# mastodon-rocky

Rocky Linux 10 VM running Mastodon (bare-metal systemd, no Docker). Hosted on Calypso (Synology DS723+).

**Hostname**: mastodon-rocky
**LAN IP**: 192.168.0.126 (DHCP)
**Tailscale IP**: 100.64.0.3
**SSH**: `ssh mastodon-rocky` (via Tailscale — see `~/.ssh/config`)
**SSH user**: root

---

## Hardware (Virtual Machine)

| Property | Value |
|----------|-------|
| **Hypervisor** | Synology Virtual Machine Manager (VMM) on Calypso |
| **Host** | Calypso — Synology DS723+ |
| **OS** | Rocky Linux 10.1 (Red Quartz) |
| **Kernel** | 6.12.0-124.27.1.el10_1.x86_64 |
| **Architecture** | x86_64 |
| **vCPU** | 4 cores (AMD Ryzen Embedded V1780B, host passthrough) |
| **RAM** | 8 GB |
| **Disk** | 100 GB (virtual disk), 61 GB root LVM (`/dev/mapper/rl-root`) |
| **Network** | `ens3`, bridged to Calypso LAN |

---

## Network Configuration

- **LAN IP**: `192.168.0.126/24` (DHCP)
- **Tailscale IP**: `100.64.0.3` (Headscale node 21)
- **Default gateway**: `192.168.0.1`

### Tailscale / Headscale

Joined to Headscale at `headscale.vish.gg:8443`. Accepts all subnet routes (`--accept-routes`).

**Known routing quirk**: Same as other `192.168.0.0/24` nodes — Calypso's subnet route advertisement via Headscale causes Tailscale to install `192.168.0.0/24` in table 52, breaking inbound LAN connectivity. Fixed with a persistent NetworkManager dispatcher hook:

```bash
# /etc/NetworkManager/dispatcher.d/99-lan-routing-fix
[ "$2" = "up" ] && ip rule add to 192.168.0.0/24 priority 5200 lookup main 2>/dev/null || true
```

**DNS gotcha**: When Tailscale is offline or mid-switch, it overwrites `/etc/resolv.conf` with `nameserver 100.100.100.100` (MagicDNS), which is unreachable — breaking DNS entirely. If you ever need to re-join Headscale:
```bash
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
tailscale up --login-server=https://headscale.vish.gg:8443 --authkey=<key> --accept-routes --hostname=mastodon-rocky --force-reauth
```

---

## Services

All services run as bare-metal systemd units (no Docker).

| Service | Description | Port |
|---------|-------------|------|
| `mastodon-web.service` | Mastodon web (Puma) | 3000 |
| `mastodon-streaming.service` | Mastodon streaming API | 4000 |
| `mastodon-sidekiq.service` | Mastodon background jobs | — |
| `nginx.service` | Reverse proxy | 80, 443 |
| `postgresql.service` | PostgreSQL database | 5432 |
| `valkey.service` | Valkey (Redis-compatible) cache | 6379 |

### Service Management
```bash
# Check all Mastodon services
systemctl status mastodon-web mastodon-streaming mastodon-sidekiq

# Restart Mastodon
systemctl restart mastodon-web mastodon-streaming mastodon-sidekiq

# View logs
journalctl -u mastodon-web -f
journalctl -u mastodon-sidekiq -f
```

---

## Web Console

Cockpit is available at `https://mastodon-rocky:9090` or `https://192.168.0.126:9090`.

---

*Last Updated*: 2026-03-10
*Host*: Calypso (Synology DS723+) via Synology VMM