From 9d1b643a8278cd05f0ac7c8f59f5a9ffd3ea3802 Mon Sep 17 00:00:00 2001
From: Alexander Bantyev <balsoft@balsoft.ru>
Date: Thu, 18 Mar 2021 22:37:59 +0300
Subject: [PATCH] Add mastodon

---
 machines/T420-Laptop/default.nix |  1 +
 modules/default.nix              |  1 +
 modules/servers/mailserver.nix   |  8 ++++++++
 modules/servers/mastodon.nix     | 19 +++++++++++++++++++
 modules/servers/nginx.nix        |  2 +-
 5 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 modules/servers/mastodon.nix

diff --git a/machines/T420-Laptop/default.nix b/machines/T420-Laptop/default.nix
index 112591e..718a947 100644
--- a/machines/T420-Laptop/default.nix
+++ b/machines/T420-Laptop/default.nix
@@ -11,6 +11,7 @@
     nginx
     vsftpd
     home-assistant
+    mastodon
   ];
 
   services.logind.lidSwitch = "ignore";
diff --git a/modules/default.nix b/modules/default.nix
index 73bf52b..4f0b4d6 100755
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -33,6 +33,7 @@ builtins.listToAttrs (builtins.map (path: {
   ./servers/nginx.nix
   ./servers/vsftpd.nix
   ./servers/home-assistant.nix
+  ./servers/mastodon.nix
   ./services.nix
   ./themes.nix
   ./virtualisation.nix
diff --git a/modules/servers/mailserver.nix b/modules/servers/mailserver.nix
index fa4da46..9808405 100644
--- a/modules/servers/mailserver.nix
+++ b/modules/servers/mailserver.nix
@@ -7,6 +7,10 @@ in {
     owner = "dovecot2:dovecot2";
     services = [ "dovecot2" ];
   };
+  secrets.mailserver-mastodon = {
+    owner = "dovecot2:dovecot2";
+    services = [ "dovecot2" ];
+  };
   services.postfix = {
     dnsBlacklists = [
       "all.s5h.net"
@@ -79,6 +83,10 @@ in {
           [ "balsoft" "admin@balsoft.ru" "patches" "patches@balsoft.ru" "issues" "issues@balsoft.ru" "admin" "root@balsoft.ru" "root" ];
         hashedPasswordFile = config.secrets.mailserver.decrypted;
       };
+      "mastodon@balsoft.ru" = {
+        aliases = [ "mastodon" ];
+        hashedPasswordFile = config.secrets.mailserver-mastodon.decrypted;
+      };
     };
     localDnsResolver = false;
     certificateScheme = 1;
diff --git a/modules/servers/mastodon.nix b/modules/servers/mastodon.nix
new file mode 100644
index 0000000..e8235b8
--- /dev/null
+++ b/modules/servers/mastodon.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }: {
+  secrets.email-mastodon = {
+    owner = "mastodon:mastodon";
+    encrypted = "/home/balsoft/.password-store/email/mastodon@balsoft.ru.gpg";
+    services = [ "mastodon-web" ];
+  };
+  services.mastodon = {
+    enable = true;
+    configureNginx = true;
+    localDomain = "social.balsoft.ru";
+    smtp = {
+      createLocally = false;
+      fromAddress = "mastodon@balsoft.ru";
+      user = "mastodon";
+      host = "balsoft.ru";
+      passwordFile = config.secrets.email-mastodon.decrypted;
+    };
+  };
+}
diff --git a/modules/servers/nginx.nix b/modules/servers/nginx.nix
index eedd458..10ef5cc 100644
--- a/modules/servers/nginx.nix
+++ b/modules/servers/nginx.nix
@@ -21,7 +21,7 @@
           proxyPass = "http://localhost:13748";
         };
         enableACME = true;
-        addSSL = true;
+        forceSSL = true;
       };
       "code.balsoft.ru" = {
         locations."/" = { proxyPass = "http://localhost:6000"; };