simple pixelfed & redo readme

This commit is contained in:
Taeer Bar-Yam 2024-03-19 20:39:59 -04:00
parent 8c40168532
commit 3e4ab1ecf6
6 changed files with 83 additions and 42 deletions

View file

@ -1,43 +1,45 @@
# How to start up a mastodon VM
# Fediverse VMs
This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. This is in the same vein as [nixos-mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver).
Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small configuration to run in VMs.
## Running the VMs
you can build a VM using
```bash
nixos-rebuild build-vm --flake .#mastodon
nixos-rebuild build-vm --flake .#<vm_name>
```
where `<vm_name>` is one of `mastodon`, `peertube`, `pixelfed`, or `all`
and then run it with
```bash
./result/bin/run-nixos-vm
```
Now you can access mastodon at <https://mastodon.localhost:55001>
You can then access the apps on your local machine (using the magic of port forwarding) at the following addresses
- You will have to "accept the security risk".
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
- Mastodon: <https://mastodon.localhost:55001>
- You will have to "accept the security risk"
- It may take a minute for the webpage to come online. Until then you will see "502 Bad Gateway"
- (NOTE: currently broken) email sent from the mastodon instance (e.g. for setting up an account) will be accessible at <https://mastodon.localhost:55001/letter_opener>
Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
- PeerTube: <http://peertube.localhost:9000>
- The root account can be accessed with username "root". The password can be obtained by running the following command on the VM:
```bash
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
```
- Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
- email, when it works, will be accessible at <https://mastodon.localhost:55001/letter_opener>
## peertube
```bash
nixos-rebuild build-vm --flake .#peertube
./result/bin/run-nixos-vm
```
Now you can access peertube at <https://peertube.localhost:9000>
The root account can be logged in with username "root". The password can be obtained with the command
```bash
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
```
or just
```bash
journalctl -u peertube | grep password
```
and look at the end of the line.
Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
## debugging notes
- it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded)
- relevant systemd services:
- mastodon-web.service
- peertube.service
- unclear yet which pixelfed services are useful
# TODOs
@ -57,6 +59,7 @@ Creating other accounts has to be enabled via the admin interface. `Administrati
- [x] don't require proxy server
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
- [ ] get letter_opener working
- [ ] share resources (e.g. s3 storage) between the services
# resources

View file

@ -32,6 +32,13 @@
"-mon chardev=char0,mode=readline"
"-device virtconsole,chardev=char0,nr=0"
];
# forwardPorts = [
# {
# from = "host";
# host.port = 2222;
# guest.port = 22;
# }
# ];
};
};
}

View file

@ -21,6 +21,16 @@
inherit system;
modules = [ ./common.nix ./peertube.nix ];
};
pixelfed = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./common.nix ./pixelfed.nix ];
};
all = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./common.nix ./mastodon.nix ./peertube.nix ./pixelfed.nix ];
};
};
devShells.${system}.default = pkgs.mkShell {

View file

@ -67,17 +67,13 @@
host.port = 44443;
guest.port = 443;
}
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
# mastodon development environment
{
networking.firewall.allowedTCPPorts = [ 55001 ];
virtualisation.vmVariant = { config, ... }: {
services.mastodon = {
# needed so we can directly access mastodon at port 55001
@ -85,7 +81,7 @@
enableUnixSocket = false;
extraConfig = {
RAILS_ENV = "development";
# for letter_opener
# for letter_opener (still doesn't work though)
REMOTE_DEV = "true";
};
};
@ -123,7 +119,7 @@
# rails db:migrate
fi
'';
virtualisation.forwardPorts = lib.mkForce [
virtualisation.forwardPorts = [
{
from = "host";
host.port = 55001;

View file

@ -13,11 +13,11 @@
instance.name = "PeerTube Test VM";
};
# TODO: use agenix
secrets.secretsFile = pkgs.runCommand "secret-gen" {
nativeBuildInputs = [ pkgs.openssl ];
} ''
openssl rand -hex 32 > $out
secrets.secretsFile = pkgs.writeText "secret" ''
574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
'';
# TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to.
redis.createLocally = true;
database.createLocally = true;
configureNginx = true;

25
pixelfed.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }: {
virtualisation.vmVariant = {
networking.firewall.allowedTCPPorts = [ 80 ];
services.pixelfed = {
enable = true;
domain = "pixelfed.localhost";
secretFile = pkgs.writeText "secrets.env" ''
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
'';
settings = {
OPEN_REGISTRATION = true;
FORCE_HTTPS_URLS = false;
};
# TODO: I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options here
nginx = {};
};
virtualisation.forwardPorts = [
{
from = "host";
host.port = 8000;
guest.port = 80;
}
];
};
}