summaryrefslogtreecommitdiff
path: root/flora/services
diff options
context:
space:
mode:
authorstuebinm2023-02-16 21:00:51 +0100
committerstuebinm2023-02-16 21:00:51 +0100
commita8ec7eca6cdfd1f9119897f4fe0bda261ae8dc72 (patch)
treec92337d5d91763dd56db794bd88b51dcba6c78c6 /flora/services
parent02c7dc192e9bc9a1246edc48ec23271ea07abd45 (diff)
more akkoma stuff
Diffstat (limited to 'flora/services')
-rw-r--r--flora/services/akkoma.nix (renamed from flora/services/pleroma.nix)70
1 files changed, 39 insertions, 31 deletions
diff --git a/flora/services/pleroma.nix b/flora/services/akkoma.nix
index dd75b43..244351f 100644
--- a/flora/services/pleroma.nix
+++ b/flora/services/akkoma.nix
@@ -3,6 +3,7 @@
let
unstable = import inputs.nixpkgs-unstable { inherit system; };
+ staticDir = "/var/lib/akkoma/static";
in
{
@@ -30,11 +31,6 @@ in
services.akkoma = {
enable = true;
- # this is barely necessary at this point — all that's
- # set in here is the default_signer for joken, and the
- # secret_key_base and signing_salt for phoenix.
- # secretConfigFile = "/var/lib/pleroma/secrets.exs";
-
package = unstable.akkoma;
frontends = {
primary = {
@@ -52,7 +48,7 @@ in
config = {
":pleroma"."Pleroma.Web.Endpoint" = {
"url" = { host = "pleroma.stuebinm.eu"; scheme = "https"; port = 443; };
- "http" = {ip = "0.0.0.0"; port = 4000; };
+ "http" = { ip = "::"; port = 4000; };
secret_key_base._secret = "/secret/secret_key_base";
signing_salt._secret = "/secret/signing_salt";
};
@@ -80,7 +76,7 @@ in
"Pleroma.Upload.Filter.Dedupe"
];
};
- "Pleroma.Uploaders.Local".uploads = "/var/lib/pleroma/uploads";
+ "Pleroma.Uploaders.Local".uploads = "/var/lib/akkoma/uploads";
"Pleroma.Repo" = {
adapter = "Ecto.Adapters.Postgres";
username = "pleroma";
@@ -93,14 +89,40 @@ in
};
":database".run_enabled = false;
":configurable_from_database" = false;
- # ":instance".static_dir = "/var/lib/pleroma/static";
-
+ ":instance".static_dir = "/var/lib/akkoma/static";
};
};
};
- # otherwise, the exiftool will fail to run
- systemd.services.akkoma.path = [ pkgs.exiftool ];
+ systemd.services.akkoma = {
+ path = [ pkgs.exiftool ];
+ bindsTo = [ "akkoma-static.service" ];
+ after = [ "akkoma-static.service" ];
+ };
+
+ # symlink the parts of the static dir that are inside the nix store,
+ # so I can still have imperatively defined emojis etc.
+ # (for some reason the module doesn't do that)
+ systemd.services.akkoma-static = {
+ description = "Akkoma static dir wrangling";
+ unitConfig.PropagatesReloadTo = [ "akkoma.service" ];
+ path = [ pkgs.coreutils ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ script = with pkgs.lib; ''
+ ${concatStringsSep "\n" (mapAttrsToList (key: val: ''
+ mkdir -p ${staticDir}/frontends/${escapeShellArg val.name}/
+ ln -sfT ${escapeShellArg val.package} ${staticDir}/frontends/${escapeShellArg val.name}/${escapeShellArg val.ref}
+ '') config.services.akkoma.frontends)}
+ ${optionalString (config.services.akkoma.extraStatic != null)
+ (concatStringsSep "\n" (mapAttrsToList (key: val: ''
+ mkdir -p "${staticDir}/$(dirname ${escapeShellArg key})"
+ ln -sfT ${escapeShellArg val} ${staticDir}/${escapeShellArg key}
+ '') config.services.akkoma.extraStatic))}
+ '';
+ };
services.postgresql = {
enable = true;
@@ -119,14 +141,8 @@ in
host pleroma akkoma ::1/128 trust
'';
- # pleroma wants to do some initial config on startup, which it
- # can't do by itself since those needs superuser access
- #
- # unfortunatly, this is executed /before/ the database is created,
- # i.e. we have to create user and database by hand, even though
- # they would otherwise created by ensureUsers / ensureDatabse.
- # Using those does still prevent us from accidentally deleting
- # them, though (but not from deleting the database's content!)
+ # this is basically legacy. even if I ever reset the database,
+ # the initDb option of the akkoma module probably does about this.
initialScript = pkgs.writeScript "postgres-pleroma-initial" ''
CREATE USER pleroma;
CREATE DATABASE pleroma OWNER pleroma;
@@ -138,16 +154,10 @@ in
'';
};
- networking.firewall.allowedTCPPorts = [ 4000 10022 ];
+ networking.firewall.allowedTCPPorts = [ 4000 ];
- services.coredns = {
- enable = true;
- config = ''
- .:53 {
- forward . 1.1.1.1
- }
- '';
- };
+ environment.etc."resolv.conf".text =
+ "nameserver 1.1.1.1";
};
};
@@ -158,16 +168,14 @@ in
enable = true;
internalInterfaces = [ "ve-pleroma" ];
externalInterface = "ens3";
-
};
- networking.firewall.allowedTCPPorts = [ 10022 ];
services.nginx.virtualHosts."pleroma.stuebinm.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
- proxyPass = "http://${config.containers.pleroma.localAddress}:4000";
+ proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
proxyWebsockets = true;
# these headers are in the example config in the NixOS manual.
# take some time to figure out what they all do, and if these