account creation

This commit is contained in:
Taeer Bar-Yam 2024-03-06 04:40:22 -05:00
parent ecf89fc0d0
commit a4cb05d8a1
2 changed files with 101 additions and 1 deletions

View file

@ -10,6 +10,29 @@ Now you can access mastodon at <https://social.local.gd:44443>
- You will have to "accept the security risk". - You will have to "accept the security risk".
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway - It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
# Account creation / access
Mastodon throws a hissyfit when trying to create accounts / login if it's not being **accessed** on port 443. This is a problem with the way we've set up port forwarding.
My current (terrible) solution is to run
```
nixos-rebuild build-vm --flake .#mastodon
# start a proxy server to the server on port 1234 (you can pick your favourite port)
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error -D 1234 root@localhost -p 2222
# optional. create a new firefox profile so we don't have to undo the settings when we're done
mkdir /tmp/profile && firefox --profile /tmp/profile
```
Then configure Firefox by going to `about:config` and setting `network.proxy.allow_hijacking_localhost` to `true`, and in `about:preferences` set the proxy to manual `localhost` port `1234`, and enable `Proxy DNS` at the bottom.
Navigate to <https://social.local.gd>, and click "create account"
- email verification is WIP, but should be accessible at <https://social.local.gd/letter_opener>
# TODOs # TODOs
- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine - [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
@ -24,7 +47,12 @@ Now you can access mastodon at <https://social.local.gd:44443>
- [ ] configure scaling behaviour - [ ] configure scaling behaviour
- SEE: https://docs.joinmastodon.org/admin/scaling/ - SEE: https://docs.joinmastodon.org/admin/scaling/
- [ ] remove the need for "accept security risk" dialogue if possible - [ ] remove the need for "accept security risk" dialogue if possible
- [ ] development environment does not work seamlessly.
- [ ] don't require proxy server
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
- [ ] get letter_opener working
# resources # resources
- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/ - Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
- Setting up development environment: https://docs.joinmastodon.org/dev/setup/

View file

@ -26,7 +26,15 @@
# let us log in # let us log in
users.mutableUsers = false; users.mutableUsers = false;
users.users.root.password = " "; users.users.root.hashedPassword = "";
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
UsePAM = "no";
};
};
# access to convenient things # access to convenient things
environment.systemPackages = with pkgs; [ w3m python3 ]; environment.systemPackages = with pkgs; [ w3m python3 ];
@ -45,6 +53,24 @@
fromAddress = "mastodon@social.local.gd"; fromAddress = "mastodon@social.local.gd";
createLocally = false; createLocally = false;
}; };
extraConfig = {
EMAIL_DOMAIN_ALLOWLIST = "example.com";
RAILS_ENV = "development";
# for letter_opener
REMOTE_DEV = "true";
};
# database = {
# # createLocally = false;
# # host = "/run/postgresql";
# # port = null;
# name = "mastodon_development";
# user = "mastodon_development";
# };
# user = "mastodon_development";
# database.createLocally = false;
# from the documentation: recommended is the amount of your CPU cores minus one. # from the documentation: recommended is the amount of your CPU cores minus one.
# but it also must be a positive integer # but it also must be a positive integer
streamingProcesses = let streamingProcesses = let
@ -54,6 +80,41 @@
max 1 (ncores - 1); max 1 (ncores - 1);
}; };
# users.users.mastodon_development = {
# isSystemUser = true;
# home = config.services.mastodon.package;
# group = "mastodon";
# packages = [ config.services.mastodon.package pkgs.imagemagick ];
# };
services.postgresql = {
enable = true;
ensureUsers = [
{
name = config.services.mastodon.database.user;
ensureClauses.createdb = true;
# ensurePermissions."mastodon_development_test.*" = "ALL PRIVILEGES";
}
];
# ensureDatabases = [ "mastodon_development_test" ];
};
systemd.services.mastodon-init-db.script = lib.mkForce ''
if [ `psql -c \
"select count(*) from pg_class c \
join pg_namespace s on s.oid = c.relnamespace \
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
echo "Seeding database"
rails db:setup
# SAFETY_ASSURED=1 rails db:schema:load
rails db:seed
else
echo "Migrating database (this might be a noop)"
rails db:migrate
fi
'';
security.acme = { security.acme = {
defaults = { defaults = {
# invalid server; the systemd service will fail, and we won't get properly signed certificates # invalid server; the systemd service will fail, and we won't get properly signed certificates
@ -63,6 +124,12 @@
}; };
}; };
services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
# extraConfig = ''
# add_header Referrer-Policy "same-origin";
# '';
};
virtualisation.memorySize = 2048; virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [ virtualisation.forwardPorts = [
{ {
@ -70,6 +137,11 @@
host.port = 44443; host.port = 44443;
guest.port = 443; guest.port = 443;
} }
{
from = "host";
host.port = 2222;
guest.port = 22;
}
]; ];
}; };
} }