account creation
This commit is contained in:
parent
ecf89fc0d0
commit
a4cb05d8a1
28
README.md
28
README.md
|
@ -10,6 +10,29 @@ Now you can access mastodon at <https://social.local.gd:44443>
|
||||||
- You will have to "accept the security risk".
|
- You will have to "accept the security risk".
|
||||||
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
|
- It may take a minute for the webpage to come online. Until then you will see 502 Bad Gateway
|
||||||
|
|
||||||
|
Remember that if you want to clear the state from one launch to the next, you should delete the `nixos.qcow2` file that is created.
|
||||||
|
|
||||||
|
# Account creation / access
|
||||||
|
|
||||||
|
Mastodon throws a hissyfit when trying to create accounts / login if it's not being **accessed** on port 443. This is a problem with the way we've set up port forwarding.
|
||||||
|
|
||||||
|
My current (terrible) solution is to run
|
||||||
|
```
|
||||||
|
nixos-rebuild build-vm --flake .#mastodon
|
||||||
|
|
||||||
|
# start a proxy server to the server on port 1234 (you can pick your favourite port)
|
||||||
|
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Error -D 1234 root@localhost -p 2222
|
||||||
|
|
||||||
|
# optional. create a new firefox profile so we don't have to undo the settings when we're done
|
||||||
|
mkdir /tmp/profile && firefox --profile /tmp/profile
|
||||||
|
```
|
||||||
|
|
||||||
|
Then configure Firefox by going to `about:config` and setting `network.proxy.allow_hijacking_localhost` to `true`, and in `about:preferences` set the proxy to manual `localhost` port `1234`, and enable `Proxy DNS` at the bottom.
|
||||||
|
|
||||||
|
Navigate to <https://social.local.gd>, and click "create account"
|
||||||
|
|
||||||
|
- email verification is WIP, but should be accessible at <https://social.local.gd/letter_opener>
|
||||||
|
|
||||||
# TODOs
|
# TODOs
|
||||||
|
|
||||||
- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
|
- [ ] set up a domain name and a DNS service so we can do deploy this to an actual machine
|
||||||
|
@ -24,7 +47,12 @@ Now you can access mastodon at <https://social.local.gd:44443>
|
||||||
- [ ] configure scaling behaviour
|
- [ ] configure scaling behaviour
|
||||||
- SEE: https://docs.joinmastodon.org/admin/scaling/
|
- SEE: https://docs.joinmastodon.org/admin/scaling/
|
||||||
- [ ] remove the need for "accept security risk" dialogue if possible
|
- [ ] remove the need for "accept security risk" dialogue if possible
|
||||||
|
- [ ] development environment does not work seamlessly.
|
||||||
|
- [ ] don't require proxy server
|
||||||
|
- either forward 443 directly, or get mastodon to accept connections on a different port (maybe 3000? see development environment documentation)
|
||||||
|
- [ ] get letter_opener working
|
||||||
|
|
||||||
# resources
|
# resources
|
||||||
|
|
||||||
- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
|
- Tutorial for setting up better logging: https://krisztianfekete.org/self-hosting-mastodon-on-nixos-a-proof-of-concept/
|
||||||
|
- Setting up development environment: https://docs.joinmastodon.org/dev/setup/
|
||||||
|
|
|
@ -26,7 +26,15 @@
|
||||||
|
|
||||||
# let us log in
|
# let us log in
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.users.root.password = " ";
|
users.users.root.hashedPassword = "";
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PermitRootLogin = "yes";
|
||||||
|
PermitEmptyPasswords = "yes";
|
||||||
|
UsePAM = "no";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# access to convenient things
|
# access to convenient things
|
||||||
environment.systemPackages = with pkgs; [ w3m python3 ];
|
environment.systemPackages = with pkgs; [ w3m python3 ];
|
||||||
|
@ -45,6 +53,24 @@
|
||||||
fromAddress = "mastodon@social.local.gd";
|
fromAddress = "mastodon@social.local.gd";
|
||||||
createLocally = false;
|
createLocally = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
EMAIL_DOMAIN_ALLOWLIST = "example.com";
|
||||||
|
RAILS_ENV = "development";
|
||||||
|
# for letter_opener
|
||||||
|
REMOTE_DEV = "true";
|
||||||
|
};
|
||||||
|
# database = {
|
||||||
|
# # createLocally = false;
|
||||||
|
# # host = "/run/postgresql";
|
||||||
|
# # port = null;
|
||||||
|
# name = "mastodon_development";
|
||||||
|
# user = "mastodon_development";
|
||||||
|
# };
|
||||||
|
# user = "mastodon_development";
|
||||||
|
|
||||||
|
# database.createLocally = false;
|
||||||
|
|
||||||
# from the documentation: recommended is the amount of your CPU cores minus one.
|
# from the documentation: recommended is the amount of your CPU cores minus one.
|
||||||
# but it also must be a positive integer
|
# but it also must be a positive integer
|
||||||
streamingProcesses = let
|
streamingProcesses = let
|
||||||
|
@ -54,6 +80,41 @@
|
||||||
max 1 (ncores - 1);
|
max 1 (ncores - 1);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# users.users.mastodon_development = {
|
||||||
|
# isSystemUser = true;
|
||||||
|
# home = config.services.mastodon.package;
|
||||||
|
# group = "mastodon";
|
||||||
|
# packages = [ config.services.mastodon.package pkgs.imagemagick ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = config.services.mastodon.database.user;
|
||||||
|
ensureClauses.createdb = true;
|
||||||
|
# ensurePermissions."mastodon_development_test.*" = "ALL PRIVILEGES";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
# ensureDatabases = [ "mastodon_development_test" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.mastodon-init-db.script = lib.mkForce ''
|
||||||
|
if [ `psql -c \
|
||||||
|
"select count(*) from pg_class c \
|
||||||
|
join pg_namespace s on s.oid = c.relnamespace \
|
||||||
|
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
|
||||||
|
and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
|
||||||
|
echo "Seeding database"
|
||||||
|
rails db:setup
|
||||||
|
# SAFETY_ASSURED=1 rails db:schema:load
|
||||||
|
rails db:seed
|
||||||
|
else
|
||||||
|
echo "Migrating database (this might be a noop)"
|
||||||
|
rails db:migrate
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
defaults = {
|
defaults = {
|
||||||
# invalid server; the systemd service will fail, and we won't get properly signed certificates
|
# invalid server; the systemd service will fail, and we won't get properly signed certificates
|
||||||
|
@ -63,6 +124,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${config.services.mastodon.localDomain} = {
|
||||||
|
# extraConfig = ''
|
||||||
|
# add_header Referrer-Policy "same-origin";
|
||||||
|
# '';
|
||||||
|
};
|
||||||
|
|
||||||
virtualisation.memorySize = 2048;
|
virtualisation.memorySize = 2048;
|
||||||
virtualisation.forwardPorts = [
|
virtualisation.forwardPorts = [
|
||||||
{
|
{
|
||||||
|
@ -70,6 +137,11 @@
|
||||||
host.port = 44443;
|
host.port = 44443;
|
||||||
guest.port = 443;
|
guest.port = 443;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
from = "host";
|
||||||
|
host.port = 2222;
|
||||||
|
guest.port = 22;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue