Fediversity/README.md
2024-04-03 08:40:19 -04:00

4.1 KiB

Fediverse VMs

This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. This is in the same vein as nixos-mailserver.

Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small configuration to run in VMs.

Running the VMs

you can build a VM using

nixos-rebuild build-vm --flake .#<vm_name>

where <vm_name> is one of mastodon, peertube, pixelfed, or all

and then run it with

./result/bin/run-nixos-vm

You can then access the apps on your local machine (using the magic of port forwarding) at the following addresses

  • Mastodon: http://mastodon.localhost:55001

    • You will have to "accept the security risk"
    • It may take a minute for the webpage to come online. Until then you will see "502 Bad Gateway"
    • (NOTE: currently broken) email sent from the mastodon instance (e.g. for setting up an account) will be accessible at https://mastodon.localhost:55001/letter_opener
    • You can also create accounts on the machine itself by running mastodon-tootctl accounts create <name> --email <email> --confirmed --approve
  • PeerTube: http://peertube.localhost:9000

    • The root account can be accessed with username "root". The password can be obtained by running the following command on the VM:
      journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
      
    • Creating other accounts has to be enabled via the admin interface. Administration > Configuration > Basic > Enable Signup or just add an account directly from Administration > Create user. But functionality can also be tested from the root account.

debugging notes

  • it is sometimes useful to cat result/bin/run-nixos-vm to see what's really going on (e.g. which ports are getting forwarded)
  • relevant systemd services:
    • mastodon-web.service
    • peertube.service
    • unclear yet which pixelfed services are useful
  • you can ssh to the machine using ssh -p 2222 root@localhost

TODOs

  • set up a domain name and a DNS service so we can do deploy this to an actual machine
  • set up an email service
  • add logging
    • errors / logs
    • performance
  • switch to garage / s3 storage
  • decouple the postgres database from this machine
  • test with high use / throughput
  • configure scaling behaviour
  • remove the need for "accept security risk" dialogue if possible
  • development environment does not work seamlessly.
  • don't require proxy server
    • either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
  • get letter_opener working
  • share resources (e.g. s3 storage) between the services
  • get garage running on another machine
    • get garage replication running (multiple machines)
  • some way of declaratively defining users?
  • shared users between fediverse services
  • s3 cache server (SEE: https://docs.joinpeertube.org/maintain/remote-storage)
  • is "s3" the right term, given that it's not an open protocol?

questions

  • what is meant to be shared between instances?

    • this is relevant to the security model. If garage is being shared between instances, we have to be careful having configurations depend on each other.
  • we want to be able to migrate user's data. s3 migration is not supported by peertube. what do? (SEE: https://docs.joinpeertube.org/maintain/remote-storage)

resources