From NixOS Wiki

Mastodon is a decentralized social media platform that allows users to create accounts, post content, and interact with others. It is an alternative to centralized social media platforms like Twitter and Facebook.


The services.mastodon service can be used to setup a Mastodon instance in single user mode. It will setup all the necessary services (PostgreSQL, Redis, Nginx...) and setup a valid certificate to be used for the HTTPS connection:

  security.acme = {
    acceptTerms = true; = "<EMAIL TO USE FOR CORRESPONDENCE WITH Let's Encrypt>";
  services.mastodon = {
    enable = true;
    localDomain = ""; # Replace with your own domain
    configureNginx = true;
    smtp.fromAddress = ""; # Email address used by Mastodon to send emails, replace with your own
    streamingProcesses = 3; # Number of processes used. It is recommended to set to the number of CPU cores minus one
    extraConfig.SINGLE_USER_MODE = "true";
  networking.firewall.allowedTCPPorts = [ 80 443 ];

You can then create your account using the package mastodon: Ignore any warnings about the ruby version, it should work anyways

# sudo -u mastodon mastodon-tootctl accounts create USERNAME --email=YOUR_EMAIL --confirmed --role=Owner

and approve your new account

# sudo -u mastodon mastodon-tootctl accounts approve USERNAME

Then you're ready to head to the domain you set up and start tooting away!


Change password for user my_user

# sudo -u mastodon mastodon-tootctl accounts modify --reset-password my_user

Tips and tricks

Using Caddy as a server

Use the following template:

services = {
  caddy = {
    enable = true;
    virtualHosts = {
      # Don't forget to change the host!
      "<your-server-host>" = {
        extraConfig = ''
          handle_path /system/* {
              file_server * {
                  root /var/lib/mastodon/public-system

          handle /api/v1/streaming/* {
              reverse_proxy  unix//run/mastodon-streaming/streaming.socket

          route * {
              file_server * {
              root ${pkgs.mastodon}/public
              reverse_proxy * unix//run/mastodon-web/web.socket

          handle_errors {
              root * ${pkgs.mastodon}/public
              rewrite 500.html

          encode gzip

          header /* {
              Strict-Transport-Security "max-age=31536000;"
          header /emoji/* Cache-Control "public, max-age=31536000, immutable"
          header /packs/* Cache-Control "public, max-age=31536000, immutable"
          header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
          header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"

# Caddy requires file and socket access
users.users.caddy.extraGroups = [ "mastodon" ];

# Caddy systemd unit needs readwrite permissions to /run/mastodon-web = lib.mkForce [ "/var/lib/caddy" "/run/mastodon-web" ];

Automatic backups

Mastodon uses postgreSQL as database. Luckily, Nixpkgs offers a useful service, services.postgresqlBackup.enable.

Example settings, assuming you have the default database settings:

  services.postgresqlBackup = {
    enable = true;
    databases = [ "mastodon" ];


Hints for running in your local network for testing

If you get a Mastodon::HostValidationError when trying to federate with another ActivityPub instance in your local network you need to allow Mastodon to access local ip addresses in outgoing http (federation) requests. To do this set the following environment variable: ALLOWED_PRIVATE_ADDRESSES to a comma-separated list of allowed ip addresses with the format specified in This is also documented in the Mastodon admin guide[1].