From b6538568b1aab330f11c52800009825c03b97123 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Tue, 29 Nov 2022 15:17:23 +0100
Subject: [PATCH] mastodon: setup

---
 flake.lock                     |  30 +++++++-------
 home/programs/nvim/plugins.nix |  72 ++++++++++++++++-----------------
 secret/hosts/sail.nix          | Bin 1597 -> 1967 bytes
 system/hosts/sail.nix          |   6 ++-
 system/nixos/mastodon.nix      |  64 +++++++++++++++++++++++++++++
 system/nixos/synapse.nix       |   2 +
 6 files changed, 122 insertions(+), 52 deletions(-)
 create mode 100644 system/nixos/mastodon.nix

diff --git a/flake.lock b/flake.lock
index 5d46cb0..b5e1c79 100644
--- a/flake.lock
+++ b/flake.lock
@@ -79,11 +79,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1669328018,
-        "narHash": "sha256-aJRMobnNDEXKwoSZFS4hGjGU1WDNxkQ82BVKAEohOfY=",
+        "lastModified": 1669573161,
+        "narHash": "sha256-UAOXq+LIX+goAAY2MiC0+zCxdNPaO7NAPTvCQExpIBs=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "62cb5bcf93896e4dd6b4507dac7ba2e2e3abc9d7",
+        "rev": "50c9bccb6abc52811a59db620606e016fcde32bd",
         "type": "github"
       },
       "original": {
@@ -102,11 +102,11 @@
       },
       "locked": {
         "dir": "contrib",
-        "lastModified": 1669432527,
-        "narHash": "sha256-lfjjzg/NFFfP8cFCCKRr36EkQVlcNyMZBCNne6lY1Cs=",
+        "lastModified": 1669589959,
+        "narHash": "sha256-jkCvcuk5vqXeqcfBY3srMIEfOZ14FU3KzAsbYdWD6Ps=",
         "owner": "neovim",
         "repo": "neovim",
-        "rev": "84465a8c1583f444d4365b2a70e03cd38ebe7f81",
+        "rev": "a6f0444ab9b5d8947ff7e48718a6b3a484a096fa",
         "type": "github"
       },
       "original": {
@@ -125,11 +125,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1669450483,
-        "narHash": "sha256-CP7I2vV8/fnpBjwDVhJluze/9mrmy87U93qAkVDOnQQ=",
+        "lastModified": 1669623371,
+        "narHash": "sha256-8+vB/pCYU7taKn7xbwDqfO0UpmeLAcDf7FVX86eVw2w=",
         "owner": "nix-community",
         "repo": "neovim-nightly-overlay",
-        "rev": "7904a5497404a613d2e8658067fb212ed2401fd9",
+        "rev": "67eb55efa528fc1a1f4a1bbf2765374c4d44bffa",
         "type": "github"
       },
       "original": {
@@ -145,11 +145,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1669451122,
-        "narHash": "sha256-RW8DYU6nvqsawjnSwJLZZGsLn/3LaSn+G/GLd4dTZew=",
+        "lastModified": 1669624040,
+        "narHash": "sha256-E5009djShYtF8eMj1d0XCwOxKrlH9JnstLQfo5w1SAU=",
