The latest version of misskey does not store logs in the database, so no need to rotate them out. Win!
201 lines
5.3 KiB
201 lines
5.3 KiB
{ pkgs, ... }:
nodejs = pkgs.unstable.nodejs_20;
nodePackages = (pkgs.nodePackages.override { nodejs = nodejs; });
in {
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureUsers = [
{ name = "jaina"; }
name = "misskey";
ensureDBOwnership = true;
{ name = "postgres"; }
ensureDatabases = [ "misskey" ];
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
services.redis.servers.misskey = {
port = 6379;
enable = true;
openFirewall = false;
requirePassFile = "/etc/nixos-secrets/redis-pass";
# services.meilisearch = {
# enable = true;
# maxIndexSize = "20Gb";
# environment = "production";
# masterKeyEnvironmentFile = "/etc/nixos-secrets/meili-key";
# };
security.acme = {
acceptTerms = true;
| = "";
certs."" = {
domain = "";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
certs."" = {
domain = "*";
dnsProvider = "namecheap";
credentialsFile = "/etc/nixos-secrets/namecheap-acme";
group = "nginx";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = let
listen = [
port = 443;
addr = "";
ssl = true;
port = 80;
addr = "";
port = 443;
addr = "[::]";
ssl = true;
port = 80;
addr = "[::]";
in {
enable = true;
recommendedProxySettings = true;
upstreams."misskey".extraConfig = ''
server unix:/var/run/misskey/misskey.sock;
virtualHosts."" = {
inherit listen;
forceSSL = true;
useACMEHost = "";
extraConfig = ''
client_max_body_size 1m;
locations."/".extraConfig = ''
set $bucket;
set $region us-east-1;
proxy_set_header Host $;
proxy_http_version 1.1;
proxy_redirect off;
proxy_intercept_errors on;
error_page 400 401 403 404 406 409 410 /404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_cache off;
locations."/404".extraConfig = ''
return 404 "not found";
virtualHosts."" = {
inherit listen;
forceSSL = true;
useACMEHost = "";
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
proxy_cache off;
locations."/api/drive/files/create" = {
proxyWebsockets = true;
proxyPass = "http://misskey";
extraConfig = ''
# increase max size and don't buffer file uploads
client_max_body_size 2g;
proxy_request_buffering off;
proxy_cache off;
locations."/.well-known/matrix/server".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.server":""}';
locations."/.well-known/matrix/client".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*';
return 200 '{"m.homeserver":{"base_url":""}}';
users.groups.misskey = { members = [ "jaina" ]; };
users.users.misskey = {
isSystemUser = true;
group = "misskey";
createHome = true;
# todo: figure out how to get misskey to build in nix instead of requiring a manual build process
# pnpm2nix does not work due to misskey using workspaces
environment.systemPackages =
[ nodejs nodePackages.pnpm pkgs.cypress pkgs.pkg-config pkgs.vips ];
environment.sessionVariables = {
CYPRESS_RUN_BINARY = "${pkgs.cypress}/bin/Cypress";
| = {
enable = true;
description = "Misskey daemon";
#path = [ nodejs nodePackages.pnpm pkgs.coreutils pkgs.cypress pkgs.pkg-config pkgs.vips ];
serviceConfig = {
Restart = "always";
StandardOutput = "syslog";
StandardError = "syslog";
Environment = [
# TODO Fix this
WorkingDirectory = "/srv/misskey";
User = "misskey";
ExecStart = "${nodePackages.pnpm}/bin/pnpm start";
RuntimeDirectory = "misskey";
wantedBy = [ "" ];