From 230810bf6ff24471a3d89ff6531b2707a313950f Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Wed, 6 Mar 2024 04:48:01 -0500 Subject: [PATCH] refactor & cleanup --- configuration.nix | 276 +++++++++++++++++++++++----------------------- 1 file changed, 137 insertions(+), 139 deletions(-) diff --git a/configuration.nix b/configuration.nix index 9cdcede..85ca54d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,148 +1,146 @@ -{ config, lib, pkgs, ... }: { - - # open up access to the mastodon web interface - networking.firewall.allowedTCPPorts = [ 443 ]; - - services.mastodon = { - enable = true; - - # TODO: set up a domain name, and a DNS service so that this can run not in a vm - # localDomain = "domain.social"; - configureNginx = true; - - # TODO: configure a mailserver so this works - # smtp.fromAddress = "mastodon@social.local.gd"; - - # TODO: this is hardware-dependent. let's figure it out when we have hardware - # streamingProcesses = 1; - }; - - security.acme = { - acceptTerms = true; - preliminarySelfsigned = true; - # TODO: configure a mailserver so we can set up acme - # defaults.email = "test@example.com"; - }; - - # let us log in - users.mutableUsers = false; - users.users.root.hashedPassword = ""; - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - PermitEmptyPasswords = "yes"; - UsePAM = "no"; - }; - }; - - # access to convenient things - environment.systemPackages = with pkgs; [ w3m python3 ]; - nix.extraOptions = '' - extra-experimental-features = nix-command flakes - ''; - - # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm) - virtualisation.vmVariant = { config, ... }: { - services.mastodon = { - # redirects to localhost, but allows it to have a proper domain name - # SEE: local.gd - localDomain = "social.local.gd"; - - smtp = { - fromAddress = "mastodon@social.local.gd"; - createLocally = false; - }; - - extraConfig = { - EMAIL_DOMAIN_ALLOWLIST = "example.com"; - RAILS_ENV = "development"; - # for letter_opener - REMOTE_DEV = "true"; - }; - # database = { - # # createLocally = false; - # # host = "/run/postgresql"; - # # port = null; - # name = "mastodon_development"; - # user = "mastodon_development"; - # }; - # user = "mastodon_development"; - - # database.createLocally = false; - - # from the documentation: recommended is the amount of your CPU cores minus one. - # but it also must be a positive integer - streamingProcesses = let - ncores = config.virtualisation.cores; - max = x: y: if x > y then x else y; - in - max 1 (ncores - 1); - }; - - # users.users.mastodon_development = { - # isSystemUser = true; - # home = config.services.mastodon.package; - # group = "mastodon"; - # packages = [ config.services.mastodon.package pkgs.imagemagick ]; - # }; - - services.postgresql = { +{ config, lib, pkgs, ... }: lib.mkMerge [ + # not mastodon related + { + # let us log in + users.mutableUsers = false; + users.users.root.hashedPassword = ""; + services.openssh = { enable = true; - ensureUsers = [ - { - name = config.services.mastodon.database.user; - ensureClauses.createdb = true; - # ensurePermissions."mastodon_development_test.*" = "ALL PRIVILEGES"; - } - ]; - # ensureDatabases = [ "mastodon_development_test" ]; + settings = { + PermitRootLogin = "yes"; + PermitEmptyPasswords = "yes"; + UsePAM = "no"; + }; }; - systemd.services.mastodon-init-db.script = lib.mkForce '' - if [ `psql -c \ - "select count(*) from pg_class c \ - join pg_namespace s on s.oid = c.relnamespace \ - where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ - and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then - echo "Seeding database" - rails db:setup - # SAFETY_ASSURED=1 rails db:schema:load - rails db:seed - else - echo "Migrating database (this might be a noop)" - rails db:migrate - fi + # access to convenient things + environment.systemPackages = with pkgs; [ w3m python3 ]; + nix.extraOptions = '' + extra-experimental-features = nix-command flakes ''; + } + + # mastodon setup + { + # open up access to the mastodon web interface + networking.firewall.allowedTCPPorts = [ 443 ]; + + services.mastodon = { + enable = true; + + # TODO: set up a domain name, and a DNS service so that this can run not in a vm + # localDomain = "domain.social"; + configureNginx = true; + + # TODO: configure a mailserver so this works + # smtp.fromAddress = "mastodon@mastodon.localhost"; + + # TODO: this is hardware-dependent. let's figure it out when we have hardware + # streamingProcesses = 1; + }; security.acme = { - defaults = { - # invalid server; the systemd service will fail, and we won't get properly signed certificates - # but let's not spam the letsencrypt servers (and we don't own this domain anyways) - server = "https://127.0.0.1"; - email = "none"; + acceptTerms = true; + preliminarySelfsigned = true; + # TODO: configure a mailserver so we can set up acme + # defaults.email = "test@example.com"; + }; + } + + # VM setup + { + # these configurations only apply when producing a VM (e.g. nixos-rebuild build-vm) + virtualisation.vmVariant = { config, ... }: { + services.mastodon = { + # redirects to localhost, but allows it to have a proper domain name + localDomain = "mastodon.localhost"; + + smtp = { + fromAddress = "mastodon@mastodon.localhost"; + createLocally = false; + }; + + extraConfig = { + EMAIL_DOMAIN_ALLOWLIST = "example.com"; + }; + + # from the documentation: recommended is the amount of your CPU cores minus one. + # but it also must be a positive integer + streamingProcesses = let + ncores = config.virtualisation.cores; + max = x: y: if x > y then x else y; + in + max 1 (ncores - 1); }; - }; - services.nginx.virtualHosts.${config.services.mastodon.localDomain} = { - # extraConfig = '' - # add_header Referrer-Policy "same-origin"; - # ''; - }; + security.acme = { + defaults = { + # invalid server; the systemd service will fail, and we won't get properly signed certificates + # but let's not spam the letsencrypt servers (and we don't own this domain anyways) + server = "https://127.0.0.1"; + email = "none"; + }; + }; - virtualisation.memorySize = 2048; - virtualisation.forwardPorts = [ - { - from = "host"; - host.port = 44443; - guest.port = 443; - } - { - from = "host"; - host.port = 2222; - guest.port = 22; - } - ]; - }; -} - + virtualisation.memorySize = 2048; + virtualisation.forwardPorts = [ + { + from = "host"; + host.port = 44443; + guest.port = 443; + } + { + from = "host"; + host.port = 2222; + guest.port = 22; + } + ]; + }; + } + + # mastodon development environment + { + virtualisation.vmVariant = { config, ... }: { + services.mastodon = { + extraConfig = { + RAILS_ENV = "development"; + # for letter_opener + REMOTE_DEV = "true"; + }; + }; + + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = config.services.mastodon.database.user; + ensureClauses.createdb = true; + # ensurePermissions doesn't work anymore + # ensurePermissions = { + # "mastodon_development.*" = "ALL PRIVILEGES"; + # "mastodon_test.*" = "ALL PRIVILEGES"; + # } + } + ]; + # ensureDatabases = [ "mastodon_development_test" "mastodon_test" ]; + }; + + # run rails db:seed so that mastodon sets up the databases for us + systemd.services.mastodon-init-db.script = lib.mkForce '' + if [ `psql -c \ + "select count(*) from pg_class c \ + join pg_namespace s on s.oid = c.relnamespace \ + where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ + and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then + echo "Seeding database" + rails db:setup + # SAFETY_ASSURED=1 rails db:schema:load + rails db:seed + else + echo "Migrating database (this might be a noop)" + rails db:migrate + fi + ''; + }; + } +]