         "owner": "nifoc",
         "repo": "nix-overlay",
-        "rev": "bf8ce1d598334cde1a31f22b635b9b3467726596",
+        "rev": "c1d09357ef86cbe47bb36831df746044cd4e6d78",
         "type": "github"
       },
       "original": {
@@ -160,11 +160,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1669443273,
-        "narHash": "sha256-/Ow9P6dWfkQF/9NKD7+OnMnz5DJr2pVCAUMjU9SwFoo=",
+        "lastModified": 1669597967,
+        "narHash": "sha256-R+2NaDkXsYkOpFOhmVR8jBZ77Pq55Z6ilaqwFLLn000=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6b86759692b80e2b563e7f6c608f753de4aad3a7",
+        "rev": "be9e3762e719211368d186f547f847737baad720",
         "type": "github"
       },
       "original": {
diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix
index 91c80df..359a7f5 100644
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@@ -91,12 +91,12 @@ rec {
   };
   leap-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "leap.nvim";
-    version = "2022-11-22";
+    version = "2022-11-28";
     src = pkgs.fetchFromGitHub {
       owner = "ggandor";
       repo = "leap.nvim";
-      rev = "c5ddd07ff5f436cd8b655154d2a8e8d4c2f29466";
-      sha256 = "1j72hsjsip1qa94zx8yx1jz62ikqa2dlqz27qv7mz6801ndh2sz0";
+      rev = "f7391b5fe9771d788816383ee3c75e0be92022af";
+      sha256 = "1xxlpz6y66h8xs8bfl0bq46gkhvdi275vsmrwbac1lwk76v9b8kq";
       fetchSubmodules = false;
     };
   };
@@ -112,12 +112,12 @@ rec {
     };
   };
   nvim-treesitter = pkgs.vimPlugins.nvim-treesitter.overrideAttrs (_: {
-    version = "2022-11-26";
+    version = "2022-11-28";
     src = pkgs.fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter";
-      rev = "5aacb06135a952190933f9bfff923957db8965db";
-      sha256 = "1vxjpzg96n15d35lc0wvid3mwy94a48vpjn06b1n8sra384xa338";
+      rev = "1821c656d8e42fd8ce6648af58e64268606e8bec";
+      sha256 = "05ka90vjq18rwrxcy65q1yw5pwcs2xlzg080v7lsnm024q5f7l9n";
       fetchSubmodules = false;
     };
   });
@@ -145,12 +145,12 @@ rec {
   };
   telescope-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "telescope.nvim";
-    version = "2022-11-23";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "nvim-telescope";
       repo = "telescope.nvim";
-      rev = "cea9c75c19d172d2c6f089f21656019734a615cf";
-      sha256 = "18ivpbfnxx5hilapcb7n1qq0a5am5sq6zixhb3slsfqqg0a2v8rn";
+      rev = "4d77743a8ec4d19b3c47e0d04f3e88f1a933698e";
+      sha256 = "1nifl0fkzp7z47vwfpqlp0xn4s47h1mxm2mrmvbr89jzwx7wg8ml";
