Move stuff from pixelfed-vm to pixelfed
This commit is contained in:
parent
fa0a01f868
commit
c9665b927f
GPG key ID:
35DB9EC8886E1CB8
2 changed files with 22 additions and 11 deletions
|
|
@ -38,9 +38,28 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
|||
services.pixelfed = {
|
||||
enable = true;
|
||||
domain = config.fediversity.internal.pixelfed.domain;
|
||||
|
||||
# TODO: secrets management!!!
|
||||
secretFile = pkgs.writeText "secrets.env" ''
|
||||
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
||||
'';
|
||||
|
||||
## Taeer feels like this way of configuring Nginx is odd; there should
|
||||
## instead be a `services.pixefed.nginx.enable` option and the actual Nginx
|
||||
## configuration should be in `services.nginx`. See eg. `pretix`.
|
||||
##
|
||||
## TODO: If that indeed makes sense, upstream.
|
||||
nginx = {
|
||||
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
|
||||
};
|
||||
};
|
||||
|
||||
services.pixelfed.settings = {
|
||||
## NOTE: This depends on the targets, eg. universities might want control
|
||||
## over who has an account. We probably want a universal
|
||||
## `fediversity.openRegistration` option.
|
||||
OPEN_REGISTRATION = true;
|
||||
|
||||
# DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
|
||||
FILESYSTEM_CLOUD = "s3";
|
||||
PF_ENABLE_CLOUD = true;
|
||||
|
|
@ -62,4 +81,6 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
|||
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
|
||||
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
|
||||
});
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,22 +11,12 @@
|
|||
pixelfed.enable = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
services.pixelfed = {
|
||||
# TODO: secrets management!
|
||||
secretFile = pkgs.writeText "secrets.env" ''
|
||||
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
||||
'';
|
||||
settings = {
|
||||
OPEN_REGISTRATION = true;
|
||||
FORCE_HTTPS_URLS = false;
|
||||
};
|
||||
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
|
||||
# TODO: If that indeed makes sense, upstream it.
|
||||
nginx = {
|
||||
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation.memorySize = 2048;
|
||||
virtualisation.forwardPorts = [
|
||||
{
|
||||
|
|
|
|||
Reference in a new issue