heartles/egirls-nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
egirls-nixos/misskey-service.nix
jaina heartles 3296b3a7cf Revert "Add logrotate script" 
The latest version of misskey does not store logs in the database, so no
need to rotate them out. Win!
2024-02-27 19:39:19 -08:00

201 lines
5.3 KiB
Nix
Raw Blame History

{ pkgs, ... }:
let
nodejs = pkgs.unstable.nodejs_20;
nodePackages = (pkgs.nodePackages.override { nodejs = nodejs; });
in {
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureUsers = [
{ name = "jaina"; }
{
name = "misskey";
ensureDBOwnership = true;
}
{ name = "postgres"; }
];
ensureDatabases = [ "misskey" ];
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.redis.servers.misskey = {
port = 6379;
enable = true;
openFirewall = false;
requirePassFile = "/etc/nixos-secrets/redis-pass";
};
# services.meilisearch = {
# enable = true;
# maxIndexSize = "20Gb";
# environment = "production";
# masterKeyEnvironmentFile = "/etc/nixos-secrets/meili-key";
# };
security.acme = {
acceptTerms = true;
defaults.email = "admin+acme@heartles.xyz";
certs."egirls.gay" = {
domain = "egirls.gay";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
};
certs."STAR.egirls.gay" = {
domain = "*.egirls.gay";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = let
listen = [
{
port = 443;
addr = "0.0.0.0";
ssl = true;
}
{
port = 80;
addr = "0.0.0.0";
}
{
port = 443;
addr = "[::]";
ssl = true;
}
{
port = 80;
addr = "[::]";
}
];
in {
enable = true;
recommendedProxySettings = true;
upstreams."misskey".extraConfig = ''
server unix:/var/run/misskey/misskey.sock;
'';
virtualHosts."media.egirls.gay" = {
inherit listen;
forceSSL = true;
useACMEHost = "STAR.egirls.gay";
extraConfig = ''
client_max_body_size 1m;
'';
locations."/".extraConfig = ''
set $bucket rub-um5oh2ac4yi9c2mf.misskey.egirls.gay;
set $region us-east-1;
proxy_pass https://storage.us-east-1.linodeobjects.com;
proxy_set_header Host $bucket.us-east-1.linodeobjects.com;
proxy_http_version 1.1;
proxy_redirect off;
proxy_intercept_errors on;
error_page 400 401 403 404 406 409 410 /404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_cache off;
'';
locations."/404".extraConfig = ''
return 404 "not found";
'';
};
virtualHosts."egirls.gay" = {
inherit listen;
forceSSL = true;
useACMEHost = "egirls.gay";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
proxy_cache off;
'';
};
locations."/api/drive/files/create" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
# increase max size and don't buffer file uploads
client_max_body_size 2g;
proxy_request_buffering off;
proxy_cache off;
'';
};
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.server":"synapse.egirls.gay"}';
'';
locations."/.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.homeserver":{"base_url":"https://synapse.egirls.gay"}}';
'';
};
};
users.groups.misskey = { members = [ "jaina" ]; };
users.users.misskey = {
isSystemUser = true;
group = "misskey";
createHome = true;
};
# todo: figure out how to get misskey to build in nix instead of requiring a manual build process
#
# pnpm2nix does not work due to misskey using workspaces
environment.systemPackages =
[ nodejs nodePackages.pnpm pkgs.cypress pkgs.pkg-config pkgs.vips ];
environment.sessionVariables = {
CYPRESS_INSTALL_BINARY = "0";
CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress";
};
systemd.services.misskey = {
enable = true;
description = "Misskey daemon";
#path = [ nodejs nodePackages.pnpm pkgs.coreutils pkgs.cypress pkgs.pkg-config pkgs.vips ];
serviceConfig = {
Restart = "always";
StandardOutput = "syslog";
StandardError = "syslog";
Environment = [
"NODE_ENV=production"
# TODO Fix this
"PATH=/run/wrappers/bin:/var/empty/.nix-profile/bin:/nix/profile/bin:/var/empty/.local/state/nix/profile/bin:/etc/profiles/per-user/misskey/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
];
WorkingDirectory = "/srv/misskey";
User = "misskey";
ExecStart = "${nodePackages.pnpm}/bin/pnpm start";
RuntimeDirectory = "misskey";
};
wantedBy = [ "multi-user.target" ];
};
}
Reference in a new issue View git blame Copy permalink