       fetchSubmodules = false;
     };
   };
@@ -214,12 +214,12 @@ rec {
   };
   nvim-lspconfig = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-lspconfig";
-    version = "2022-11-26";
+    version = "2022-11-28";
     src = pkgs.fetchFromGitHub {
       owner = "neovim";
       repo = "nvim-lspconfig";
-      rev = "abe6c99c7489de2c317869cf5dea57a9595a0cca";
-      sha256 = "18b2vi0gl48257rwdnaq2xcrhhfmpahmjzcpm3c8k7z43igf8jla";
+      rev = "a2817c9d9500079a0340286a88653b41707a92eb";
+      sha256 = "0y4db82ysjmff9v9x0whdkhjjdds2v9vxiwgs7fp6pzsq6am13fk";
       fetchSubmodules = false;
     };
   };
@@ -258,12 +258,12 @@ rec {
   };
   nvim-navic = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-navic";
-    version = "2022-11-18";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "SmiteshP";
       repo = "nvim-navic";
-      rev = "40c0ab2640a0e17c4fad7e17f260414d18852ce6";
-      sha256 = "194r8p8nljvh5jb8i860qp8kr4i16s5q84nc6phqjygwacsq69s8";
+      rev = "343e07de11b15f93e44ebd47eb98dce6b7da2e6b";
+      sha256 = "14rdzmh8w7qvmvqdv360nba1l2phmmbxs90ifjrxicw21b48jmyi";
       fetchSubmodules = false;
     };
   };
@@ -302,34 +302,34 @@ rec {
   };
   LuaSnip = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "LuaSnip";
-    version = "2022-11-22";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "L3MON4D3";
       repo = "LuaSnip";
-      rev = "79f647218847b1cd204fede7dd89025e43fd00c3";
-      sha256 = "1n99rq71fgasagglzq0sxlvxnprmbqi3jd47q5n59zs0h1q63hyk";
+      rev = "3fa5c8d938e4ed9dcfd3e07d13b587cba4f87e7d";
+      sha256 = "179wi5hab3sm1m78ari9l9yqm8yjwmbwdg13ag5xwv07wq658a6l";
       fetchSubmodules = false;
     };
   };
   friendly-snippets = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "friendly-snippets";
-    version = "2022-11-16";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "rafamadriz";
       repo = "friendly-snippets";
-      rev = "ef8caa5002e53977779ce8ab18a9c393ed624386";
-      sha256 = "1kb3gh0qlbc75qkwy3ybhgsm9gcwbdba75ffhpcbifd6s6rdfj0n";
+      rev = "03f91a18022964d80a3f0413ed82cf1dbeba247f";
+      sha256 = "0kccng913a37k4i70d4bhr3a5jhmksq4kjglky2cqwkwz3s7bg9a";
       fetchSubmodules = false;
     };
   };
   nvim-cmp = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-cmp";
-    version = "2022-11-24";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "hrsh7th";
       repo = "nvim-cmp";
-      rev = "4c05626ccd70b1cab777c507b34f36ef27d41cbf";
