From 74b611ded7185e1f2aa17d57cd5212408dd69d3f Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Wed, 8 Apr 2020 12:49:45 +0200
Subject: [PATCH] mastodon: init

---
 systems/LoutreOS/hardware-configuration.nix |  5 +++
 systems/LoutreOS/web.nix                    | 43 +++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/systems/LoutreOS/hardware-configuration.nix b/systems/LoutreOS/hardware-configuration.nix
index 72279d0..712bb63 100644
--- a/systems/LoutreOS/hardware-configuration.nix
+++ b/systems/LoutreOS/hardware-configuration.nix
@@ -147,6 +147,11 @@
       fsType = "zfs";
     };
 
+  fileSystems."/var/lib/mastodon" =
+    { device = "loutrepool/var/mastodon";
+      fsType = "zfs";
+    };
+
   swapDevices =
     [
       {
diff --git a/systems/LoutreOS/web.nix b/systems/LoutreOS/web.nix
index 9a4ee8e..8d7ca3e 100644
--- a/systems/LoutreOS/web.nix
+++ b/systems/LoutreOS/web.nix
@@ -191,6 +191,34 @@ in
             root = "/run/python-ci/nyanloutre/site-max";
           };
         };
+        "social.nyanlout.re" = {
+          enableACME = true;
+          forceSSL = true;
+
+          root = "${config.services.mastodon.package}/public/";
+
+          locations."/system/".alias = "/var/lib/mastodon/public-system/";
+
+          locations."/" = {
+            tryFiles = "$uri @proxy";
+          };
+
+          locations."@proxy" = {
+            proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.webPort)}";
+            proxyWebsockets = true;
+            extraConfig = ''
+              proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+            '';
+          };
+
+          locations."/api/v1/streaming/" = {
+            proxyPass = "http://127.0.0.1:${toString(config.services.mastodon.streamingPort)}/";
+            proxyWebsockets = true;
+            extraConfig = ''
+              proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+            '';
+          };
+        };
         "stream.nyanlout.re" = {
           enableACME = true;
           forceSSL = true;
@@ -286,6 +314,21 @@ in
     };
 
     python-ci.enable = true;
+
+    mastodon = {
+      enable = true;
+      localDomain = "social.nyanlout.re";
+      extraConfig = {
+        SMTP_AUTH_METHOD = "none";
+        SMTP_OPENSSL_VERIFY_MODE = "none";
+      };
+      smtp = {
+        fromAddress = "social@nyanlout.re";
+        user = "social@nyanlout.re";
+        authenticate = false;
+      };
+      mediaPruneTimer = true;
+    };
   };
 
   systemd.services.site-musique = let