Add misskey service

misskey-service.nix

@@ -4,6 +4,12 @@
     package = pkgs.postgresql_15;
   };
 
+  services.redis.servers.misskey = {
+    port = 6379;
+    enable = true;
+    openFirewall = false;
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "admin+acme@heartles.xyz";
@@ -19,6 +25,10 @@
     enable = true;
     recommendedProxySettings = true;
 
+    upstreams."misskey".extraConfig = ''
+      server unix:/var/run/misskey.sock;
+    '';
+
     virtualHosts."egirls.gay" = {
       listen = [
         {
@@ -36,7 +46,7 @@
       useACMEHost = "egirls.gay";
       locations."/" = {
         proxyWebsockets = true;
-        proxyPass = "http://127.0.0.1:3000";
+        proxyPass = "http://misskey";
         extraConfig = ''
           proxy_cache off;
         '';
@@ -44,7 +54,7 @@
 
       locations."/api/drive/files/create" = {
         proxyWebsockets = true;
-        proxyPass = "http://127.0.0.1:3000";
+        proxyPass = "http://misskey";
         extraConfig = ''
           # increase max size and don't buffer file uploads
           client_max_body_size 2g;
@@ -66,6 +76,12 @@
     };
   };
 
+  users.groups.misskey = { members = [ "jaina" ]; };
+  users.users.misskey = {
+    isSystemUser = true;
+    group = "misskey";
+  };
+
   # todo: figure out how to get misskey to build in nix instead of requiring a manual build process
   #
   # pnpm2nix does not work due to misskey using workspaces
@@ -81,4 +97,19 @@
     CYPRESS_INSTALL_BINARY = "0";
     CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress";
   };
+
+  systemd.services.misskey = {
+    enable = true;
+    description = "Misskey daemon";
+
+    serviceConfig = {
+      Restart = "always";
+      StandardOutput = "syslog";
+      StandardError = "syslog";
+      Environment = "NODE_ENV=production";
+      WorkingDirectory = "/srv/misskey";
+      User = "misskey";
+      ExecStart = "pnpm migrateandrun";
+    };
+  };
 }