egirls-nixos/misskey-service.nix

120 lines
3 KiB
Nix

{ pkgs, ... }: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
};
services.redis.servers.misskey = {
port = 6379;
enable = true;
openFirewall = false;
requirePassFile = "/etc/nixos-secrets/redis-pass";
};
security.acme = {
acceptTerms = true;
defaults.email = "admin+acme@heartles.xyz";
certs."egirls.gay" = {
domain = "egirls.gay";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
upstreams."misskey".extraConfig = ''
server unix:/var/run/misskey.sock;
'';
virtualHosts."egirls.gay" = {
listen = [
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
{
port = 80;
addr = "0.0.0.0";
}
];
forceSSL = true;
useACMEHost = "egirls.gay";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
proxy_cache off;
'';
};
locations."/api/drive/files/create" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
# increase max size and don't buffer file uploads
client_max_body_size 2g;
proxy_request_buffering off;
proxy_cache off;
'';
};
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.server":"synapse.egirls.gay"}';
'';
locations."/.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.homeserver":{"base_url":"https://synapse.egirls.gay"}}';
'';
};
};
users.groups.misskey = { members = [ "jaina" ]; };
users.users.misskey = {
isSystemUser = true;
group = "misskey";
};
# todo: figure out how to get misskey to build in nix instead of requiring a manual build process
#
# pnpm2nix does not work due to misskey using workspaces
environment.systemPackages = let nodejs = pkgs.unstable.nodejs_20;
in with pkgs; [
(nodePackages.override { inherit nodejs; }).pnpm
nodejs
cypress
pkg-config
vips
];
environment.sessionVariables = {
CYPRESS_INSTALL_BINARY = "0";
CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress";
};
systemd.services.misskey = {
enable = true;
description = "Misskey daemon";
serviceConfig = {
Restart = "always";
StandardOutput = "syslog";
StandardError = "syslog";
Environment = "NODE_ENV=production";
WorkingDirectory = "/srv/misskey";
User = "misskey";
ExecStart = "pnpm migrateandrun";
};
wantedBy = [ "multi-user.target" ];
};
}