simple pixelfed & redo readme
This commit is contained in:
		
							parent
							
								
									8c40168532
								
							
						
					
					
						commit
						3e4ab1ecf6
					
				
					 6 changed files with 83 additions and 42 deletions
				
			
		
							
								
								
									
										59
									
								
								README.md
									
										
									
									
									
								
							
							
						
						
									
										59
									
								
								README.md
									
										
									
									
									
								
							|  | @ -1,43 +1,45 @@ | ||||||
| # How to start up a mastodon VM | # Fediverse VMs | ||||||
|  | 
 | ||||||
|  | This repo is, for now, an attempt to familiarize myself with NixOS options for Fediverse applications, and build up a configuration layer that will set most of the relevant options for you (in a semi-opinionated way) given some high-level configuration. This is in the same vein as [nixos-mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver). | ||||||
|  | 
 | ||||||
|  | Eventually, this will be tailored to high-throughput multi-machine setups. For now, it's just a small configuration to run in VMs. | ||||||
|  | 
 | ||||||
|  | ## Running the VMs | ||||||
|  | 
 | ||||||
|  | you can build a VM using | ||||||
| 
 | 
 | ||||||
| ```bash | ```bash | ||||||
| nixos-rebuild build-vm --flake .#mastodon  | nixos-rebuild build-vm --flake .#<vm_name> | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | where `<vm_name>` is one of `mastodon`, `peertube`, `pixelfed`, or `all` | ||||||
|  | 
 | ||||||
|  | and then run it with | ||||||
|  | ```bash | ||||||
| ./result/bin/run-nixos-vm | ./result/bin/run-nixos-vm | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
| Now you can access mastodon at <https://mastodon.localhost:55001> | You can then access the apps on your local machine (using the magic of port forwarding) at the following addresses | ||||||
| 
 | 
 | ||||||
| - You will have to "accept the security risk". | - Mastodon: <https://mastodon.localhost:55001> | ||||||
| - It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway |   - You will have to "accept the security risk" | ||||||
|  |   - It may take a minute for the webpage to come online. Until then you will see "502 Bad Gateway" | ||||||
|  |   - (NOTE: currently broken) email sent from the mastodon instance (e.g. for setting up an account) will be accessible at <https://mastodon.localhost:55001/letter_opener> | ||||||
| 
 | 
 | ||||||
| Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created. | - PeerTube: <http://peertube.localhost:9000> | ||||||
| 
 |   - The root account can be accessed with username "root". The password can be obtained by running the following command on the VM: | ||||||
| - email, when it works, will be accessible at <https://mastodon.localhost:55001/letter_opener> |  | ||||||
| 
 |  | ||||||
| ## peertube |  | ||||||
| 
 |  | ||||||
| ```bash |  | ||||||
| nixos-rebuild build-vm --flake .#peertube  |  | ||||||
| ./result/bin/run-nixos-vm |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| Now you can access peertube at <https://peertube.localhost:9000> |  | ||||||
| 
 |  | ||||||
| The root account can be logged in with username "root". The password can be obtained with the command  |  | ||||||
|     ```bash |     ```bash | ||||||
|     journalctl -u peertube | perl -ne '/password: (.*)/ && print $1' |     journalctl -u peertube | perl -ne '/password: (.*)/ && print $1' | ||||||
|     ``` |     ``` | ||||||
|  |   - Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account. | ||||||
| 
 | 
 | ||||||
| or just | ## debugging notes | ||||||
| 
 |  | ||||||
| ```bash |  | ||||||
| journalctl -u peertube | grep password |  | ||||||
| ``` |  | ||||||
| 
 |  | ||||||
| and look at the end of the line. |  | ||||||
| 
 |  | ||||||
| Creating other accounts has to be enabled via the admin interface. `Administration > Configuration > Basic > Enable Signup` or just add an account directly from `Administration > Create user`. But functionality can also be tested from the root account. |  | ||||||
| 
 | 
 | ||||||
|  | - it is sometimes useful to `cat result/bin/run-nixos-vm` to see what's really going on (e.g. which ports are getting forwarded) | ||||||
|  | - relevant systemd services: | ||||||
|  |   - mastodon-web.service | ||||||
|  |   - peertube.service | ||||||
|  |   - unclear yet which pixelfed services are useful | ||||||
| 
 | 
 | ||||||
| # TODOs | # TODOs | ||||||
| 
 | 
 | ||||||
|  | @ -57,6 +59,7 @@ Creating other accounts has to be enabled via the admin interface. `Administrati | ||||||
| - [x] don't require proxy server | - [x] don't require proxy server | ||||||
|   - either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation) |   - either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation) | ||||||
| - [ ] get letter_opener working | - [ ] get letter_opener working | ||||||
|  | - [ ] share resources (e.g. s3 storage) between the services | ||||||
| 
 | 
 | ||||||
| # resources | # resources | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -32,6 +32,13 @@ | ||||||
|         "-mon chardev=char0,mode=readline" |         "-mon chardev=char0,mode=readline" | ||||||
|         "-device virtconsole,chardev=char0,nr=0" |         "-device virtconsole,chardev=char0,nr=0" | ||||||
|       ]; |       ]; | ||||||
|  |       # forwardPorts = [ | ||||||
|  |       #   { | ||||||
|  |       #     from = "host"; | ||||||
|  |       #     host.port = 2222; | ||||||
|  |       #     guest.port = 22; | ||||||
|  |       #   } | ||||||
|  |       # ]; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|  |  | ||||||
							
								
								
									
										10
									
								
								flake.nix
									
										
									
									
									
								
							
							
						
						
									
										10
									
								
								flake.nix
									
										
									
