diff --git a/README.md b/README.md index 35a396e5..5e9c8de0 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,29 @@ Now you can access mastodon at - You will have to "accept the security risk". - It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway +Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created. + +# Account creation / access + +Mastodon throws a hissyfit when trying to create accounts / login if it's not being **accessed** on port 443. This is a problem with the way we've set up port forwarding. + +My current (terrible) solution is to run +``` +nixos-rebuild build-vm --flake .#mastodon + +# start a proxy server to the server on port 1234 (you can pick your favourite port) +ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error -D 1234 root@localhost -p 2222 + +# optional. create a new firefox profile so we don't have to undo the settings when we're done +mkdir /tmp/profile && firefox --profile /tmp/profile +``` + +Then configure Firefox by going to `about:config` and setting `network.proxy.allow_hijacking_localhost` to `true`, and in `about:preferences` set the proxy to manual `localhost` port `1234`, and enable `Proxy DNS` at the bottom. + +Navigate to , and click "create account" + +- email verification is WIP, but should be accessible at + # TODOs - [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine @@ -24,7 +47,12 @@ Now you can access mastodon at - [ ] configure scaling behaviour - SEE: https://docs.joinmastodon.org/admin/scaling/ - [ ] remove the need for "accept security risk" dialogue if possible +- [ ] development environment does not work seamlessly. +- [ ] don't require proxy server + - either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation) +- [ ] get letter_opener working # resources - Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/ +- Setting up development environment: https://docs.joinmastodon.org/dev/setup/ diff --git a/configuration.nix b/configuration.nix index 4fb4d41f..9cdcede4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -26,7 +26,15 @@ # let us log in users.mutableUsers = false; - users.users.root.password = " "; + users.users.root.hashedPassword = ""; + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PermitEmptyPasswords = "yes"; + UsePAM = "no"; + }; + }; # access to convenient things environment.systemPackages = with pkgs; [ w3m python3 ]; @@ -45,6 +53,24 @@ fromAddress = "mastodon@social.local.gd"; createLocally = false; }; + + extraConfig = { + EMAIL_DOMAIN_ALLOWLIST = "example.com"; + RAILS_ENV = "development"; + # for letter_opener + REMOTE_DEV = "true"; + }; + # database = { + # # createLocally = false; + # # host = "/run/postgresql"; + # # port = null; + # name = "mastodon_development"; + # user = "mastodon_development"; + # }; + # user = "mastodon_development"; + + # database.createLocally = false; + # from the documentation: recommended is the amount of your CPU cores minus one. # but it also must be a positive integer streamingProcesses = let @@ -54,6 +80,41 @@ max 1 (ncores - 1); }; + # users.users.mastodon_development = { + # isSystemUser = true; + # home = config.services.mastodon.package; + # group = "mastodon"; + # packages = [ config.services.mastodon.package pkgs.imagemagick ]; + # }; + + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = config.services.mastodon.database.user; + ensureClauses.createdb = true; + # ensurePermissions."mastodon_development_test.*" = "ALL PRIVILEGES"; + } + ]; + # ensureDatabases = [ "mastodon_development_test" ]; + }; + + systemd.services.mastodon-init-db.script = lib.mkForce '' + if [ `psql -c \ + "select count(*) from pg_class c \ + join pg_namespace s on s.oid = c.relnamespace \ + where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ + and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then + echo "Seeding database" + rails db:setup + # SAFETY_ASSURED=1 rails db:schema:load + rails db:seed + else + echo "Migrating database (this might be a noop)" + rails db:migrate + fi + ''; + security.acme = { defaults = { # invalid server; the systemd service will fail, and we won't get properly signed certificates @@ -63,6 +124,12 @@ }; }; + services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { + # extraConfig = '' + # add_header Referrer-Policy "same-origin"; + # ''; + }; + virtualisation.memorySize = 2048; virtualisation.forwardPorts = [ { @@ -70,6 +137,11 @@ host.port = 44443; guest.port = 443; } + { + from = "host"; + host.port = 2222; + guest.port = 22; + } ]; }; }