This repository has been archived on 2024-11-13. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
2024-05-28 16:08:57 +02:00
.envrc mastodon vm 2024-02-22 04:56:31 -05:00
.gitignore mastodon vm 2024-02-22 04:56:31 -05:00
common.nix review 2024-05-28 16:08:57 +02:00
flake.lock mastodon vm 2024-02-22 04:56:31 -05:00
flake.nix better documentation and readme 2024-05-24 19:02:12 -04:00
garage.nix review 2024-05-28 16:08:57 +02:00
mastodon.nix review 2024-05-28 16:08:57 +02:00
peertube.nix better documentation and readme 2024-05-24 19:02:12 -04:00
pixelfed.nix better documentation and readme 2024-05-24 19:02:12 -04:00
README.md review 2024-05-28 16:08:57 +02:00
thoughts review 2024-05-28 16:08:57 +02:00

Fediverse VMs

This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. The goal is something in the same vein as nixos-mailserver but for fediversity.

Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small set of configurations to run in VMs.

Running the VMs

you can build a VM using

nixos-rebuild build-vm --flake .#<vm_name>

where <vm_name> is one of mastodon, peertube, pixelfed, or all

and then run it with

./result/bin/run-nixos-vm

After the machine boots, you should be dropped into a root shell.

Note that state will be persisted in the nixos.cqow2 file. Delete that and restart the VM to reset the state.

With the VM running, you can then access the apps on your local machine's web browser (using the magic of port forwarding) at the following addresses

NOTE: it sometimes takes a while for the services to start up, and in the meantime you will get 502 Bad Gateway.

  • Mastodon: http://mastodon.localhost:55001

    • You can also create accounts on the machine itself by running mastodon-tootctl accounts create test --email test@test.com --confirmed --approve
  • PeerTube: http://peertube.localhost:9000

    • The root account can be accessed with username "root". The password can be obtained by running the following command on the VM:
      journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
      
    • Creating other accounts has to be enabled via the admin interface. Administration > Configuration > Basic > Enable Signup or just add an account directly from Administration > Create user. But functionality can also be tested from the root account.
  • Pixelfed: http://pixelfed.localhost:8000

    • Account creation via the web interface won't work until we figure out email
    • For now, they can be created on the VM command line
      pixelfed-manage user:create --name=test --username=test --email=test@test.com --password=testtest --confirm_email=1
      

debugging notes

  • it is sometimes useful to cat result/bin/run-nixos-vm to see what's really going on (e.g. which ports are getting forwarded)
  • relevant systemd services:
    • mastodon-web.service
    • peertube.service
  • the garage CLI command gives information about garage storage, but cannot be used to actually inspect the contents. use mc (minio) for that

questions

  • what is meant to be shared between instances?
    • this is relevant to the security model. If garage is being shared between instances, we have to be careful having configurations depend on each other.
    • they are to be shared, BUT the user will have no direct control over configuration.

resources

notes

When mastodon is running in production mode, we have a few problems:

  • you have to click "accept the security risk"
  • it takes a while for the webpage to come online. Until then you see "502 Bad Gateway"
    • reverse proxy should produce a user friendly page regardless
      • might be needed for upgrade downtime too?
    • don't send users over until it's up
  • email sent from the mastodon instance (e.g. for account confirmation) should be accessible at https://mastodon.localhost:55001/letter_opener, but it's not working.
    • maybe the admin account should be managed entirely by fediversity anyway?