public
/
mastodon-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add env files! Oops

This commit is contained in:
niten 2023-07-26 16:30:53 -07:00
parent 919fbe86ab
commit ada9b0cd3a
1 changed files with 77 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
mastodon-container.nix
View File

@ -4,6 +4,18 @@ with lib;
let let
cfg = config.services.mastodonContainer; cfg = config.services.mastodonContainer;
hostSecrets = config.fudo.secrets.host-secrets."${config.instance.hostname}";
makeEnvFile = envVars:
let
envLines =
mapAttrsToList (var: val: ''${var}="${toString val}"'') envVars;
in pkgs.writeText "envFile" (concatStringsSep "\n" envLines);
databasePasswd = readFile
(pkgs.lib.passwd.stablerandom-passwd-file "mastodon-db-passwd"
config.instance.build-seed);
proxyConf = pkgs.writeText "mastodon-nginx.conf" '' proxyConf = pkgs.writeText "mastodon-nginx.conf" ''
http { http {
upstream backend { upstream backend {
@ -85,6 +97,17 @@ in {
options.services.mastodonContainer = with types; { options.services.mastodonContainer = with types; {
enable = mkEnableOption "Enable Mastodon running in an Arion container."; enable = mkEnableOption "Enable Mastodon running in an Arion container.";
hostname = mkOption {
type = str;
description = "Hostname of this Mastodon instance.";
};
web-domain = mkOption {
type = str;
description = "Domain name to attach to users, eg @user@web.domain";
default = toplevel.config.services.mastodonContainer.hostname;
};
version = mkOption { version = mkOption {
type = str; type = str;
description = "Version of Mastodon to launch."; description = "Version of Mastodon to launch.";
@ -128,6 +151,19 @@ in {
default = 3000; default = 3000;
}; };
smtp = {
server = mkOption {
type = str;
description = "Outgoing SMTP server.";
};
port = mkOption {
type = port;
description = "Outgoing SMTP server port.";
default = 25;
};
};
uids = { uids = {
mastodon = mkOption { mastodon = mkOption {
type = int; type = int;
@ -166,6 +202,26 @@ in {
}; };
}; };
fudo.secrets.host-secrets."${config.instance.hostname}" = let
in {
commonEnv = {
source-file = makeEnvFile {
LOCAL_DOMAIN = cfg.hostname;
WEB_DOMAIN = cfg.web-domain;
REDIS_HOST = "redis";
REDIS_PORT = 6379;
DB_USER = "mastodon";
DB_NAME = "mastodon";
DB_PASS = databasePasswd;
SMTP_SERVER = cfg.smtp.server;
SMTP_PORT = toString cfg.smtp.port;
SMTP_FROM_ADDRESS = "noreply@${cfg.web-domain}";
};
};
postgresEnv = makeEnvFile { DB_HOST = "/var/run/postgresql"; };
mastodonEnv = makeEnvFile { DB_HOST = "postgres"; };
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${cfg.state-directory}/mastodon 0700 mastodon root - -" "d ${cfg.state-directory}/mastodon 0700 mastodon root - -"
"d ${cfg.state-directory}/postgres 0700 mastodon-postgres root - -" "d ${cfg.state-directory}/postgres 0700 mastodon-postgres root - -"
@ -189,7 +245,7 @@ in {
depends_on = [ "web" "streaming" ]; depends_on = [ "web" "streaming" ];
networks = [ "internal_network" "external_network" ]; networks = [ "internal_network" "external_network" ];
}; };
db.service = { postgres.service = {
image = cfg.images.postgres; image = cfg.images.postgres;
restart = "always"; restart = "always";
volumes = volumes =
@ -198,6 +254,10 @@ in {
environment.POSTGRES_HOST_AUTH_METHOD = "trust"; environment.POSTGRES_HOST_AUTH_METHOD = "trust";
networks = [ "internal_network" ]; networks = [ "internal_network" ];
user = mkUserMap cfg.uids.postgres; user = mkUserMap cfg.uids.postgres;
env_file = [
hostSecrets.commonEnv.target-file
hostSecrets.postgresEnv.target-file
];
}; };
redis.service = { redis.service = {
image = cfg.images.redis; image = cfg.images.redis;
@ -206,6 +266,7 @@ in {
healthcheck.test = [ "CMD" "redis-cli" "ping" ]; healthcheck.test = [ "CMD" "redis-cli" "ping" ];
networks = [ "internal_network" ]; networks = [ "internal_network" ];
user = mkUserMap cfg.uids.redis; user = mkUserMap cfg.uids.redis;
env_file = [ hostSecrets.commonEnv.target-file ];
}; };
web.service = { web.service = {
image = cfg.images.mastodon; image = cfg.images.mastodon;
@ -219,9 +280,13 @@ in {
"CMD-SHELL" "CMD-SHELL"
"wget -q --spider --proxy=off localhost:3000/health || exit 1" "wget -q --spider --proxy=off localhost:3000/health || exit 1"
]; ];
depends_on = [ "db" "redis" ]; depends_on = [ "postgres" "redis" ];
networks = [ "internal_network" ]; networks = [ "internal_network" ];
user = mkUserMap cfg.uids.mastodon; user = mkUserMap cfg.uids.mastodon;
env_file = [
hostSecrets.commonEnv.target-file
hostSecrets.mastodonEnv.target-file
];
}; };
streaming.service = { streaming.service = {
image = cfg.images.mastodon; image = cfg.images.mastodon;
@ -232,8 +297,12 @@ in {
"CMD-SHELL" "CMD-SHELL"
"wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1" "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"
]; ];
depends_on = [ "db" "redis" ]; depends_on = [ "postgres" "redis" ];
networks = [ "internal_network" ]; networks = [ "internal_network" ];
env_file = [
hostSecrets.commonEnv.target-file
hostSecrets.mastodonEnv.target-file
];
}; };
sidekiq.service = { sidekiq.service = {
image = cfg.images.mastodon; image = cfg.images.mastodon;
@ -243,9 +312,13 @@ in {
command = "bundle exec sidekiq"; command = "bundle exec sidekiq";
healthcheck.test = healthcheck.test =
[ "CMD-SHELL" "ps aux | grep '[s]idekiq 6' || false" ]; [ "CMD-SHELL" "ps aux | grep '[s]idekiq 6' || false" ];
depends_on = [ "db" "redis" ]; depends_on = [ "postgres" "redis" ];
networks = [ "internal_network" "external_network" ]; networks = [ "internal_network" "external_network" ];
user = mkUserMap cfg.uids.mastodon; user = mkUserMap cfg.uids.mastodon;
env_file = [
hostSecrets.commonEnv.target-file
hostSecrets.mastodonEnv.target-file
];
}; };
}; };
}; };