-      sha256 = "185mxjj3r9jhgylr3ai08i5br6xh7jifyqyxgsw9a0plq8qywcvl";
+      rev = "93f385c17611039f3cc35e1399f1c0a8cf82f1fb";
+      sha256 = "0c9931rb4pf9vj51gqxizvbamq9ycjzy08vq2arm1jkrrr8fkmfc";
       fetchSubmodules = false;
     };
   };
@@ -412,12 +412,12 @@ rec {
   };
   cmp-cmdline = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "cmp-cmdline";
-    version = "2022-11-13";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "hrsh7th";
       repo = "cmp-cmdline";
-      rev = "8bc9c4a34b223888b7ffbe45c4fe39a7bee5b74d";
-      sha256 = "0rx8ncap1dfrgwkx1wsmhybr6cs1kdh0li5hssbhws2d6igij8zq";
+      rev = "23c51b2a3c00f6abc4e922dbd7c3b9aca6992063";
+      sha256 = "0vffivj94736njjhlazrs0jkc1nyvcdjpw64w38d1lhlyflf4cl7";
       fetchSubmodules = false;
     };
   };
@@ -445,12 +445,12 @@ rec {
   };
   nvim-autopairs = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-autopairs";
-    version = "2022-11-24";
+    version = "2022-11-28";
     src = pkgs.fetchFromGitHub {
       owner = "windwp";
       repo = "nvim-autopairs";
-      rev = "5d75276fce887c0cf433bb1b9867717907211063";
-      sha256 = "11ivy3iaw672yfgbq92q0xd9s6qijs5rd5464fgdwimqrsac0300";
+      rev = "99f696339266c22e7313d6a85a95bd538c3fc226";
+      sha256 = "1pv3hfaxd7yifx0n9643wcb9skrqrkzx5x545x944y23xvwvv9di";
       fetchSubmodules = false;
     };
   };
@@ -478,12 +478,12 @@ rec {
   };
   nvim-treesitter-textobjects = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-treesitter-textobjects";
-    version = "2022-11-26";
+    version = "2022-11-27";
     src = pkgs.fetchFromGitHub {
       owner = "nvim-treesitter";
       repo = "nvim-treesitter-textobjects";
-      rev = "04c61332a3cb78e56f7455d17d7878b0b7e66270";
-      sha256 = "0db6s53540f1z11ffnmbfqbx504qpwzsrs8xxp9b61pgy66lsf3l";
+      rev = "98476e7364821989ab9b500e4d20d9ae2c5f6564";
+      sha256 = "1gvksha3l3pripy7rsk1axr9n0wmzsh2xr1461vjz3314sdfikyj";
       fetchSubmodules = false;
     };
   };
@@ -577,12 +577,12 @@ rec {
   };
   nvim-notify = pkgs.vimUtils.buildVimPluginFrom2Nix {
     pname = "nvim-notify";
-    version = "2022-11-24";
+    version = "2022-11-28";
     src = pkgs.fetchFromGitHub {
       owner = "rcarriga";
       repo = "nvim-notify";
-      rev = "e7cffd0e8c3beaa0df7d06567620afa964bc2963";
-      sha256 = "0j2q6wd5izv6y5cj50xildd117zx8ncd93074fp97gdyb2xmp45g";
+      rev = "859056ff7aec327255578c7a98ef02d0cd829f65";
+      sha256 = "01sas5rv0j6rsjml9ibi9ygzpihdn6g8vz5rpwv4grkh0n844jkh";
