nixfiles/hosts/hetzner-vm/profiles/misskey.nix

144 lines
3.5 KiB
Nix
Raw Normal View History

2022-11-02 08:40:25 +00:00
{ pkgs, tree, ... }:
let
2022-11-02 12:24:55 +00:00
ports = (import ../ports.nix { });
2022-11-02 08:40:25 +00:00
misskeyDomain = "social.owo.monster";
misskeyPackages = with pkgs; [
nodejs
yarn
nodePackages.node-gyp
python3
pkg-config
glib
vips
stdenv
];
misskeyPackage = pkgs.callPackage ./misskey-pkg.nix { };
misskeyConfig = {
url = "https://${misskeyDomain}/";
2022-11-03 06:44:02 +00:00
port = ports.misskey;
2022-11-02 08:40:25 +00:00
id = "aid";
db = {
host = "localhost";
port = "5432";
db = "misskey";
user = "misskey";
pass = "password";
};
redis = {
host = "127.0.0.1";
2022-11-03 06:44:02 +00:00
port = ports.misskey-redis;
2022-11-02 08:40:25 +00:00
};
};
misskeyConfigFile = builtins.toFile "default.yml"
(pkgs.lib.generators.toYAML { } misskeyConfig);
in {
users.users."misskey" = {
isNormalUser = true;
createHome = true;
};
home-manager.users."misskey" = {
home.packages = misskeyPackages;
home.stateVersion = "22.05";
imports = with tree; [ home.base home.dev.small ];
};
systemd.tmpfiles.rules = [ "d /home/misskey/misskey-files - misskey users" ];
systemd.services.misskey-files = {
serviceConfig.Type = "oneshot";
2022-11-03 06:44:02 +00:00
wantedBy = [ "misskey.service" ];
2022-11-02 08:40:25 +00:00
after = [ "home-manager-misskey.service" "network.target" ];
path = with pkgs; [ bash git ] ++ misskeyPackages;
2022-11-03 06:44:02 +00:00
reloadTriggers = [ misskeyPackage misskeyConfigFile ];
2022-11-02 08:40:25 +00:00
script = ''
rm -rf /home/misskey/misskey || true
cp -rv ${misskeyPackage} /home/misskey/misskey
rm -rf /home/misskey/misskey/.config
mkdir /home/misskey/misskey/.config
cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml
ln -s /home/misskey/misskey-files /home/misskey/misskey/files
cd /home/misskey/misskey
yarn install
NODE_ENV=production yarn build
chown -R misskey:users /home/misskey/misskey
'';
};
systemd.services.misskey-password = {
serviceConfig.Type = "oneshot";
2022-11-03 06:44:02 +00:00
wantedBy = [ "misskey.service" ];
2022-11-02 08:40:25 +00:00
wants = [ "postgresql.service" ];
script = ''
${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
'';
serviceConfig.User = "misskey";
};
systemd.services.misskey = {
wantedBy = [ "multi-user.target" ];
2022-11-03 06:44:02 +00:00
after = [ "misskey-password.service" "misskey-files.service" ];
wants = [ "postgresql.service" "redis-misskey.service" ];
2022-11-02 08:40:25 +00:00
path = with pkgs; [ bash git ] ++ misskeyPackages;
environment.NODE_ENV = "production";
serviceConfig = {
User = "misskey";
WorkingDirectory = "/home/misskey/misskey";
ExecStartPre = "${pkgs.yarn}/bin/yarn migrate";
ExecStart =
"${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js";
#TimeoutSec = 60;
#StandardOutput = "syslog";
#StandardError = "syslog";
#SyslogIdentifier = "misskey";
#Restart = "always";
};
};
services.nginx.virtualHosts."${misskeyDomain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
2022-11-03 06:44:02 +00:00
proxyPass = "http://127.0.0.1:${toString ports.misskey}";
2022-11-02 08:40:25 +00:00
proxyWebsockets = true;
};
};
};
services.postgresql = {
enable = true;
ensureUsers = [{
name = "misskey";
ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
}];
ensureDatabases = [ "misskey" ];
initialScript = pkgs.writeText "init" ''
create user misskey with password 'password';
grant all privileges on database misskey to misskey;
'';
};
services.redis.servers."misskey" = {
enable = true;
2022-11-03 06:44:02 +00:00
port = ports.misskey-redis;
2022-11-02 08:40:25 +00:00
};
}