3 minute read

I’ve been meaning to test out Mastodon again for a while. It’s is best described as a federated version of the blue bird platform (Twitter), while not being Twitter. No ads, no algorithms.

Since Twitter is now owned by someone who’s hellbent on burning the platform down, it looked like the perfect time to set one up. Last time I tested it I went with one of the more established mastodon servers, but since they’re all being swamped with a twitter-exodus, I figured I’d spin my own.

Getting a VM

I’m running my instance on an Oracle Cloud Ampere A1 instance, in their always free tier. Will this truly be always free? I’m not sure, but at the moment it is. Good enough for now.

When setting up the VM, make sure you also configure IPv6 on it. This will allow IPv6 fediverse servers to connect to your instance, and you to connect to other IPv6 ones. Additionaly, configure the security group so that port 80 and 443 is open for both IPv4 (source CIDR 0.0.0.0/0) and IPv6 (source CIDR ::/0).

Configuring the host firewall

All Oracle Cloud VM’s come with an iptables firewall in place. To open op ports you need to modify the firewall rules on the guest. To do this edit /etc/iptables/rules.v4 and add

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

before the line

-A INPUT -j REJECT --reject-with icmp-host-prohibited

Likewise, edit /etc/iptables/rules.v6, which will probably contain no rules, and add

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --sport 547 --dport 546 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited

before the line

COMMIT

To reload the rules, execute iptables-restore < /etc/iptables/rules.v4 and ip6tables-restore < /etc/iptables/rules.v6.

Installing Mastodon

I followed the instructions on their main page: Running your own server. Please keep in mind that this does require some commitment to keeping it up-to-date, so if you don’t want that please look for a hosted instance.

Homedir permissions

Make sure your webserver (I used the excellent nginx) can actually read the mastodon homedir. If you follow the installation instructions linked above, execute chmod o+x /home/mastodon to fix that.

Serving a different domain

I configured Mastodon to run under a subdomain of my domain (fedi.kcore.org), but I wanted people to find me (and to toot from) my main domain, kcore.org. The instructions on GitHub are fairly straightforward:

Modify /home/mastodon/live/.env.production and add

LOCAL_DOMAIN="topdomain.org"
WEB_DOMAIN="subdomain.topdomain.org"

Next I needed to add a host-meta file to my Jekyll hosted website (which is actually on GitHub Pages). To do this I added the following file (which you can put anywhere):

---
layout: null
permalink: /.well-known/host-meta
---
<?xml version="1.0" encoding="UTF-8"?>
<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0">
  <Link rel="lrdd" template="https://subdomain.topdomain.org/.well-known/webfinger?resource={uri}"/>
</XRD>

It’s important you don’t use the .md extension, otherwise this file will be rendered using markdown!

This will tell mastodon where it can find your specific instance.

To enable search we need an elasticsearc instance for our instance. The manual comes with instructions on how to enable this.

Keep in mind that full text search is not a feature in mastodon - which is by design.

Adding translations

Since Mastodon 4.0(?) it’s possible to add a translation service for toots.

I did not find any public documentation, but going by Github PR #19218 I was able to configure DeepL.

Add this to your .env.production:

DEEPL_API_KEY=your-api-key-from-your-deepl-account
DEEPL_PLAN=free

and restart the mastodon processes. You now will see a Translate button which will send the toot to be translated to the language configured in the web interface ;)

Mastodon Translate

Comments

You May Also Enjoy

SSH’ing to Unifi equipment with Fedora 37

1 minute read

Connecting to Unifi equipment (Switch 8/AP AC Pro) from Fedora37 fails out of the box with a very useful error Bad server host key: Invalid key length. This is because the dropbear used on these devices is woefully out of date, and still requires the use of ssh-rsa (with SHA1), which has been deprecated by OpenSSH in 2021,

Now using less external services!

less than 1 minute read

So back in 2019 I moved the site from WordPress to Jekyll (using Minimal Mistakes), and from Gandi to AWS Serverless.

Lenovo Thinkpad T14s Gen3 (AMD)

3 minute read

10 years ago I bought a Dell XPS13 L322x ultrabook as a replacement for my white Macbook 2,1. This week I replaced the Dell with something newer: a Lenovo Thinkpad T14s Gen3 (AMD).