{ pkgs, ... }: { services.postgresql = { enable = true; package = pkgs.postgresql_15; }; security.acme = { acceptTerms = true; defaults.email = "admin+acme@heartles.xyz"; certs."egirls.gay" = { domain = "egirls.gay"; dnsProvider = "namecheap"; credentialsFile = "/etc/nixos-secrets/namecheap-acme"; group = "nginx"; }; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts."egirls.gay" = { listen = [ { port = 443; addr = "0.0.0.0"; ssl = true; } { port = 80; addr = "0.0.0.0"; } ]; forceSSL = true; useACMEHost = "egirls.gay"; locations."/" = { proxyWebsockets = true; proxyPass = "http://127.0.0.1:3000"; extraConfig = '' proxy_cache off; ''; }; locations."/api/drive/files/create" = { proxyWebsockets = true; proxyPass = "http://127.0.0.1:3000"; extraConfig = '' # increase max size and don't buffer file uploads client_max_body_size 2g; proxy_request_buffering off; proxy_cache off; ''; }; locations."/.well-known/matrix/server".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; return 200 '{"m.server":"synapse.egirls.gay"}'; ''; locations."/.well-known/matrix/client".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; return 200 '{"m.homeserver":{"base_url":"https://synapse.egirls.gay"}}'; ''; }; }; # todo: figure out how to get misskey to build in nix instead of requiring a manual build process # # pnpm2nix does not work due to misskey using workspaces environment.systemPackages = let nodejs = pkgs.unstable.nodejs_20; in with pkgs; [ (nodePackages.override { inherit nodejs; }).pnpm nodejs cypress pkg-config vips ]; environment.sessionVariables = { CYPRESS_INSTALL_BINARY = "0"; CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress"; }; }