diff options
Diffstat (limited to 'modules/services')
-rw-r--r-- | modules/services/misskey/config/default.yml | 156 | ||||
-rw-r--r-- | modules/services/misskey/default.nix | 89 |
2 files changed, 0 insertions, 245 deletions
diff --git a/modules/services/misskey/config/default.yml b/modules/services/misskey/config/default.yml deleted file mode 100644 index cab83b8..0000000 --- a/modules/services/misskey/config/default.yml +++ /dev/null @@ -1,156 +0,0 @@ -#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -# Misskey configuration -#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -# ┌─────┐ -#───┘ URL └───────────────────────────────────────────────────── - -# Final accessible URL seen by a user. -url: https://nand.moe - -# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE -# URL SETTINGS AFTER THAT! - -# ┌───────────────────────┐ -#───┘ Port and TLS settings └─────────────────────────────────── - -# -# Misskey requires a reverse proxy to support HTTPS connections. -# -# +----- https://example.tld/ ------------+ -# +------+ |+-------------+ +----------------+| -# | User | ---> || Proxy (443) | ---> | Misskey (3000) || -# +------+ |+-------------+ +----------------+| -# +---------------------------------------+ -# -# You need to set up a reverse proxy. (e.g. nginx) -# An encrypted connection with HTTPS is highly recommended -# because tokens may be transferred in GET requests. - -# The port that your Misskey server should listen on. -port: 3000 - -# ┌──────────────────────────┐ -#───┘ PostgreSQL configuration └──────────────────────────────── - -db: - host: localhost - port: 5432 - - # Database name - db: misskey - - # Auth - user: misskey - # pass: example-misskey-pass - - # Whether disable Caching queries - #disableCache: true - - # Extra Connection options - #extra: - # ssl: true - -# ┌─────────────────────┐ -#───┘ Redis configuration └───────────────────────────────────── - -redis: - host: localhost - port: 16434 - family: 4 # 0=Both, 4=IPv4, 6=IPv6 - #pass: example-pass - #prefix: example-prefix - #db: 1 - -# ┌─────────────────────────────┐ -#───┘ Elasticsearch configuration └───────────────────────────── - -#elasticsearch: -# host: localhost -# port: 9200 -# ssl: false -# user: -# pass: - -# ┌───────────────┐ -#───┘ ID generation └─────────────────────────────────────────── - -# You can select the ID generation method. -# You don't usually need to change this setting, but you can -# change it according to your preferences. - -# Available methods: -# aid ... Short, Millisecond accuracy -# meid ... Similar to ObjectID, Millisecond accuracy -# ulid ... Millisecond accuracy -# objectid ... This is left for backward compatibility - -# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE -# ID SETTINGS AFTER THAT! - -id: 'aid' - -# ┌─────────────────────┐ -#───┘ Other configuration └───────────────────────────────────── - -# Whether disable HSTS -#disableHsts: true - -# Number of worker processes -#clusterLimit: 1 - -# Job concurrency per worker -# deliverJobConcurrency: 128 -# inboxJobConcurrency: 16 - -# Job rate limiter -# deliverJobPerSec: 128 -# inboxJobPerSec: 16 - -# Job attempts -# deliverJobMaxAttempts: 12 -# inboxJobMaxAttempts: 8 - -# IP address family used for outgoing request (ipv4, ipv6 or dual) -#outgoingAddressFamily: ipv4 - -# Proxy for HTTP/HTTPS -#proxy: http://127.0.0.1:3128 - -proxyBypassHosts: - - api.deepl.com - - api-free.deepl.com - - www.recaptcha.net - - hcaptcha.com - - challenges.cloudflare.com - -# Proxy for SMTP/SMTPS -#proxySmtp: http://127.0.0.1:3128 # use HTTP/1.1 CONNECT -#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 -#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 - -# Media Proxy -# Reference Implementation: https://github.com/misskey-dev/media-proxy -# * Deliver a common cache between instances -# * Perform image compression (on a different server resource than the main process) -#mediaProxy: https://example.com/proxy - -# Proxy remote files (default: false) -# Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains. -#proxyRemoteFiles: true - -# Movie Thumbnail Generation URL -# There is no reference implementation. -# For example, Misskey will point to the following URL: -# https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4 -#videoThumbnailGenerator: https://example.com - -# Sign to ActivityPub GET request (default: true) -signToActivityPubGet: true - -#allowedPrivateNetworks: [ -# '127.0.0.1/32' -#] - -# Upload or download file size limits (bytes) -#maxFileSize: 262144000 diff --git a/modules/services/misskey/default.nix b/modules/services/misskey/default.nix deleted file mode 100644 index f411736..0000000 --- a/modules/services/misskey/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.modules.services.misskey; - - inherit (lib.my) wrapFile; -in -{ - options.modules.services.misskey = { - enable = mkEnableOption "Misskey, an interplanetary microblogging platform [container]"; - domain = mkOption { type = types.str; }; - realHost = mkOption { type = types.str; }; - }; - - config = mkIf cfg.enable { - # TODO: refactor - - # Misskey sets uid/gid to 991 in container, user is created here to - # ensure that misskey files directory is accessible by the container user. - users = { - users.misskey = { - description = "Misskey user"; - group = "misskey"; - extraGroups = [ "podman" ]; - isSystemUser = true; - uid = 991; - }; - groups.misskey = { gid = 991; }; - }; - - virtualisation.podman.extraPackages = [ pkgs.zfs ]; - - # Packaging misskey is too much of a hassle, so we're using containers for now. - virtualisation.oci-containers.containers.misskey = { - volumes = [ - "/var/lib/misskey-files:/misskey/files" - # TODO: manage this with nix - "${wrapFile ".config" ./config}:/misskey/.config:ro" - ]; - image = "misskey/misskey:13.10.3"; - ports = [ "3000:3000" ]; - extraOptions = [ - "--network=host" - ]; - }; - - environment.persistence."/persist".directories = [ - "/var/lib/containers" - "/var/lib/misskey-files" - "/var/lib/redis-misskey" - ]; - - systemd.tmpfiles.rules = [ - "d /var/lib/misskey-files 0755 misskey misskey -" - ]; - - services.postgresql.enable = true; - services.postgresql.ensureDatabases = [ "misskey" ]; - services.postgresql.ensureUsers = [ - { - name = "misskey"; - ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES"; - } - ]; - - services.redis.servers.misskey = { - enable = true; - bind = "127.0.0.1"; - port = 16434; - }; - - services.nginx.virtualHosts.${cfg.realHost} = { - forceSSL = true; - useACMEHost = cfg.domain; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - }; - - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - ''; - }; - }; -} |