									
									
								
							|  | @ -21,6 +21,16 @@ | ||||||
|         inherit system; |         inherit system; | ||||||
|         modules = [ ./common.nix ./peertube.nix ]; |         modules = [ ./common.nix ./peertube.nix ]; | ||||||
|       }; |       }; | ||||||
|  | 
 | ||||||
|  |       pixelfed = nixpkgs.lib.nixosSystem { | ||||||
|  |         inherit system; | ||||||
|  |         modules = [ ./common.nix ./pixelfed.nix ]; | ||||||
|  |       }; | ||||||
|  | 
 | ||||||
|  |       all = nixpkgs.lib.nixosSystem { | ||||||
|  |         inherit system; | ||||||
|  |         modules = [ ./common.nix ./mastodon.nix ./peertube.nix ./pixelfed.nix ]; | ||||||
|  |       }; | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     devShells.${system}.default = pkgs.mkShell { |     devShells.${system}.default = pkgs.mkShell { | ||||||
|  |  | ||||||
							
								
								
									
										10
									
								
								mastodon.nix
									
										
									
									
									
								
							
							
						
						
									
										10
									
								
								mastodon.nix
									
										
									
									
									
								
							|  | @ -67,17 +67,13 @@ | ||||||
|           host.port = 44443; |           host.port = 44443; | ||||||
|           guest.port = 443; |           guest.port = 443; | ||||||
|         } |         } | ||||||
|         { |  | ||||||
|           from = "host"; |  | ||||||
|           host.port = 2222; |  | ||||||
|           guest.port = 22; |  | ||||||
|         } |  | ||||||
|       ]; |       ]; | ||||||
|     }; |     }; | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   # mastodon development environment |   # mastodon development environment | ||||||
|   { |   { | ||||||
|  |     networking.firewall.allowedTCPPorts = [ 55001 ]; | ||||||
|     virtualisation.vmVariant = { config, ... }: { |     virtualisation.vmVariant = { config, ... }: { | ||||||
|       services.mastodon = { |       services.mastodon = { | ||||||
|         # needed so we can directly access mastodon at port 55001 |         # needed so we can directly access mastodon at port 55001 | ||||||
|  | @ -85,7 +81,7 @@ | ||||||
|         enableUnixSocket = false; |         enableUnixSocket = false; | ||||||
|         extraConfig = { |         extraConfig = { | ||||||
|           RAILS_ENV = "development"; |           RAILS_ENV = "development"; | ||||||
|           # for letter_opener |           # for letter_opener (still doesn't work though) | ||||||
|           REMOTE_DEV = "true"; |           REMOTE_DEV = "true"; | ||||||
|         }; |         }; | ||||||
|       }; |       }; | ||||||
|  | @ -123,7 +119,7 @@ | ||||||
|             # rails db:migrate |             # rails db:migrate | ||||||
|           fi |           fi | ||||||
|       ''; |       ''; | ||||||
|       virtualisation.forwardPorts = lib.mkForce [ |       virtualisation.forwardPorts = [ | ||||||
|         { |         { | ||||||
|           from = "host"; |           from = "host"; | ||||||
|           host.port = 55001; |           host.port = 55001; | ||||||
|  |  | ||||||
|  | @ -13,11 +13,11 @@ | ||||||
|         instance.name = "PeerTube Test VM"; |         instance.name = "PeerTube Test VM"; | ||||||
|       }; |       }; | ||||||
|       # TODO: use agenix |       # TODO: use agenix | ||||||
|       secrets.secretsFile = pkgs.runCommand "secret-gen" { |       secrets.secretsFile = pkgs.writeText "secret" '' | ||||||
|         nativeBuildInputs = [ pkgs.openssl ]; |         574e093907d1157ac0f8e760a6deb1035402003af5763135bae9cbd6abe32b24 | ||||||
|       } '' |  | ||||||
|         openssl rand -hex 32 > $out |  | ||||||
|       ''; |       ''; | ||||||
|  | 
 | ||||||
|  |       # TODO: in most of nixpkgs, these are true by default. upstream that unless there's a good reason not to. | ||||||
|       redis.createLocally = true; |       redis.createLocally = true; | ||||||
|       database.createLocally = true; |       database.createLocally = true; | ||||||
|       configureNginx = true; |       configureNginx = true; | ||||||
|  |  | ||||||
							
								
								
									
										25
									
								
								pixelfed.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								pixelfed.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,25 @@ | ||||||
|  | { config, lib, pkgs, ... }: { | ||||||
|  |   virtualisation.vmVariant = { | ||||||
|  |     networking.firewall.allowedTCPPorts = [ 80 ]; | ||||||
|  |     services.pixelfed = { | ||||||
|  |       enable = true; | ||||||
|  |       domain = "pixelfed.localhost"; | ||||||
|  |       secretFile = pkgs.writeText "secrets.env" '' | ||||||
|  |         APP_KEY=adKK9EcY8Hcj3PLU7rzG9rJ6KKTOtYfA | ||||||
|  |       ''; | ||||||
|  |       settings = { | ||||||
|  |         OPEN_REGISTRATION = true; | ||||||
|  |         FORCE_HTTPS_URLS = false; | ||||||
|  |       }; | ||||||
|  |       # TODO: I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options here | ||||||
|  |       nginx = {}; | ||||||
|  |     }; | ||||||
|  |     virtualisation.forwardPorts = [ | ||||||
|  |       { | ||||||
|  |         from = "host"; | ||||||
|  |         host.port = 8000; | ||||||
|  |         guest.port = 80; | ||||||
|  |       } | ||||||
|  |     ]; | ||||||
|  |   }; | ||||||
|  | } | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Taeer Bar-Yam
						Taeer Bar-Yam