From 5dde39956a2e06ecba4f8413b0f625cbbe206685 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Tue, 28 Mar 2023 21:33:44 +0300
Subject: [PATCH] feat(mastodon): Add mastodon

---
 ldap/ldap-module.nix | 26 +++++++++++++++++++++++++-
 social/mastodon.nix  | 12 ++++++++++++
 variables-module.nix | 10 ++++++++++
 variables.nix        |  4 ++++
 4 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 social/mastodon.nix

diff --git a/ldap/ldap-module.nix b/ldap/ldap-module.nix
index 42d3bb8..cac9e41 100644
--- a/ldap/ldap-module.nix
+++ b/ldap/ldap-module.nix
@@ -100,6 +100,7 @@ in
                 "gitea"
                 "nextcloud"
                 "pleroma"
+                "mastodon"
               ]);
               example = [ "gitea" ];
               default = [ ];
@@ -174,10 +175,21 @@ in
 
             ${mkUsersNamespace "users" cfg.users}
 
+            # Make a root user for some services to bind
+            dn: uid=root,ou=users,${domain}
+            objectClass: inetOrgPerson
+            cn: root
+            sn: root
+            mail: root@${domain}
+            # Password is "root"
+            userPassword: {crypt}$6$teiD8ySLE58taSvY$veZS9QRSmfBcox2JfgYH/AWv24cpHD4P7IUzFv8WgxUaio.j7Y4aqMcC4a17v3PvOdCu8vgkKAtu/jhhKjVQm0
+
+
             ${mkGroupsNamespace "users" cfg.users "groups" [
               "admin"
               "gitea"
               "nextcloud"
+              "mastodon"
             ]}
 
             # pleroma has no support for ldap filters
@@ -250,7 +262,6 @@ in
 
           # https://docs.gitea.io/en-us/command-line/#admin
           ${config.services.gitea.package}/bin/gitea admin auth $auth_command \
-            --id $ldap_id \
             --name nixos-ldap \
             --security-protocol unencrypted \
             --host 127.0.0.1 \
@@ -320,6 +331,19 @@ in
           ''}
         '';
     })
+    (lib.mkIf (config.services.mastodon.enable && cfg.enable) {
+      services.mastodon.extraConfig = {
+        LDAP_ENABLED = true;
+        LDAP_HOST = "127.0.0.1";
+        LDAP_PORT = 389;
+        LDAP_BASE = "ou=users,${domain}";
+        LDAP_BIND_DN = "uid=root,ou=users,${domain}";
+        LDAP_BIND_PASSWORD = "root";
+        LDAP_UID = "uid";
+        LDAP_MAIL = "mail";
+        LDAP_SEARCH_FILTER = "(&(objectClass=shadowAccount)(memberOf=cn=mastodon,ou=groups,${domain})(uid=%{username}))";
+      };
+    })
     (lib.mkIf (config.services.pleroma.enable && cfg.enable) {
       services.pleroma.configs = [
         ''
diff --git a/social/mastodon.nix b/social/mastodon.nix
new file mode 100644
index 0000000..46ae4c7
--- /dev/null
+++ b/social/mastodon.nix
@@ -0,0 +1,12 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.services.userdata;
+in
+{
+  services.mastodon = {
+    enable = cfg.mastodon.enable;
+    localDomain = "mastodon.${cfg.domain}";
+    configureNginx = true;
+    smtp.fromAddress = "noreply@${cfg.domain}";
+  };
+}
diff --git a/variables-module.nix b/variables-module.nix
index 4fc7ada..d171a67 100644
--- a/variables-module.nix
+++ b/variables-module.nix
@@ -175,6 +175,16 @@ in
         type = types.nullOr types.bool;
       };
     };
+    mastodon = {
+      enable = mkOption {
+        default = false;
+        type = types.nullOr types.bool;
+      };
+      location = mkOption {
+        default = "sda1";
+        type = types.nullOr types.str;
+      };
+    };
     #########
     #  SSH  #
     #########
diff --git a/variables.nix b/variables.nix
index b9a7366..137bbb4 100644
--- a/variables.nix
+++ b/variables.nix
@@ -51,6 +51,10 @@ in
     ocserv = {
       enable = lib.attrsets.attrByPath [ "ocserv" "enable" ] false jsonData;
     };
+    mastodon = {
+      enable = lib.attrsets.attrByPath [ "mastodon" "enable" ] false jsonData;
+      location = lib.attrsets.attrByPath [ "mastodon" "location" ] "sda1" jsonData;
+    };
     ssh = {
       enable = lib.attrsets.attrByPath [ "ssh" "enable" ] true jsonData;
       rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;