From a4cb05d8a10eb0bc1562f8c609ce706cbb4ca016 Mon Sep 17 00:00:00 2001
From: Taeer Bar-Yam <taeer.bar-yam@tweag.io>
Date: Wed, 6 Mar 2024 04:40:22 -0500
Subject: [PATCH] account creation
---
README.md | 28 ++++++++++++++++++
configuration.nix | 74 ++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 101 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 35a396e5..5e9c8de0 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,29 @@ Now you can access mastodon at <https://social.local.gd:44443>
- You will have to "accept the security risk".
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
+Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
+
+# Account creation / access
+
+Mastodon throws a hissyfit when trying to create accounts / login if it's not being **accessed** on port 443. This is a problem with the way we've set up port forwarding.
+
+My current (terrible) solution is to run
+```
+nixos-rebuild build-vm --flake .#mastodon
+
+# start a proxy server to the server on port 1234 (you can pick your favourite port)
+ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error -D 1234 root@localhost -p 2222
+
+# optional. create a new firefox profile so we don't have to undo the settings when we're done
+mkdir /tmp/profile && firefox --profile /tmp/profile
+```
+
+Then configure Firefox by going to `about:config` and setting `network.proxy.allow_hijacking_localhost` to `true`, and in `about:preferences` set the proxy to manual `localhost` port `1234`, and enable `Proxy DNS` at the bottom.
+
+Navigate to <https://social.local.gd>, and click "create account"
+
+- email verification is WIP, but should be accessible at <https://social.local.gd/letter_opener>
+
# TODOs
- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
@@ -24,7 +47,12 @@ Now you can access mastodon at <https://social.local.gd:44443>
- [ ] configure scaling behaviour
- SEE: https://docs.joinmastodon.org/admin/scaling/
- [ ] remove the need for "accept security risk" dialogue if possible
+- [ ] development environment does not work seamlessly.
+- [ ] don't require proxy server
+ - either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
+- [ ] get letter_opener working
# resources
- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
+- Setting up development environment: https://docs.joinmastodon.org/dev/setup/
diff --git a/configuration.nix b/configuration.nix
index 4fb4d41f..9cdcede4 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -26,7 +26,15 @@
# let us log in
users.mutableUsers = false;
- users.users.root.password = " ";
+ users.users.root.hashedPassword = "";
+ services.openssh = {
+ enable = true;
+ settings = {
+ PermitRootLogin = "yes";
+ PermitEmptyPasswords = "yes";
+ UsePAM = "no";
+ };
+ };
# access to convenient things
environment.systemPackages = with pkgs; [ w3m python3 ];
@@ -45,6 +53,24 @@
fromAddress = "mastodon@social.local.gd";
createLocally = false;
};
+
+ extraConfig = {
+ EMAIL_DOMAIN_ALLOWLIST = "example.com";
+ RAILS_ENV = "development";
+ # for letter_opener
+ REMOTE_DEV = "true";
+ };
+ # database = {
+ # # createLocally = false;
+ # # host = "/run/postgresql";
+ # # port = null;
+ # name = "mastodon_development";
+ # user = "mastodon_development";
+ # };
+ # user = "mastodon_development";
+
+ # database.createLocally = false;
+
# from the documentation: recommended is the amount of your CPU cores minus one.
# but it also must be a positive integer
streamingProcesses = let
@@ -54,6 +80,41 @@
max 1 (ncores - 1);
};
+ # users.users.mastodon_development = {
+ # isSystemUser = true;
+ # home = config.services.mastodon.package;
+ # group = "mastodon";
+ # packages = [ config.services.mastodon.package pkgs.imagemagick ];
+ # };
+
+ services.postgresql = {
+ enable = true;
+ ensureUsers = [
+ {
+ name = config.services.mastodon.database.user;
+ ensureClauses.createdb = true;
+ # ensurePermissions."mastodon_development_test.*" = "ALL PRIVILEGES";
+ }
+ ];
+ # ensureDatabases = [ "mastodon_development_test" ];
+ };
+
+ systemd.services.mastodon-init-db.script = lib.mkForce ''
+ if [ `psql -c \
+ "select count(*) from pg_class c \
+ join pg_namespace s on s.oid = c.relnamespace \
+ where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
+ and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
+ echo "Seeding database"
+ rails db:setup
+ # SAFETY_ASSURED=1 rails db:schema:load
+ rails db:seed
+ else
+ echo "Migrating database (this might be a noop)"
+ rails db:migrate
+ fi
+ '';
+
security.acme = {
defaults = {
# invalid server; the systemd service will fail, and we won't get properly signed certificates
@@ -63,6 +124,12 @@
};
};
+ services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
+ # extraConfig = ''
+ # add_header Referrer-Policy "same-origin";
+ # '';
+ };
+
virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [
{
@@ -70,6 +137,11 @@
host.port = 44443;
guest.port = 443;
}
+ {
+ from = "host";
+ host.port = 2222;
+ guest.port = 22;
+ }
];
};
}