{ pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; networking.firewall.allowedTCPPorts = [ 80 ]; services.pixelfed = { domain = "pixelfed.localhost"; # TODO: secrets management! secretFile = pkgs.writeText "secrets.env" '' APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA ''; settings = { OPEN_REGISTRATION = true; FORCE_HTTPS_URLS = false; }; # I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx # TODO: If that indeed makes sense, upstream it. nginx = { # locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/"; }; }; virtualisation.memorySize = 2048; virtualisation.forwardPorts = [ { from = "host"; host.port = 8000; guest.port = 80; } ]; }