2024-11-11 17:25:42 +01:00
{
modulesPath ,
lib ,
config ,
. . .
} :
{
2024-08-28 14:35:48 +02:00
2024-10-01 10:02:01 +02:00
imports = [ ( modulesPath + " / v i r t u a l i s a t i o n / q e m u - v m . n i x " ) ] ;
2024-08-28 14:35:48 +02:00
config = lib . mkMerge [
{
2024-09-17 14:30:59 +02:00
fediversity = {
enable = true ;
2024-09-17 17:31:58 +02:00
domain = " l o c a l h o s t " ;
2024-09-17 14:30:59 +02:00
mastodon . enable = true ;
2024-11-11 16:16:27 +01:00
temp . cores = config . virtualisation . cores ;
2024-09-17 14:30:59 +02:00
} ;
2024-08-28 14:35:48 +02:00
services . mastodon = {
extraConfig = {
EMAIL_DOMAIN_ALLOWLIST = " e x a m p l e . c o m " ;
} ;
} ;
2024-10-30 19:37:06 +01:00
security . acme = lib . mkVMOverride {
2024-08-28 14:35:48 +02:00
defaults = {
# invalid server; the systemd service will fail, and we won't get
# properly signed certificates. but let's not spam the letsencrypt
# servers (and we don't own this domain anyways)
server = " h t t p s : / / 1 2 7 . 0 . 0 . 1 " ;
email = " n o n e " ;
} ;
} ;
virtualisation . memorySize = 2048 ;
virtualisation . forwardPorts = [
{
from = " h o s t " ;
host . port = 44443 ;
guest . port = 443 ;
}
] ;
}
#### run mastodon as development environment
{
networking . firewall . allowedTCPPorts = [ 55001 ] ;
services . mastodon = {
# needed so we can directly access mastodon at port 55001
# otherwise, mastodon has to be accessed *from* port 443, which we can't do via port forwarding
enableUnixSocket = false ;
extraConfig = {
RAILS_ENV = " d e v e l o p m e n t " ;
# to be accessible from outside the VM
BIND = " 0 . 0 . 0 . 0 " ;
# for letter_opener (still doesn't work though)
REMOTE_DEV = " t r u e " ;
2024-09-20 17:13:35 +02:00
LOCAL_DOMAIN = " ${ config . fediversity . internal . mastodon . domain } : 8 4 4 3 " ;
2024-08-28 14:35:48 +02:00
} ;
} ;
services . postgresql = {
enable = true ;
ensureUsers = [
{
name = config . services . mastodon . database . user ;
ensureClauses . createdb = true ;
# ensurePermissions doesn't work anymore
# ensurePermissions = {
# "mastodon_development.*" = "ALL PRIVILEGES";
# "mastodon_test.*" = "ALL PRIVILEGES";
# }
}
] ;
# ensureDatabases = [ "mastodon_development_test" "mastodon_test" ];
} ;
# Currently, nixos seems to be able to create a single database per
# postgres user. This works for the production version of mastodon, which
# is what's packaged in nixpkgs. For development, we need two databases,
# mastodon_development and mastodon_test. This used to be possible with
# ensurePermissions, but that's broken and has been removed. Here I copy
# the mastodon-init-db script from upstream nixpkgs, but add the single
# line `rails db:setup`, which asks mastodon to create the postgres
# databases for us.
# FIXME: the commented out lines were breaking things, but presumably they're necessary for something.
# TODO: see if we can fix the upstream ensurePermissions stuff. See commented out lines in services.postgresql above for what that config would look like.
systemd . services . mastodon-init-db . script = lib . mkForce ''
result = " $ ( p s q l - t - - c s v - c \
" s e l e c t c o u n t ( * ) f r o m p g _ c l a s s c \
join pg_namespace s on s . oid = c . relnamespace \
where s . nspname not in ( ' pg_catalog' , ' pg_toast' , ' information_schema' ) \
and s . nspname not like ' pg_temp % ' ; " ) " || error_code = $ ?
if [ " ' ' ${ error_code : -0 } " - ne 0 ] ; then
echo " F a i l u r e c h e c k i n g i f d a t a b a s e i s s e e d e d . p s q l g a v e e x i t c o d e $ e r r o r _ c o d e "
exit " $ e r r o r _ c o d e "
fi
if [ " $ r e s u l t " - eq 0 ] ; then
echo " S e e d i n g d a t a b a s e "
rails db:setup
# SAFETY_ASSURED=1 rails db:schema:load
rails db:seed
# else
# echo "Migrating database (this might be a noop)"
# rails db:migrate
fi
'' ;
virtualisation . forwardPorts = [
{
from = " h o s t " ;
host . port = 55001 ;
guest . port = 55001 ;
}
] ;
}
] ;
}