about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services')
-rw-r--r--modules/services/misskey/config/default.yml156
-rw-r--r--modules/services/misskey/default.nix89
2 files changed, 0 insertions, 245 deletions
diff --git a/modules/services/misskey/config/default.yml b/modules/services/misskey/config/default.yml
deleted file mode 100644
index cab83b8..0000000
--- a/modules/services/misskey/config/default.yml
+++ /dev/null
@@ -1,156 +0,0 @@
-#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Misskey configuration
-#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-#   ┌─────┐
-#───┘ URL └─────────────────────────────────────────────────────
-
-# Final accessible URL seen by a user.
-url: https://nand.moe
-
-# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
-# URL SETTINGS AFTER THAT!
-
-#   ┌───────────────────────┐
-#───┘ Port and TLS settings └───────────────────────────────────
-
-#
-# Misskey requires a reverse proxy to support HTTPS connections.
-#
-#                 +----- https://example.tld/ ------------+
-#   +------+      |+-------------+      +----------------+|
-#   | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
-#   +------+      |+-------------+      +----------------+|
-#                 +---------------------------------------+
-#
-#   You need to set up a reverse proxy. (e.g. nginx)
-#   An encrypted connection with HTTPS is highly recommended
-#   because tokens may be transferred in GET requests.
-
-# The port that your Misskey server should listen on.
-port: 3000
-
-#   ┌──────────────────────────┐
-#───┘ PostgreSQL configuration └────────────────────────────────
-
-db:
-  host: localhost
-  port: 5432
-
-  # Database name
-  db: misskey
-
-  # Auth
-  user: misskey
-  # pass: example-misskey-pass
-
-  # Whether disable Caching queries
-  #disableCache: true
-
-  # Extra Connection options
-  #extra:
-  #  ssl: true
-
-#   ┌─────────────────────┐
-#───┘ Redis configuration └─────────────────────────────────────
-
-redis:
-  host: localhost
-  port: 16434
-  family: 4  # 0=Both, 4=IPv4, 6=IPv6
-  #pass: example-pass
-  #prefix: example-prefix
-  #db: 1
-
-#   ┌─────────────────────────────┐
-#───┘ Elasticsearch configuration └─────────────────────────────
-
-#elasticsearch:
-#  host: localhost
-#  port: 9200
-#  ssl: false
-#  user: 
-#  pass: 
-
-#   ┌───────────────┐
-#───┘ ID generation └───────────────────────────────────────────
-
-# You can select the ID generation method.
-# You don't usually need to change this setting, but you can
-# change it according to your preferences.
-
-# Available methods:
-# aid ... Short, Millisecond accuracy
-# meid ... Similar to ObjectID, Millisecond accuracy
-# ulid ... Millisecond accuracy
-# objectid ... This is left for backward compatibility
-
-# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
-# ID SETTINGS AFTER THAT!
-
-id: 'aid'
-
-#   ┌─────────────────────┐
-#───┘ Other configuration └─────────────────────────────────────
-
-# Whether disable HSTS
-#disableHsts: true
-
-# Number of worker processes
-#clusterLimit: 1
-
-# Job concurrency per worker
-# deliverJobConcurrency: 128
-# inboxJobConcurrency: 16
-
-# Job rate limiter
-# deliverJobPerSec: 128
-# inboxJobPerSec: 16
-
-# Job attempts
-# deliverJobMaxAttempts: 12
-# inboxJobMaxAttempts: 8
-
-# IP address family used for outgoing request (ipv4, ipv6 or dual)
-#outgoingAddressFamily: ipv4
-
-# Proxy for HTTP/HTTPS
-#proxy: http://127.0.0.1:3128
-
-proxyBypassHosts:
-  - api.deepl.com
-  - api-free.deepl.com
-  - www.recaptcha.net
-  - hcaptcha.com
-  - challenges.cloudflare.com
-
-# Proxy for SMTP/SMTPS
-#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
-#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
-#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
-
-# Media Proxy
-# Reference Implementation: https://github.com/misskey-dev/media-proxy
-# * Deliver a common cache between instances
-# * Perform image compression (on a different server resource than the main process)
-#mediaProxy: https://example.com/proxy
-
-# Proxy remote files (default: false)
-# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains.
-#proxyRemoteFiles: true
-
-# Movie Thumbnail Generation URL
-# There is no reference implementation.
-# For example, Misskey will point to the following URL:
-#   https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4
-#videoThumbnailGenerator: https://example.com
-
-# Sign to ActivityPub GET request (default: true)
-signToActivityPubGet: true
-
-#allowedPrivateNetworks: [
-#  '127.0.0.1/32'
-#]
-
-# Upload or download file size limits (bytes)
-#maxFileSize: 262144000
diff --git a/modules/services/misskey/default.nix b/modules/services/misskey/default.nix
deleted file mode 100644
index f411736..0000000
--- a/modules/services/misskey/default.nix
+++ /dev/null
@@ -1,89 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  cfg = config.modules.services.misskey;
-
-  inherit (lib.my) wrapFile;
-in
-{
-  options.modules.services.misskey = {
-    enable = mkEnableOption "Misskey, an interplanetary microblogging platform [container]";
-    domain = mkOption { type = types.str; };
-    realHost = mkOption { type = types.str; };
-  };
-
-  config = mkIf cfg.enable {
-    # TODO: refactor
-
-    # Misskey sets uid/gid to 991 in container, user is created here to
-    # ensure that misskey files directory is accessible by the container user.
-    users = {
-      users.misskey = {
-        description = "Misskey user";
-        group = "misskey";
-        extraGroups = [ "podman" ];
-        isSystemUser = true;
-        uid = 991;
-      };
-      groups.misskey = { gid = 991; };
-    };
-
-    virtualisation.podman.extraPackages = [ pkgs.zfs ];
-
-    # Packaging misskey is too much of a hassle, so we're using containers for now.
-    virtualisation.oci-containers.containers.misskey = {
-      volumes = [
-        "/var/lib/misskey-files:/misskey/files"
-        # TODO: manage this with nix
-        "${wrapFile ".config" ./config}:/misskey/.config:ro"
-      ];
-      image = "misskey/misskey:13.10.3";
-      ports = [ "3000:3000" ];
-      extraOptions = [
-        "--network=host"
-      ];
-    };
-
-    environment.persistence."/persist".directories = [
-      "/var/lib/containers"
-      "/var/lib/misskey-files"
-      "/var/lib/redis-misskey"
-    ];
-
-    systemd.tmpfiles.rules = [
-      "d /var/lib/misskey-files 0755 misskey misskey -"
-    ];
-
-    services.postgresql.enable = true;
-    services.postgresql.ensureDatabases = [ "misskey" ];
-    services.postgresql.ensureUsers = [
-      {
-        name = "misskey";
-        ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
-      }
-    ];
-
-    services.redis.servers.misskey = {
-      enable = true;
-      bind = "127.0.0.1";
-      port = 16434;
-    };
-
-    services.nginx.virtualHosts.${cfg.realHost} = {
-      forceSSL = true;
-      useACMEHost = cfg.domain;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        proxyWebsockets = true;
-      };
-
-      extraConfig = ''
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
-      '';
-    };
-  };
-}