2024-08-28 14:35:48 +02:00
{ pkgs , modulesPath , . . . }: {
2024-09-17 14:30:59 +02:00
imports = [
( modulesPath + " / v i r t u a l i s a t i o n / q e m u - v m . n i x " )
] ;
fediversity = {
enable = true ;
2024-09-17 17:31:58 +02:00
domain = " l o c a l h o s t " ;
2024-09-17 14:30:59 +02:00
pixelfed . enable = true ;
} ;
2024-08-28 14:35:48 +02:00
networking . firewall . allowedTCPPorts = [ 80 ] ;
services . pixelfed = {
# TODO: secrets management!
secretFile = pkgs . writeText " s e c r e t s . e n v " ''
APP_KEY = adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
'' ;
settings = {
OPEN_REGISTRATION = true ;
FORCE_HTTPS_URLS = false ;
} ;
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it.
2024-09-02 18:09:10 +02:00
nginx = {
2024-09-20 17:13:35 +02:00
# locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
2024-09-02 18:09:10 +02:00
} ;
2024-08-28 14:35:48 +02:00
} ;
virtualisation . memorySize = 2048 ;
virtualisation . forwardPorts = [
{
from = " h o s t " ;
host . port = 8000 ;
guest . port = 80 ;
}
] ;
}