aether/modules/mastodon/default.nix

{ config, lib, ... }:
let
  cfg = config.aether.mastodon;
  mastodon = config.services.mastodon;

  useSubdomain = !(builtins.isNull cfg.subdomain);
  domain = lib.optionalString useSubdomain "${cfg.subdomain}."
           + config.aether.domain;
in {
  imports = [ ./options.nix ];

  services.mastodon = {
    enable = true;
    user = cfg.user;
    group = mastodon.user;
    localDomain = domain;
    configureNginx = true;
    smtp.fromAddress = cfg.email;
  };

  security.acme.acceptTerms = true;
  security.acme.defaults.email = config.aether.acmeEmail;

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  users.users = lib.mkIf (cfg.createUser && mastodon.user != "mastodon") {
    ${mastodon.user} = {
      home = mastodon.package;
      useDefaultShell = true;
      group = mastodon.group;
      isSystemUser = true;
    };
  };
  users.groups = lib.mkIf (cfg.createUser && mastodon.group != "mastodon") {
    ${mastodon.group} = {};
  };
}