2024-05-25 01:02:12 +02:00
|
|
|
let
|
|
|
|
snakeoil_key = {
|
|
|
|
id = "GKb5615457d44214411e673b7b";
|
|
|
|
secret = "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
|
|
|
|
};
|
|
|
|
in
|
2024-03-20 01:39:59 +01:00
|
|
|
{ config, lib, pkgs, ... }: {
|
2024-05-25 01:02:12 +02:00
|
|
|
|
|
|
|
services.garage = {
|
|
|
|
ensureBuckets = {
|
|
|
|
pixelfed = {
|
|
|
|
website = true;
|
|
|
|
# TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
|
|
|
|
corsRules = {
|
|
|
|
enable = true;
|
|
|
|
allowedHeaders = [ "*" ];
|
|
|
|
allowedMethods = [ "GET" ];
|
|
|
|
allowedOrigins = [ "*" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
ensureKeys = {
|
|
|
|
pixelfed = {
|
|
|
|
inherit (snakeoil_key) id secret;
|
|
|
|
ensureAccess = {
|
|
|
|
pixelfed = {
|
|
|
|
read = true;
|
|
|
|
write = true;
|
|
|
|
owner = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
|
|
|
|
services.pixelfed.settings = {
|
|
|
|
FILESYSTEM_CLOUD = "s3";
|
|
|
|
PF_ENABLE_CLOUD = true;
|
|
|
|
AWS_ACCESS_KEY_ID = snakeoil_key.id;
|
|
|
|
AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
|
|
|
|
AWS_DEFAULT_REGION = "garage";
|
|
|
|
AWS_URL = "http://pixelfed.s3.garage.localhost:3900";
|
|
|
|
AWS_BUCKET = "pixelfed";
|
|
|
|
AWS_ENDPOINT = "http://s3.garage.localhost:3900";
|
|
|
|
AWS_USE_PATH_STYLE_ENDPOINT = false;
|
|
|
|
};
|
|
|
|
|
2024-03-20 01:39:59 +01:00
|
|
|
virtualisation.vmVariant = {
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
services.pixelfed = {
|
|
|
|
enable = true;
|
|
|
|
domain = "pixelfed.localhost";
|
2024-05-25 01:02:12 +02:00
|
|
|
# TODO: secrets management!
|
2024-03-20 01:39:59 +01:00
|
|
|
secretFile = pkgs.writeText "secrets.env" ''
|
|
|
|
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
|
|
|
'';
|
|
|
|
settings = {
|
|
|
|
OPEN_REGISTRATION = true;
|
|
|
|
FORCE_HTTPS_URLS = false;
|
|
|
|
};
|
2024-05-25 01:02:12 +02:00
|
|
|
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options here
|
|
|
|
# TODO: If that indeed makes sense, upstream it.
|
2024-03-20 01:39:59 +01:00
|
|
|
nginx = {};
|
|
|
|
};
|
2024-05-25 01:02:12 +02:00
|
|
|
virtualisation.memorySize = 2048;
|
2024-03-20 01:39:59 +01:00
|
|
|
virtualisation.forwardPorts = [
|
|
|
|
{
|
|
|
|
from = "host";
|
|
|
|
host.port = 8000;
|
|
|
|
guest.port = 80;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
}
|