Mastodon
Mastodon is a decentralized social media platform that allows users to create accounts, post content, and interact with others. It is an alternative to centralized social media platforms like Twitter and Facebook.
Setup
The services.mastodon
service can be used to setup a Mastodon instance in single user mode. It will setup all the necessary services (PostgreSQL, Redis, Nginx...) and setup a valid certificate to be used for the HTTPS connection:
security.acme = {
acceptTerms = true;
defaults.email = "<EMAIL TO USE FOR CORRESPONDENCE WITH Let's Encrypt>";
};
services.mastodon = {
enable = true;
localDomain = "social.example.com"; # Replace with your own domain
configureNginx = true;
smtp.fromAddress = "noreply@social.example.com"; # Email address used by Mastodon to send emails, replace with your own
extraConfig.SINGLE_USER_MODE = "true";
streamingProcesses = 3; # Number of processes used by the mastodon-streaming service. recommended is the amount of your CPU cores minus one.
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
You can then create your account using the package mastodon
:
# mastodon-tootctl accounts create USERNAME --email=YOUR_EMAIL --confirmed --role=Owner
and approve your new account
# mastodon-tootctl accounts approve USERNAME
Then you're ready to head to the domain you set up in configuration.nix
and start tooting away!
Usage
Change password for user my_user
# mastodon-tootctl accounts modify --reset-password my_user
Tips and tricks
Using Caddy as a server
Use the following template:
services = {
caddy = {
enable = true;
virtualHosts = {
# Don't forget to change the host!
"<your-server-host>" = {
extraConfig = ''
handle_path /system/* {
file_server * {
root /var/lib/mastodon/public-system
}
}
handle /api/v1/streaming/* {
reverse_proxy unix//run/mastodon-streaming/streaming.socket
}
route * {
file_server * {
root ${pkgs.mastodon}/public
pass_thru
}
reverse_proxy * unix//run/mastodon-web/web.socket
}
handle_errors {
root * ${pkgs.mastodon}/public
rewrite 500.html
file_server
}
encode gzip
header /* {
Strict-Transport-Security "max-age=31536000;"
}
header /emoji/* Cache-Control "public, max-age=31536000, immutable"
header /packs/* Cache-Control "public, max-age=31536000, immutable"
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
'';
};
};
};
# Caddy requires file and socket access
users.users.caddy.extraGroups = [ "mastodon" ];
# Caddy systemd unit needs readwrite permissions to /run/mastodon-web
systemd.services.caddy.serviceConfig.ReadWriteDirectories = lib.mkForce [ "/var/lib/caddy" "/run/mastodon-web" ];
Automatic backups
Mastodon uses postgreSQL as database. Luckily, Nixpkgs offers a useful service, services.postgresqlBackup.enable
.
Example settings, assuming you have the default database settings:
services.postgresqlBackup = {
enable = true;
databases = [ "mastodon" ];
};
Troubleshooting
Hints for running in your local network for testing
If you get a Mastodon::HostValidationError
when trying to federate with another ActivityPub instance in your local network you need to allow Mastodon to access local ip addresses in outgoing http (federation) requests. To do this set the following environment variable:
ALLOWED_PRIVATE_ADDRESSES
to a comma-separated list of allowed ip addresses with the format specified in https://ruby-doc.org/stdlib-2.5.1/libdoc/ipaddr/rdoc/IPAddr.html.
This is also documented in the Mastodon admin guide[1].