simple-nixos-fediverse/vm/pixelfed-vm.nix

38 lines
998 B
Nix
Raw Normal View History

{ pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/qemu-vm.nix")
];
fediversity = {
enable = true;
2024-09-17 17:31:58 +02:00
domain = "localhost";
pixelfed.enable = true;
};
networking.firewall.allowedTCPPorts = [ 80 ];
services.pixelfed = {
# TODO: secrets management!
secretFile = pkgs.writeText "secrets.env" ''
APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
'';
settings = {
OPEN_REGISTRATION = true;
FORCE_HTTPS_URLS = false;
};
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it.
nginx = {
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
};
};
virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [
{
from = "host";
host.port = 8000;
guest.port = 80;
}
];
}