       fetchSubmodules = false;
     };
   };
diff --git a/secret/hosts/sail.nix b/secret/hosts/sail.nix
index 657499e0fce67d662a172b16aa8a71b4dc84e919..68911948ae16703c5967edb6ed93f67909bbb0ca 100644
GIT binary patch
literal 1967
zcmV;g2T=F`M@dveQdv+`0CtW4uxeF|8R9qnaWJfa(@@4@AIPubW+4xD=1_?eUta5e
ztFL(eRL58u;d%eFlV|foy$I<7K|9Wywr5>1uNNoI0^9loiapZD2K#Z0)yuzn#0got
z2GwA^f|VhpMX#_;S^gZ4<(Z!{<`=C}<jQ(xSioYm!biEbqMuEQ-afw(So4^Xe!CQV
z805zE4o97E2alTM?6uh`Z#}U-&a<XIOWh9475zU|*{MD<WU?HAE|{N!gqUbVInIUB
z8F|s6RL9;zbQhwdQT$wC+WX-|4HShBf{d-j^G18@?q?Blwbr;3giSlT7eU}d(#dw{
zto(0@Sz+Cd`e4}!!D#JB8;`Q<*h&OE`Ok}rd@;<o7(HTC$AdpwE~@oXN<?|z4V0Uf
z+tIfoi^U4a;Tml>b`G*=i0H{_XtFlKG`p2>IIX-#pLk@QS3u~pw87qj=&#~1(QD)I
zQXVtCKqi1?j<&KJP|%g;$#;&LD2(BXUjPeUSM`sfcfkJV3df1$8L^pE&Cx7*PR~|o
zuN{f!ChGq7yI2@U2|7(7RHDfq2To1A=&AY2re=BJoM%$_!%a7I4J&k5GIpJ%OeFzN
z$B5v#2;Ln%o#nkL;;+8nX?28o%HHMqj!iVO-rI>TW+Me6snOa81>2}{e4cD35h4v6
zVw*vLgBc?XY7Np^3_i5$G1u?C&DCvrmktV?U;h6=&hp^wbPgK5ULLRAWcaZ+OiM0d
zxIn@uKu(va`Y-WQ&|SXde|CDD>1EFy1Gl+uBz5?M#Xs=YQ=xVAm0!pry~rL&&wr~&
z5@|7nr09VP_Z4-MsWfr?QHZew{=XnbnQL~9tsWNbc{4Wg+dG2{E24%ql(h{D*F{+5
zGZTCU4r)wcD0lezctNtxek(tp<AGrK3Vx%*3~KzJrGP5$1DA&pnAnRI4kf(%&aYkI
z6Le<tW#E$8Q4vqpn(Mb^xmddTSYaCeZA9e{U9+V?2<Zreb+h0}KfmC)f^NtH3lKRV
zkwYZqcz4{!twjTj76IDyg&Kz_N&QEVF%ql)4#Zzjn!XdpXIs~M|77!_UhC}1eOEBW
z8dAs=47u$JaMMsOL64~t4<PLw<94jI_#=9w?f{Avru|ZY6DO16?B#Pr5-^1+ixhgA
zZDzWwJ+5YgaCJ#dbV3kdMD}Q;%<P>ZIkFKwf8_FlZvMHb3%)R6;k=z=wH^FRTK-Fm
zeiYk7us2&i`qHio5~mcr;J@@=DL0SR2YrD!V|Cw$wl?qj8)TAZwG^{QM%`{h%YR%#
zVQO$?lqOhpf4xm3=xXBu_n0wFov5Sz_cP<4WR^WWvgl*3__m(*W)sTg6O-*fJPf-I
zdYSDAld68kBoK80Y`Oty7fGdA<Pg(A&kpp=8GHZqvzTvsip%^<p*v1gJ7HJ(hT6qR
zYuPzZfzJe?-IN?i4ld>_$<V<4$%wiuKWW2S6sr;f221T1OB|KAa#{K*7VXB8CvV)3
z^IiITFMSFDN<_{e*ixt<<5Sa-lQgC2+^4gfC`j$XDy6=T0eoWVSzCh{AU$Z!VG|$X
zY$-5&JARN$ZR82C$^CsJ8@$eMP!{pFjk#i_#MVmu6a!T}LdVL_ZT(NJJRSO^`mC&@
zQNt|?eNJ>cNxg*6QwK=_syRV2U59MZ!6+o<t5Tq110$BF<SR>W)15P0npoD22L2YY
z%IeZW1eGs=Jy<u4MD<#Tuq{vDn~b_JpI3?GLRU;$4^{{2JIO0#qI*Zxg14Mm^E&Zz
zRm|yCPV}>-MTiZON&~5~g#K9pOml=t_$rZUg|j`@Xq+ybTlS=91D7~RkaK6{^1n{$
z4_)+TO$jrUyj|mw6p)W)*)TGrv~E+q!N9OA_o^0@C1rN3v5#jiG2b;z{dap8u#}@W
zlG4KET@f>v{3x!p9ConvQsYx^V4;Aqv1g<~=R(Aiom=Y7HRhG1hT%XrN7|3-LL^{#
z`|=XRG6a&0F~kZ+HG-=_=s-31bE^dB0QrzQp>~hZd{fqkWqAm9amLn|xZ<z1iIX`l
zbXDNWv0qmI%h-nECLAMi`oiR$dVXo@+w9kCT16_^rOLyaBF!!hm-elChrBtS?Bi0^
z1xv$IJnLsIXRMTMefbt-lTfDi3)<v$uC9bo73_LQ>Q&WopKwnUWjbFBDzyfw&wyEL
zYvky{5~`#CqSGOtVv;9M*pCL`uzRo@@^Kgyktb)!yS!h0z3?Hy^X#xkH#>~tyINpj
zpS`C{!b>+}D>tCjyHd^SoqKE(X5DRZ771I`7z%TQ^TK#ih{BU|ld1Euwz&-GW6e#&
