{ pkgs, ... }: { services.postgresql = { enable = true; package = pkgs.postgresql_15; }; services.redis.servers.misskey = { port = 6379; enable = true; openFirewall = false; requirePassFile = "/etc/nixos-secrets/redis-pass"; }; security.acme = { acceptTerms = true; defaults.email = "admin+acme@heartles.xyz"; certs."egirls.gay" = { domain = "egirls.gay"; dnsProvider = "namecheap"; credentialsFile = "/etc/nixos-secrets/namecheap-acme"; group = "nginx"; }; }; services.nginx = { enable = true; recommendedProxySettings = true; upstreams."misskey".extraConfig = '' server unix:/var/run/misskey.sock; ''; virtualHosts."egirls.gay" = { listen = [ { port = 443; addr = "0.0.0.0"; ssl = true; } { port = 80; addr = "0.0.0.0"; } ]; forceSSL = true; useACMEHost = "egirls.gay"; locations."/" = { proxyWebsockets = true; proxyPass = "http://misskey"; extraConfig = '' proxy_cache off; ''; }; locations."/api/drive/files/create" = { proxyWebsockets = true; proxyPass = "http://misskey"; extraConfig = '' # increase max size and don't buffer file uploads client_max_body_size 2g; proxy_request_buffering off; proxy_cache off; ''; }; locations."/.well-known/matrix/server".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; return 200 '{"m.server":"synapse.egirls.gay"}'; ''; locations."/.well-known/matrix/client".extraConfig = '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; return 200 '{"m.homeserver":{"base_url":"https://synapse.egirls.gay"}}'; ''; }; }; users.groups.misskey = { members = [ "jaina" ]; }; users.users.misskey = { isSystemUser = true; group = "misskey"; }; # todo: figure out how to get misskey to build in nix instead of requiring a manual build process # # pnpm2nix does not work due to misskey using workspaces environment.systemPackages = let nodejs = pkgs.unstable.nodejs_20; in with pkgs; [ (nodePackages.override { inherit nodejs; }).pnpm nodejs cypress pkg-config vips ]; environment.sessionVariables = { CYPRESS_INSTALL_BINARY = "0"; CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress"; }; systemd.services.misskey = { enable = true; description = "Misskey daemon"; serviceConfig = { Restart = "always"; StandardOutput = "syslog"; StandardError = "syslog"; Environment = "NODE_ENV=production"; WorkingDirectory = "/srv/misskey"; User = "misskey"; ExecStart = "pnpm migrateandrun"; }; }; }