bin.json;
+ 
  };
+ 
}
added os/host/dev/seed/sops/mastodon.bin.json
@@ -0,0 +1,26 @@
+ 
{
+ 
	"data": "ENC[AES256_GCM,data:dBgdZT1TYJqnbwL2P4tjnbbvUlWsUurceI8Fr9DRuvvDcVs14GihPUaPqtDW32piq+g7McAJVS9bs8ZUIRERztOZw1eUrYApjjvJM1M5acll/msj0GhyUh1lwW/twLLlnGxq8aJe,iv:BSx/1oTz7v2e8CBiymZsNVJykr8ByDyVe8IBaXBp7Ks=,tag:tu927RW40k7fKl6FCspIhg==,type:str]",
+ 
	"sops": {
+ 
		"age": [
+ 
			{
+ 
				"recipient": "age1c0g6s6daxy79dlm9uqczwlkh0hvjpghw5h8zzljc3vs275rvvqus30hv9l",
+ 
				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBENHFHSXAzK2JZY3VyQ3Vz\nVEFUS2hSOHc1RGRNaTdFSGtZdk1oZmR6VzE0CnU1clcxV1paV21xVXczSW1NdUxn\nVzMzSUlLa2cwV2xFYmdSdDd0bFRrUkUKLS0tIHpBY243ejEvVXlQWUFOUXJUSXZ4\nL2dFYmJWSzdRcFdKNjZaSi9tUHBOdzQKua+qSw+pW5W1xVFlM2uJM/8O8FDf1wtz\n6L6Okk8K4lk7d8aE7ZJ101nRecsPriWdV1l6xHrNlqRYGhk6RelDsg==\n-----END AGE ENCRYPTED FILE-----\n"
+ 
			},
+ 
			{
+ 
				"recipient": "age15fd8ljdtzkphz3gf9ezpz58u5fhc7260h68nn32znn4m00ank45skd3luy",
+ 
				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGeTFQUlNLV0xscTBKUk9B\nYXdlWGpieGpqZExOL2ZYOTNJaUNaT2w4YkFnCnUwL1ljZE0wZ0wybGwwaTErazl1\nZ2V0MVpJNENCSFdwSlRMSjJzUnhJWXcKLS0tIGltTFpRMHJmWjNxMGpyZ05vK0k0\naFZjWWhRay9SM0czMGloYzZ1M29oUnMK8jA3Z5Ap3ts2VxJXg30R5YHtAwb3DEfF\npYFxjoR5Y3YYsIXHE+U9NfNIHdzDM1gF56W1wrHcUiwU5GXXlxhcHw==\n-----END AGE ENCRYPTED FILE-----\n"
+ 
			},
+ 
			{
+ 
				"recipient": "age1kygyyrr6m43lgmy8pq57nc0jfmzr38uv8p5udg956p39ghs4qvnsdzs6nm",
+ 
				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRjdlY2ZRbi8wYTdQWE9D\nYmZSU0JTY3Ruakc4aHR3V3ZIb0Vlcmdkc0JvCnNCcVd5bkdOS2xHM1lIbkNmUUtx\nMUxBbTB4TGh3N0FqMlBSU0gweWMrSVEKLS0tIHowMlBiVHhyd3paa3lhVmcxVUNy\nYVZvc2hmZkxicVM4VzJZNi9DWm9oSzAKRfZlbhFYse+Tj+JVDqajuKsCxCPkhTTJ\nWJqUnhffztTPksyUznQoT3Te58SjeoRFokFu62poPDAYW13C2cqoQQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ 
			},
+ 
			{
+ 
				"recipient": "age1jemy54kqt4xgglg5f3g3sda5tndsqhjynvdugpy0yknefnw69u7qwymfj4",
+ 
				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMm00NnhLNjZzL0dST05h\nSmsrY1lHWk1Hc0F2Mk9aaEtKSFZnbGg1dFdRCmVBYjllcVRpL20wY3BLSHpwWExj\nRFNPWW9ReFFUR3VjcTZUdnZhd0FocGMKLS0tIExSTU1PUlVHbGpDSDU4NEtBdGFt\ncS9RTm5yNEpCSWZnb1duK3FlM2tQNzgKC9GGcyFy1S8P7cCCt3iBahRAl/TN9Ab7\nZ6ehdl7zjM/yNpZvG7c699XODq1QYHdUG1ZJTGZbzHBV+Z9UfbOiRA==\n-----END AGE ENCRYPTED FILE-----\n"
+ 
			}
+ 
		],
+ 
		"lastmodified": "2026-04-26T11:57:32Z",
+ 
		"mac": "ENC[AES256_GCM,data:ncRihpOCEdjjfAUQydxh6nFB5xI+jOoI7EZna2Vn7t40lilMrOxphsot7MZuwQr4nq5IuTw5FtAbIAWmh+7w6h6EOaIk2G35OqF3EGwcvw9etAScpPm5waf4EQ9s7mSfPopZXTmmjzRHwHFysjcAVUri60P+BXUaLpmh5y6Lxmc=,iv:Q+antQRSWzONneZ7Hz0JN+WhEaAbvpx0c00n2XjYvXI=,tag:IuWTvBmFqCthfm0tJwgmDA==,type:str]",
+ 
		"version": "3.12.1"
+ 
	}
+ 
}