feat(mastodon): Add mastodon

2023-03-28 21:33:44 +03:00 · 2023-03-28 21:33:44 +03:00 · 5dde39956a
parent 82578e3531
commit 5dde39956a
4 changed files with 51 additions and 1 deletions
--- a/ldap/ldap-module.nix
+++ b/ldap/ldap-module.nix
@ -100,6 +100,7 @@ in
                "gitea"
                "nextcloud"
                "pleroma"
+                "mastodon"
              ]);
              example = [ "gitea" ];
              default = [ ];
@ -174,10 +175,21 @@ in

            ${mkUsersNamespace "users" cfg.users}

+            # Make a root user for some services to bind
+            dn: uid=root,ou=users,${domain}
+            objectClass: inetOrgPerson
+            cn: root
+            sn: root
+            mail: root@${domain}
+            # Password is "root"
+            userPassword: {crypt}$6$teiD8ySLE58taSvY$veZS9QRSmfBcox2JfgYH/AWv24cpHD4P7IUzFv8WgxUaio.j7Y4aqMcC4a17v3PvOdCu8vgkKAtu/jhhKjVQm0
+
+
            ${mkGroupsNamespace "users" cfg.users "groups" [
              "admin"
              "gitea"
              "nextcloud"
+              "mastodon"
            ]}

            # pleroma has no support for ldap filters
@ -250,7 +262,6 @@ in

          # https://docs.gitea.io/en-us/command-line/#admin
          ${config.services.gitea.package}/bin/gitea admin auth $auth_command \
-            --id $ldap_id \
            --name nixos-ldap \
            --security-protocol unencrypted \
            --host 127.0.0.1 \
@ -320,6 +331,19 @@ in
          ''}
        '';
    })
+    (lib.mkIf (config.services.mastodon.enable && cfg.enable) {
+      services.mastodon.extraConfig = {
+        LDAP_ENABLED = true;
+        LDAP_HOST = "127.0.0.1";
+        LDAP_PORT = 389;
+        LDAP_BASE = "ou=users,${domain}";
+        LDAP_BIND_DN = "uid=root,ou=users,${domain}";
+        LDAP_BIND_PASSWORD = "root";
+        LDAP_UID = "uid";
+        LDAP_MAIL = "mail";
+        LDAP_SEARCH_FILTER = "(&(objectClass=shadowAccount)(memberOf=cn=mastodon,ou=groups,${domain})(uid=%{username}))";
+      };
+    })
    (lib.mkIf (config.services.pleroma.enable && cfg.enable) {
      services.pleroma.configs = [
        ''
--- a/social/mastodon.nix
+++ b/social/mastodon.nix
@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.services.userdata;
+in
+{
+  services.mastodon = {
+    enable = cfg.mastodon.enable;
+    localDomain = "mastodon.${cfg.domain}";
+    configureNginx = true;
+    smtp.fromAddress = "noreply@${cfg.domain}";
+  };
+}
--- a/variables-module.nix
+++ b/variables-module.nix
@ -175,6 +175,16 @@ in
        type = types.nullOr types.bool;
      };
    };
+    mastodon = {
+      enable = mkOption {
+        default = false;
+        type = types.nullOr types.bool;
+      };
+      location = mkOption {
+        default = "sda1";
+        type = types.nullOr types.str;
+      };
+    };
    #########
    #  SSH  #
    #########
--- a/variables.nix
+++ b/variables.nix
@ -51,6 +51,10 @@ in
    ocserv = {
      enable = lib.attrsets.attrByPath [ "ocserv" "enable" ] false jsonData;
    };
+    mastodon = {
+      enable = lib.attrsets.attrByPath [ "mastodon" "enable" ] false jsonData;
+      location = lib.attrsets.attrByPath [ "mastodon" "location" ] "sda1" jsonData;
+    };
    ssh = {
      enable = lib.attrsets.attrByPath [ "ssh" "enable" ] true jsonData;
      rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;