forked from Fediversity/simple-nixos-fediverse
120 lines
4.1 KiB
Nix
120 lines
4.1 KiB
Nix
{ modulesPath, lib, config, ... }: {
|
|
|
|
imports = [
|
|
../fediversity
|
|
(modulesPath + "/virtualisation/qemu-vm.nix")
|
|
];
|
|
|
|
config = lib.mkMerge [
|
|
{
|
|
fediversity = {
|
|
enable = true;
|
|
domain = "localhost";
|
|
mastodon.enable = true;
|
|
};
|
|
|
|
services.mastodon = {
|
|
extraConfig = {
|
|
EMAIL_DOMAIN_ALLOWLIST = "example.com";
|
|
};
|
|
|
|
# from the documentation: recommended is the amount of your CPU cores
|
|
# minus one. but it also must be a positive integer
|
|
streamingProcesses = lib.max 1 (config.virtualisation.cores - 1);
|
|
};
|
|
|
|
security.acme = {
|
|
defaults = {
|
|
# invalid server; the systemd service will fail, and we won't get
|
|
# properly signed certificates. but let's not spam the letsencrypt
|
|
# servers (and we don't own this domain anyways)
|
|
server = "https://127.0.0.1";
|
|
email = "none";
|
|
};
|
|
};
|
|
|
|
virtualisation.memorySize = 2048;
|
|
virtualisation.forwardPorts = [
|
|
{
|
|
from = "host";
|
|
host.port = 44443;
|
|
guest.port = 443;
|
|
}
|
|
];
|
|
}
|
|
|
|
#### run mastodon as development environment
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [ 55001 ];
|
|
services.mastodon = {
|
|
# needed so we can directly access mastodon at port 55001
|
|
# otherwise, mastodon has to be accessed *from* port 443, which we can't do via port forwarding
|
|
enableUnixSocket = false;
|
|
extraConfig = {
|
|
RAILS_ENV = "development";
|
|
# to be accessible from outside the VM
|
|
BIND = "0.0.0.0";
|
|
# for letter_opener (still doesn't work though)
|
|
REMOTE_DEV = "true";
|
|
LOCAL_DOMAIN = "${config.fediversity.mastodon.domain}:8443";
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureUsers = [
|
|
{
|
|
name = config.services.mastodon.database.user;
|
|
ensureClauses.createdb = true;
|
|
# ensurePermissions doesn't work anymore
|
|
# ensurePermissions = {
|
|
# "mastodon_development.*" = "ALL PRIVILEGES";
|
|
# "mastodon_test.*" = "ALL PRIVILEGES";
|
|
# }
|
|
}
|
|
];
|
|
# ensureDatabases = [ "mastodon_development_test" "mastodon_test" ];
|
|
};
|
|
|
|
# Currently, nixos seems to be able to create a single database per
|
|
# postgres user. This works for the production version of mastodon, which
|
|
# is what's packaged in nixpkgs. For development, we need two databases,
|
|
# mastodon_development and mastodon_test. This used to be possible with
|
|
# ensurePermissions, but that's broken and has been removed. Here I copy
|
|
# the mastodon-init-db script from upstream nixpkgs, but add the single
|
|
# line `rails db:setup`, which asks mastodon to create the postgres
|
|
# databases for us.
|
|
# FIXME: the commented out lines were breaking things, but presumably they're necessary for something.
|
|
# TODO: see if we can fix the upstream ensurePermissions stuff. See commented out lines in services.postgresql above for what that config would look like.
|
|
systemd.services.mastodon-init-db.script = lib.mkForce ''
|
|
result="$(psql -t --csv -c \
|
|
"select count(*) from pg_class c \
|
|
join pg_namespace s on s.oid = c.relnamespace \
|
|
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
|
|
and s.nspname not like 'pg_temp%';")" || error_code=$?
|
|
if [ "''${error_code:-0}" -ne 0 ]; then
|
|
echo "Failure checking if database is seeded. psql gave exit code $error_code"
|
|
exit "$error_code"
|
|
fi
|
|
if [ "$result" -eq 0 ]; then
|
|
echo "Seeding database"
|
|
rails db:setup
|
|
# SAFETY_ASSURED=1 rails db:schema:load
|
|
rails db:seed
|
|
# else
|
|
# echo "Migrating database (this might be a noop)"
|
|
# rails db:migrate
|
|
fi
|
|
'';
|
|
virtualisation.forwardPorts = [
|
|
{
|
|
from = "host";
|
|
host.port = 55001;
|
|
guest.port = 55001;
|
|
}
|
|
];
|
|
}
|
|
];
|
|
}
|