z<2X@Q$BW7+VXaF(xYb_;<Z;kh<i3%BRBd7Im%Jwl!P@w?t2<5AB2oqM!6~Dy?(O{K
z@>X8UO5x{7ZnV%=*6qwJ5Sa>h--Pk+!LX0|<beUtUwOWe?4GH}94{e<%RLeyyDtv)
zokX5BbT-Z4ts_jY@Hy4^O28ktpJU$pIS{|*-dVU;*A0c_WnE@$51CBLY{c5KP-2{K
zw>)^G&SKb3kxQw0qz1lxL)|(Q>k;!adZ1?{q|*1IY2(|K0L;BYr(Jt1=75i1qQuX{
B<SzgK

literal 1597
zcmV-D2EzFOM@dveQdv+`03)&ypmPe7jF%j#uQB`T;c5PS(7Tg_2UR1#SpNSMIz_m4
zvYlL*)bKM*njIN%%<r9-C!{S|##HP+nWZZR?BxzAA@XBAN-;(ZrQ`O1oc}bLf-7J}
zEI^Rxq`xOFN(Zh|GDnX9sWbd!OVPFu?wyQ1V9d3$G|9MySTikWt)F-M=N|?#YsxOY
zf_Z&NBOjE4YuqQrlTk53cccv6tYgjebU2xRL+#hN6!0RP`pht4;QD=urZ`_TL{3qV
zbka!NPg0yI0h>#CwzZM(HyK6eW2f=8fz>1)w_q9NSl|T)(jlI97kFVr(o|bAZP%mh
ztbg0Sy|(>dkr(W8t~Vd_xq@5#644{g)^%j8|Hzax!^*F1JwV>yqT}d)W46eM*AMql
z(Adr|W809@$Vcpu*=5XhNm|f5wldzeBqjH|xQ9ucK1w2IA<TE7tQ5^V**YB8WQLu^
z(8WAk*%~kQ2@ZjICAYb0#9xnwxe%FBC8vJF)jTlR&PokRig)2!hN0S-K);Lp-#Nu2
zULUR%6@&?*?47!$o}_y0!wou!T|gvktk10C({xJ&bq+VA>C73J)^7g2js4Fo+D7}=
z=r?E^mWf&0ty;oxnO7kqFNIDK^*Us~5JU_X0~;*2ikHi0(B?zjfy@oMJmGrACtMN(
zek0(ZQ*HN>cT$Q!zse?)KhiiQ`OVB@g?Tn$<Ev{(osV%9Zf<iVn^=)Y-3sYNCB5t-
zFn&x88P&iiIIF(Y#G4#f{G^Fj-Cd?C9(z5zwyy%B?Z$(KQTRnz3w%Cwl?$~LVH<<#
z<up|%d^LaNh1{_ajnCVHs`Y?sgt{2l=?VrNPEOr+x`4ylcziicg&v_$o){HgAe}Pv
zL}I6AmC{C!SAMT9x9a%7PK#9n&Gu#@1WXqLQW_zw0q-GLOwvmhccs)t5Vw6`8qD%v
zjScxdkr~1A;>=9PssfPi764CQ9C9<cY?<f($4!~lvU8`(Zvus+Zx|mCw{@8clqRo?
za;TuB73wS6#X2Aq?M9gOUkw`_g1pNs*4<IDopm2u8VxTd#wy*9FP6Mw5*%a3iv!Hk
zF4#{Yb*#v?QS-7ylDaqmaJE^FNKBKlQ2lYx!)}yMrE-Hi7KG$~$WUaya=h-b+*<Zd
z>H)qv<69SNG+J6A?;qsRrJM3oA)i~6@?jTDzg=|7K{6g{L}e1#WuHi%xyS@JpaBK1
z*y>k7L(u?j2XOz4a~IQg?fA#kDXc9$PU(h1&0N|b_;u8uH;)&MMefQpgHOe;7Zh?p
z&!JU=5O<*UUea#uu1xgJW+ue*l~F4ojy(U2DF?jiQONq<3-|iCn=n1mirvecF{Hrj
zqvT*?Jzgo;iLfl{tJaC8V4-UH8GBRWu3}rkV}k6%&~&O^Dq%36G6Nr^Kd_B&R}(|{
zrIcM-iE55JVOoEN2|E6|EP0nFSs!R{a!nHrR_%U@iOB5ug0u;xfHQ~9GE25LZ}@1m
zoshA$d&HjmRzq4Lny4hJL?1jcOP3~za%lSkcej!<zM=VA21_GO^lk6E$9AZX6PO8+
zmFI(K7?1M7NC};0bfTcJ+ub89GkpEtlf^-z3fFB5bh(^|dN7YA9qCn5r#vQ3>&Tw+
z69~h-cw+SkO1ux5J_?OWI<o+c_(;LA_9fQ+5^u2?;{T_YKEnKQi2DhV3ZoJ7d#*^2
ztaM{B@=2W>xon3j#z^f%S1hEg2hp%YjX0M=kE$Q3EabrGO-cwps<pZRWL;uyS`g<9
zC3)?{@Q^Av?gCo<`}E5WLg4){oIcDf$=d+}Jfja)@zaDw$Nza==Xt<IMdd~sq~Tw+
zugM|DfOrm?UPE_6Sm$lj`Eq4>N*O;hi)kcF&swW!$~Fu(k7Z(u@Q(MZd(Xp<?#|U|
zW_TE-4!Pa)ekq?q==SF8ebBh7@OVSs4cdUe0vndN5Ef`t)iq5CKSss>=!zt8XLpw_
zd9M2uW{0THoMPAhZ!2z4MsSptW;;G?qBop_KxVktJfq(?vPbwWXWv3HG|`@0kuMF1
v6Q=mr?;QRakjO~0XrCQ6b8zN8J2fpqG@{Uc*7SDUZ_|E_4{nep5sV_07F`um

diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix
index 55bc4b7..e1b92f2 100644
