From 6bd18dcc86c94ce4a7d3983f1f2c4be19726c175 Mon Sep 17 00:00:00 2001
From: Clayton Hickey <clayton@claytondoesthings.xyz>
Date: Sun, 8 Feb 2026 15:38:50 -0500
Subject: [PATCH] mastodon

---
 cos.nix      |  1 +
 mastodon.nix | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 mastodon.nix

diff --git a/cos.nix b/cos.nix
index a876de2..6fac4f9 100644
--- a/cos.nix
+++ b/cos.nix
@@ -10,6 +10,7 @@
     ./bikeability.nix
     ./emacs.nix
     ./minecraft/minecraft-servers.nix
+    ./mastodon.nix
     "${inputs.home-manager}/nixos"
     inputs.nix-minecraft.nixosModules.minecraft-servers
   ];
diff --git a/mastodon.nix b/mastodon.nix
new file mode 100644
index 0000000..68cf112
--- /dev/null
+++ b/mastodon.nix
@@ -0,0 +1,62 @@
+{ config, lib, ... }:
+let
+  mastodonPort = 5328;
+in
+{
+  config = lib.mkMerge [
+    (lib.mkIf (config.networking.hostName == "nixnas") {
+      services.mastodon = {
+        enable = true;
+        localDomain = "claytonhickey.me";
+        smtp.fromAddress = "mastodon@claytonhickey.me";
+        streamingProcesses = 3;
+        extraConfig.SINGLE_USER_MODE = "true";
+        extraConfig.WEB_DOMAIN = "mastodon.claytonhickey.me";
+        #webPort = mastodonPort;
+        #enableUnixSocket = false;
+        trustedProxy = "127.0.0.1,10.100.0.1";
+        configureNginx = true;
+      };
+      networking.firewall.interfaces.${config.cos.wireguard.interface}.allowedTCPPorts = [
+        mastodonPort
+      ];
+      services.nginx.virtualHosts."${config.services.mastodon.localDomain}" = {
+        forceSSL = false;
+        enableACME = false;
+
+        serverName = "mastodon.claytonhickey.me";
+
+        listen = [{
+          addr = "10.100.0.2";
+          port = mastodonPort;
+        } {
+          addr = "127.0.0.1";
+          port = mastodonPort;
+        }];
+
+        #locations."/" = {
+        #  proxyPass = "http://unix:/run/mastodon-web/web.socket";
+        #  tryFiles = lib.mkForce null;
+        #};
+        locations."@proxy" = {
+          recommendedProxySettings = false;
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto https;
+            proxy_set_header Proxy "";
+            proxy_pass_header Server;
+
+            proxy_buffering on;
+            proxy_redirect off;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+
+            tcp_nodelay on;
+          '';
+        };
+      };
+    })
+  ];
+}