forked from Fediversity/simple-nixos-fediverse
66 lines
1.8 KiB
Nix
66 lines
1.8 KiB
Nix
let
|
|
snakeoil_key = {
|
|
id = "GKb5615457d44214411e673b7b";
|
|
secret = "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
|
|
};
|
|
in
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
|
|
services.garage = {
|
|
ensureBuckets = {
|
|
pixelfed = {
|
|
website = true;
|
|
# TODO: these are too broad, after getting everything works narrow it down to the domain we actually want
|
|
corsRules = {
|
|
enable = true;
|
|
allowedHeaders = [ "*" ];
|
|
allowedMethods = [ "GET" ];
|
|
allowedOrigins = [ "*" ];
|
|
};
|
|
};
|
|
};
|
|
ensureKeys = {
|
|
pixelfed = {
|
|
inherit (snakeoil_key) id secret;
|
|
ensureAccess = {
|
|
pixelfed = {
|
|
read = true;
|
|
write = true;
|
|
owner = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
services.pixelfed = {
|
|
enable = true;
|
|
domain = config.fediversity.pixelfed.domain;
|
|
};
|
|
|
|
services.pixelfed.settings = {
|
|
# DANGEROUSLY_SET_FILESYSTEM_DRIVER = "s3";
|
|
FILESYSTEM_CLOUD = "s3";
|
|
PF_ENABLE_CLOUD = true;
|
|
AWS_ACCESS_KEY_ID = snakeoil_key.id;
|
|
AWS_SECRET_ACCESS_KEY = snakeoil_key.secret;
|
|
AWS_DEFAULT_REGION = "garage";
|
|
AWS_URL = config.fediversity.garage.web.urlFor "pixelfed";
|
|
AWS_BUCKET = "pixelfed";
|
|
AWS_ENDPOINT = config.fediversity.garage.api.url;
|
|
AWS_USE_PATH_STYLE_ENDPOINT = false;
|
|
};
|
|
|
|
## Only ever run `pixelfed-data-setup` after `ensure-garage` has done its job.
|
|
## Otherwise, everything crashed dramatically.
|
|
systemd.services.pixelfed-data-setup = {
|
|
after = [ "ensure-garage.service" ];
|
|
};
|
|
|
|
services.pixelfed.package = pkgs.pixelfed.overrideAttrs (old: {
|
|
patches = (old.patches or [ ]) ++ [ ./pixelfed-group-permissions.patch ];
|
|
});
|
|
}
|