forked from Fediversity/simple-nixos-fediverse
simple pixelfed & redo readme
This commit is contained in:
parent
8c40168532
commit
3e4ab1ecf6
65
README.md
65
README.md
|
@ -1,43 +1,45 @@
|
||||||
# How to start up a mastodon VM
|
# Fediverse VMs
|
||||||
|
|
||||||
|
This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. This is in the same vein as [nixos-mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver).
|
||||||
|
|
||||||
|
Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small configuration to run in VMs.
|
||||||
|
|
||||||
|
## Running the VMs
|
||||||
|
|
||||||
|
you can build a VM using
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
nixos-rebuild build-vm --flake .#mastodon
|
nixos-rebuild build-vm --flake .#<vm_name>
|
||||||
|
```
|
||||||
|
|
||||||
|
where `<vm_name>` is one of `mastodon`, `peertube`, `pixelfed`, or `all`
|
||||||
|
|
||||||
|
and then run it with
|
||||||
|
```bash
|
||||||
./result/bin/run-nixos-vm
|
./result/bin/run-nixos-vm
|
||||||
```
|
```
|
||||||
|
|
||||||
Now you can access mastodon at <https://mastodon.localhost:55001>
|
You can then access the apps on your local machine (using the magic of port forwarding) at the following addresses
|
||||||
|
|
||||||
- You will have to "accept the security risk".
|
- Mastodon: <https://mastodon.localhost:55001>
|
||||||
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
|
- You will have to "accept the security risk"
|
||||||
|
- It may take a minute for the webpage to come online. Until then you will see "502 Bad Gateway"
|
||||||
|
- (NOTE: currently broken) email sent from the mastodon instance (e.g. for setting up an account) will be accessible at <https://mastodon.localhost:55001/letter_opener>
|
||||||
|
|
||||||
Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
|
- PeerTube: <http://peertube.localhost:9000>
|
||||||
|
- The root account can be accessed with username "root". The password can be obtained by running the following command on the VM:
|
||||||
|
```bash
|
||||||
|
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
|
||||||
|
```
|
||||||
|
- Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
|
||||||
|
|
||||||
- email, when it works, will be accessible at <https://mastodon.localhost:55001/letter_opener>
|
## debugging notes
|
||||||
|
|
||||||
## peertube
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nixos-rebuild build-vm --flake .#peertube
|
|
||||||
./result/bin/run-nixos-vm
|
|
||||||
```
|
|
||||||
|
|
||||||
Now you can access peertube at <https://peertube.localhost:9000>
|
|
||||||
|
|
||||||
The root account can be logged in with username "root". The password can be obtained with the command
|
|
||||||
```bash
|
|
||||||
journalctl -u peertube | perl -ne '/password: (.*)/ && print $1'
|
|
||||||
```
|
|
||||||
|
|
||||||
or just
|
|
||||||
|
|
||||||
```bash
|
|
||||||
journalctl -u peertube | grep password
|
|
||||||
```
|
|
||||||
|
|
||||||
and look at the end of the line.
|
|
||||||
|
|
||||||
Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account.
