Get Pixelfed running on metal #24
|
@ -38,9 +38,28 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
||||||
services.pixelfed = {
|
services.pixelfed = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = config.fediversity.internal.pixelfed.domain;
|
domain = config.fediversity.internal.pixelfed.domain;
|
||||||
|
|
||||||
|
# TODO: secrets management!!!
|
||||||
|
secretFile = pkgs.writeText "secrets.env" ''
|
||||||
|
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
||||||
|
'';
|
||||||
|
|
||||||
|
## Taeer feels like this way of configuring Nginx is odd; there should
|
||||||
|
## instead be a `services.pixefed.nginx.enable` option and the actual Nginx
|
||||||
|
## configuration should be in `services.nginx`. See eg. `pretix`.
|
||||||
|
##
|
||||||
|
## TODO: If that indeed makes sense, upstream.
|
||||||
|
nginx = {
|
||||||
|
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.pixelfed.settings = {
|
services.pixelfed.settings = {
|
||||||
|
## NOTE: This depends on the targets, eg. universities might want control
|
||||||
|
## over who has an account. We probably want a universal
|
||||||
|
## `fediversity.openRegistration` option.
|
||||||
|
OPEN_REGISTRATION = true;
|
||||||
|
|
||||||
# DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
|
# DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
|
||||||
FILESYSTEM_CLOUD = "s3";
|
FILESYSTEM_CLOUD = "s3";
|
||||||
PF_ENABLE_CLOUD = true;
|
PF_ENABLE_CLOUD = true;
|
||||||
|
@ -62,4 +81,6 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
||||||
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
|
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
|
||||||
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
|
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
|
||||||
});
|
});
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,22 +11,12 @@
|
||||||
pixelfed.enable = true;
|
pixelfed.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
||||||
services.pixelfed = {
|
services.pixelfed = {
|
||||||
# TODO: secrets management!
|
|
||||||
secretFile = pkgs.writeText "secrets.env" ''
|
|
||||||
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
|
||||||
'';
|
|
||||||
settings = {
|
settings = {
|
||||||
OPEN_REGISTRATION = true;
|
|
||||||
FORCE_HTTPS_URLS = false;
|
FORCE_HTTPS_URLS = false;
|
||||||
};
|
};
|
||||||
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
|
|
||||||
# TODO: If that indeed makes sense, upstream it.
|
|
||||||
nginx = {
|
|
||||||
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.memorySize = 2048;
|
virtualisation.memorySize = 2048;
|
||||||
virtualisation.forwardPorts = [
|
virtualisation.forwardPorts = [
|
||||||
{
|
{
|
||||||
|
|
Reference in a new issue