forked from Fediversity/simple-nixos-fediverse
simple pixelfed & redo readme
This commit is contained in:
parent
8c40168532
commit
3e4ab1ecf6
65
README.md
65
README.md
|
@ -1,43 +1,45 @@
|
|||
# How to start up a mastodon VM
|
||||
# Fediverse VMs
|
||||
|
||||
This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. This is in the same vein as [nixos-mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver).
|
||||
|
||||
Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small configuration to run in VMs.
|
||||
|
||||
## Running the VMs
|
||||
|
||||
you can build a VM using
|
||||
|
||||
```bash
|
||||
nixos-rebuild build-vm --flake .#mastodon
|
||||
nixos-rebuild build-vm --flake .#<vm_name>
|
||||
```
|
||||
|
||||
where `<vm_name>` is one of `mastodon`, `peertube`, `pixelfed`, or `all`
|
||||
|
||||
and then run it with
|
||||
```bash
|
||||
./result/bin/run-nixos-vm
|
||||
```
|
||||
|
||||
Now you can access mastodon at <https://mastodon.localhost:55001>
|
||||
You can then access the apps on your local machine (using the magic of port forwarding) at the following addresses
|
||||
|
||||
- You will have to "accept the security risk".
|
||||
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
|
||||
- Mastodon: <https://mastodon.localhost:55001>
|
||||
- You will have to "accept the security risk"
|
||||
- It may take a minute for the webpage to come online. Until then you will see "502 Bad Gateway"
|
||||
- (NOTE: currently broken) email sent from the mastodon instance (e.g. for setting up an account) will be accessible at <https://mastodon.localhost:55001/letter_opener>
|
||||
|
||||
Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
|
||||
- PeerTube: <http://peertube.localhost:9000>
|
||||
- The root account can be accessed with username "root". The password can be obtained by running the following command on the VM:
|
||||
```bash
|
||||
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
|
||||
```
|
||||
- Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
|
||||
|
||||
- email, when it works, will be accessible at <https://mastodon.localhost:55001/letter_opener>
|
||||
|
||||
## peertube
|
||||
|
||||
```bash
|
||||
nixos-rebuild build-vm --flake .#peertube
|
||||
./result/bin/run-nixos-vm
|
||||
```
|
||||
|
||||
Now you can access peertube at <https://peertube.localhost:9000>
|
||||
|
||||
The root account can be logged in with username "root". The password can be obtained with the command
|
||||
```bash
|
||||
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
|
||||
```
|
||||
|
||||
or just
|
||||
|
||||
```bash
|
||||
journalctl -u peertube | grep password
|
||||
```
|
||||
|
||||
and look at the end of the line.
|
||||
|
||||
Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
|
||||
## debugging notes
|
||||
|
||||
- it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded)
|
||||
- relevant systemd services:
|
||||
- mastodon-web.service
|
||||
- peertube.service
|
||||
- unclear yet which pixelfed services are useful
|
||||
|
||||
# TODOs
|
||||
|
||||
|
@ -57,6 +59,7 @@ Creating other accounts has to be enabled via the admin interface. `Administrati
|
|||
- [x] don't require proxy server
|
||||
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
|
||||
- [ ] get letter_opener working
|
||||
- [ ] share resources (e.g. s3 storage) between the services
|
||||
|
||||
# resources
|
||||
|
||||
|
|
|
@ -32,6 +32,13 @@
|
|||
"-mon chardev=char0,mode=readline"
|
||||
"-device virtconsole,chardev=char0,nr=0"
|
||||
];
|
||||
# forwardPorts = [
|
||||
# {
|
||||
# from = "host";
|
||||
# host.port = 2222;
|
||||
# guest.port = 22;
|
||||
# }
|
||||
# ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
10
flake.nix
10
flake.nix
|
@ -21,6 +21,16 @@
|
|||
inherit system;
|
||||
modules = [ ./common.nix ./peertube.nix ];
|
||||
};
|
||||
|
||||
pixelfed = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [ ./common.nix ./pixelfed.nix ];
|
||||
};
|
||||
|
||||
all = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [ ./common.nix ./mastodon.nix ./peertube.nix ./pixelfed.nix ];
|
||||
};
|
||||
};
|
||||
|
||||
devShells.${system}.default = pkgs.mkShell {
|
||||
|
|
10
mastodon.nix
10
mastodon.nix
|
@ -67,17 +67,13 @@
|
|||
host.port = 44443;
|
||||
guest.port = 443;
|
||||
}
|
||||
{
|
||||
from = "host";
|
||||
host.port = 2222;
|
||||
guest.port = 22;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
# mastodon development environment
|
||||
{
|
||||
networking.firewall.allowedTCPPorts = [ 55001 ];
|
||||
virtualisation.vmVariant = { config, ... }: {
|
||||
services.mastodon = {
|
||||
# needed so we can directly access mastodon at port 55001
|
||||
|
@ -85,7 +81,7 @@
|
|||
enableUnixSocket = false;
|
||||
extraConfig = {
|
||||
RAILS_ENV = "development";
|
||||
# for letter_opener
|
||||
# for letter_opener (still doesn't work though)
|
||||
REMOTE_DEV = "true";
|
||||
};
|
||||
};
|
||||
|
@ -123,7 +119,7 @@
|
|||
# rails db:migrate
|
||||
fi
|
||||
'';
|
||||
virtualisation.forwardPorts = lib.mkForce [
|
||||
virtualisation.forwardPorts = [
|
||||
{
|
||||
from = "host";
|
||||
host.port = 55001;
|
||||
|
|
|
@ -13,11 +13,11 @@
|
|||
instance.name = "PeerTube Test VM";
|
||||
};
|
||||
# TODO: use agenix
|
||||
secrets.secretsFile = pkgs.runCommand "secret-gen" {
|
||||
nativeBuildInputs = [ pkgs.openssl ];
|
||||
} ''
|
||||
openssl rand -hex 32 > $out
|
||||
secrets.secretsFile = pkgs.writeText "secret" ''
|
||||
574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
|
||||
'';
|
||||
|
||||
# TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to.
|
||||
redis.createLocally = true;
|
||||
database.createLocally = true;
|
||||
configureNginx = true;
|
||||
|
|
25
pixelfed.nix
Normal file
25
pixelfed.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
virtualisation.vmVariant = {
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
services.pixelfed = {
|
||||
enable = true;
|
||||
domain = "pixelfed.localhost";
|
||||
secretFile = pkgs.writeText "secrets.env" ''
|
||||
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
||||
'';
|
||||
settings = {
|
||||
OPEN_REGISTRATION = true;
|
||||
FORCE_HTTPS_URLS = false;
|
||||
};
|
||||
# TODO: I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options here
|
||||
nginx = {};
|
||||
};
|
||||
virtualisation.forwardPorts = [
|
||||
{
|
||||
from = "host";
|
||||
host.port = 8000;
|
||||
guest.port = 80;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
Reference in a new issue