2024-08-28 14:35:48 +02:00
{ pkgs , modulesPath , . . . }: {
imports = [ ( modulesPath + " / v i r t u a l i s a t i o n / q e m u - v m . n i x " ) ] ;
networking . firewall . allowedTCPPorts = [ 80 ] ;
services . pixelfed = {
domain = " p i x e l f e d . l o c a l h o s t " ;
# TODO: secrets management!
secretFile = pkgs . writeText " s e c r e t s . e n v " ''
APP_KEY = adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA
'' ;
settings = {
OPEN_REGISTRATION = true ;
FORCE_HTTPS_URLS = false ;
} ;
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it.
2024-09-02 18:09:10 +02:00
nginx = {
2024-09-04 18:30:55 +02:00
# locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/";
2024-09-02 18:09:10 +02:00
} ;
2024-08-28 14:35:48 +02:00
} ;
virtualisation . memorySize = 2048 ;
virtualisation . forwardPorts = [
{
from = " h o s t " ;
host . port = 8000 ;
guest . port = 80 ;
}
] ;
}