|
|
||||||
|
|
||||||
|
- it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded)
|
||||||
|
- relevant systemd services:
|
||||||
|
- mastodon-web.service
|
||||||
|
- peertube.service
|
||||||
|
- unclear yet which pixelfed services are useful
|
||||||
|
|
||||||
# TODOs
|
# TODOs
|
||||||
|
|
||||||
|
@ -57,6 +59,7 @@ Creating other accounts has to be enabled via the admin interface. `Administrati
|
||||||
- [x] don't require proxy server
|
- [x] don't require proxy server
|
||||||
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
|
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
|
||||||
- [ ] get letter_opener working
|
- [ ] get letter_opener working
|
||||||
|
- [ ] share resources (e.g. s3 storage) between the services
|
||||||
|
|
||||||
# resources
|
# resources
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,13 @@
|
||||||
"-mon chardev=char0,mode=readline"
|
"-mon chardev=char0,mode=readline"
|
||||||
"-device virtconsole,chardev=char0,nr=0"
|
"-device virtconsole,chardev=char0,nr=0"
|
||||||
];
|
];
|
||||||
|
# forwardPorts = [
|
||||||
|
# {
|
||||||
|
# from = "host";
|
||||||
|
# host.port = 2222;
|
||||||
|
# guest.port = 22;
|
||||||
|
# }
|
||||||
|
# ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
10
flake.nix
10
flake.nix
|
@ -21,6 +21,16 @@
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [ ./common.nix ./peertube.nix ];
|
modules = [ ./common.nix ./peertube.nix ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
pixelfed = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
modules = [ ./common.nix ./pixelfed.nix ];
|
||||||
|
};
|
||||||
|
|
||||||
|
all = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
modules = [ ./common.nix ./mastodon.nix ./peertube.nix ./pixelfed.nix ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
devShells.${system}.default = pkgs.mkShell {
|
devShells.${system}.default = pkgs.mkShell {
|
||||||
|
|
10
mastodon.nix
10
mastodon.nix
|
@ -67,17 +67,13 @@
|
||||||
host.port = 44443;
|
host.port = 44443;
|
||||||
guest.port = 443;
|
guest.port = 443;
|
||||||
}
|
}
|
||||||
{
|
|
||||||
from = "host";
|
|
||||||
host.port = 2222;
|
|
||||||
guest.port = 22;
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
# mastodon development environment
|
# mastodon development environment
|
||||||
{
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 55001 ];
|
||||||
virtualisation.vmVariant = { config, ... }: {
|
virtualisation.vmVariant = { config, ... }: {
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
# needed so we can directly access mastodon at port 55001
|
# needed so we can directly access mastodon at port 55001
|
||||||
|
@ -85,7 +81,7 @@
|
||||||
enableUnixSocket = false;
|
enableUnixSocket = false;
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
RAILS_ENV = "development";
|
RAILS_ENV = "development";
|
||||||
# for letter_opener
|
# for letter_opener (still doesn't work though)
|
||||||
REMOTE_DEV = "true";
|
REMOTE_DEV = "true";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -123,7 +119,7 @@
|
||||||
# rails db:migrate
|
# rails db:migrate
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
virtualisation.forwardPorts = lib.mkForce [
|
virtualisation.forwardPorts = [
|
||||||
{
|
{
|
||||||
from = "host";
|
from = "host";
|
||||||
host.port = 55001;
|
host.port = 55001;
|
||||||
|
|
|
@ -13,11 +13,11 @@
|
||||||
instance.name = "PeerTube Test VM";
|
instance.name = "PeerTube Test VM";
|
||||||
};
|
};
|
||||||
# TODO: use agenix
|
# TODO: use agenix
|
||||||
secrets.secretsFile = pkgs.runCommand "secret-gen" {
|
secrets.secretsFile = pkgs.writeText "secret" ''
|
||||||
nativeBuildInputs = [ pkgs.openssl ];
|
574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24
|
||||||
} ''
|
|
||||||
openssl rand -hex 32 > $out
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to.
|
||||||
redis.createLocally = true;
|
redis.createLocally = true;
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
configureNginx = true;
|
configureNginx = true;
|
||||||
|
|
25
pixelfed.nix
Normal file
25
pixelfed.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
virtualisation.vmVariant = {
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
services.pixelfed = {
|
||||||
|
enable = true;
|
||||||
|
domain = "pixelfed.localhost";
|
||||||
|
secretFile = pkgs.writeText "secrets.env" ''
|
||||||
|
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
|
||||||
|
'';
|
||||||
|
settings = {
|
||||||
|
OPEN_REGISTRATION = true;
|
||||||
|
FORCE_HTTPS_URLS = false;
|
||||||
|
};
|
||||||
|
# TODO: I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options here
|
||||||
|
nginx = {};
|
||||||
|
};
|
||||||
|
virtualisation.forwardPorts = [
|
||||||
|
{
|
||||||
|
from = "host";
|
||||||
|
host.port = 8000;
|
||||||
|
guest.port = 80;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Reference in a new issue