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@@ -11,8 +11,12 @@ in
     ../../hardware/hosts/sail.nix
     ../nixos/ssh.nix
 
-    (import ../nixos/synapse.nix (args // { inherit secret; }))
     ../nixos/git.nix
+
+    (import ../nixos/mastodon.nix (args // { inherit secret; }))
+
+    (import ../nixos/synapse.nix (args // { inherit secret; }))
+
     (import ../nixos/tailscale.nix (args // { inherit secret; }))
 
     ../nixos/arion.nix
diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix
new file mode 100644
index 0000000..60f5624
--- /dev/null
+++ b/system/nixos/mastodon.nix
@@ -0,0 +1,64 @@
+{ secret, ... }:
+
+{
+  services.mastodon = {
+    enable = true;
+
+    configureNginx = false;
+
+    localDomain = "kempkens.io";
+
+    streamingPort = 55000;
+    webPort = 55001;
+    sidekiqPort = 55002;
+    enableUnixSocket = false;
+
+    trustedProxy = "172.18.0.4";
+
+    vapidPublicKeyFile = "/var/lib/mastodon/secrets/vapid-public-key";
+    secretKeyBaseFile = "/var/lib/mastodon/secrets/secret-key-base";
+    otpSecretFile = "/var/lib/mastodon/secrets/otp-secret";
+    vapidPrivateKeyFile = "/var/lib/mastodon/secrets/vapid-private-key";
+
+    database = {
+      createLocally = false;
+      host = "10.99.99.3";
+      port = 5432;
+      name = "mastodon";
+      inherit (secret.mastodon.database) user;
+      inherit (secret.mastodon.database) passwordFile;
+    };
+
+    redis = {
+      createLocally = false;
+      host = "10.99.99.3";
+      port = 6379;
+    };
+
+    elasticsearch.host = null;
+
+    smtp = {
+      createLocally = false;
+      authenticate = true;
+      host = "smtp.mailgun.org";
+      port = 465;
+      fromAddress = "mastodon@mg.kempkens.io";
+      inherit (secret.mastodon.smtp) user;
+      inherit (secret.mastodon.smtp) passwordFile;
+    };
+
+    automaticMigrations = true;
+
+    mediaAutoRemove = {
+      enable = true;
+      startAt = "daily";
+      olderThanDays = 21;
+    };
+
+    extraConfig = {
+      WEB_DOMAIN = "mastodon.kempkens.io";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 55000 55001 55002 ];
+}
diff --git a/system/nixos/synapse.nix b/system/nixos/synapse.nix
index bfb2626..437952d 100644
--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@@ -82,6 +82,8 @@
         "2a01:4f8:c2c:989c::/64"
       ];
 
+      enable_registration = false;
+
       inherit (secret.synapse) registration_shared_secret;
       inherit (secret.synapse) macaroon_secret_key;
       inherit (secret.synapse) form_secret;