nixfiles/hosts/hetzner-vm/profiles/misskey.nix

{
  pkgs,
  tree,
  ...
}: let
  ports = import ../ports.nix {};

  misskeyDomain = "social.owo.monster";

  misskeyPackages = with pkgs; [
    nodejs
    yarn
    nodePackages.node-gyp

    python3
    pkg-config
    glib
    vips

    stdenv
  ];

  misskeyPackage = pkgs.misskey-static;

  misskeyConfig = {
    url = "https://${misskeyDomain}/";
    port = ports.misskey;
    id = "aid";

    db = {
      host = "localhost";
      port = "5432";
      db = "misskey";
      user = "misskey";
      pass = "password";
    };

    redis = {
      host = "127.0.0.1";
      port = ports.misskey-redis;
    };

    clusterLimit = 4;
    outgoingAddressFamily = "dual";
  };

  misskeyConfigFile =
    builtins.toFile "default.yml"
    (pkgs.lib.generators.toYAML {} misskeyConfig);
in {
  users.users."misskey" = {
    isNormalUser = true;
    createHome = true;
  };

  home-manager.users."misskey" = {
    home.packages = misskeyPackages;
    home.stateVersion = "22.05";

    imports = with tree; [home.base home.dev.small];
  };

  systemd.tmpfiles.rules = ["d /home/misskey/misskey-files - misskey users"];

  systemd.services.misskey-files = {
    serviceConfig.Type = "oneshot";
    wantedBy = ["misskey.service"];
    after = ["home-manager-misskey.service" "network.target"];
    path = with pkgs; [bash git rsync] ++ misskeyPackages;

    script = ''
      mkdir -p /home/misskey/misskey || true
      rsync -avh ${misskeyPackage}/ /home/misskey/misskey/ --delete --exclude node_modules

      rm -rf /home/misskey/misskey/.config
      mkdir /home/misskey/misskey/.config
      cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml

      ln -s /home/misskey/misskey-files /home/misskey/misskey/files

      cd /home/misskey/misskey
      yarn install
      NODE_ENV=production yarn build

      chown -R misskey:users /home/misskey/misskey
    '';
  };

  systemd.services.misskey-password = {
    serviceConfig.Type = "oneshot";
    wantedBy = ["misskey.service"];
    wants = ["postgresql.service"];
    after = ["postgresql.service"];
    script = ''
      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
    '';
    serviceConfig.User = "misskey";
  };

  systemd.services.misskey = {
    wantedBy = ["multi-user.target"];
    after = ["misskey-password.service" "misskey-files.service"];
    wants = ["postgresql.service" "redis-misskey.service"];
    path = with pkgs; [bash git] ++ misskeyPackages;
    environment.NODE_ENV = "production";
    serviceConfig = {
      User = "misskey";
      WorkingDirectory = "/home/misskey/misskey";
      ExecStartPre = "${pkgs.yarn}/bin/yarn migrate";
      ExecStart = "${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js";
      #TimeoutSec = 60;
      #StandardOutput = "syslog";
      #StandardError = "syslog";
      #SyslogIdentifier = "misskey";
      #Restart = "always";
    };
  };

  services.nginx.virtualHosts."${misskeyDomain}" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/" = {
        proxyPass = "http://127.0.0.1:${toString ports.misskey}";
        proxyWebsockets = true;
      };
    };
  };

  services.postgresql = {
    enable = true;
    ensureUsers = [
      {
        name = "misskey";
        ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
      }
    ];
    ensureDatabases = ["misskey"];
    initialScript = pkgs.writeText "init" ''
      create user misskey with password 'password';
      grant all privileges on database misskey to misskey;
    '';
  };

  services.redis.servers."misskey" = {
    enable = true;
    port = ports.misskey-redis;
  };
}
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`{`
			`pkgs,`
			`tree,`
			`...`
			`}: let`
			`ports = import ../ports.nix {};`
more secrets 2022-11-02 12:24:55 +00:00
beep 2022-11-02 08:40:25 +00:00			`misskeyDomain = "social.owo.monster";`

			`misskeyPackages = with pkgs; [`
			`nodejs`
			`yarn`
			`nodePackages.node-gyp`

			`python3`
			`pkg-config`
			`glib`
			`vips`

			`stdenv`
			`];`

misskey update 2022-11-20 13:34:36 +00:00			`misskeyPackage = pkgs.misskey-static;`
beep 2022-11-02 08:40:25 +00:00
			`misskeyConfig = {`
			`url = "https://${misskeyDomain}/";`
tidy 2022-11-03 06:44:02 +00:00			`port = ports.misskey;`
beep 2022-11-02 08:40:25 +00:00			`id = "aid";`

			`db = {`
			`host = "localhost";`
			`port = "5432";`
			`db = "misskey";`
			`user = "misskey";`
			`pass = "password";`
			`};`

			`redis = {`
			`host = "127.0.0.1";`
tidy 2022-11-03 06:44:02 +00:00			`port = ports.misskey-redis;`
beep 2022-11-02 08:40:25 +00:00			`};`
misskey, update postgres, buildbox initial work 2022-11-23 15:58:12 +00:00
			`clusterLimit = 4;`
			`outgoingAddressFamily = "dual";`
beep 2022-11-02 08:40:25 +00:00			`};`

tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`misskeyConfigFile =`
			`builtins.toFile "default.yml"`
			`(pkgs.lib.generators.toYAML {} misskeyConfig);`
beep 2022-11-02 08:40:25 +00:00			`in {`
			`users.users."misskey" = {`
			`isNormalUser = true;`
			`createHome = true;`
			`};`

			`home-manager.users."misskey" = {`
			`home.packages = misskeyPackages;`
			`home.stateVersion = "22.05";`

tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`imports = with tree; [home.base home.dev.small];`
beep 2022-11-02 08:40:25 +00:00			`};`

tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`systemd.tmpfiles.rules = ["d /home/misskey/misskey-files - misskey users"];`
beep 2022-11-02 08:40:25 +00:00
			`systemd.services.misskey-files = {`
			`serviceConfig.Type = "oneshot";`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`wantedBy = ["misskey.service"];`
			`after = ["home-manager-misskey.service" "network.target"];`
			`path = with pkgs; [bash git rsync] ++ misskeyPackages;`
tidy 2022-11-03 06:44:02 +00:00
beep 2022-11-02 08:40:25 +00:00			`script = ''`
misskey, update postgres, buildbox initial work 2022-11-23 15:58:12 +00:00			`mkdir -p /home/misskey/misskey \|\| true`
			`rsync -avh ${misskeyPackage}/ /home/misskey/misskey/ --delete --exclude node_modules`
beep 2022-11-02 08:40:25 +00:00
			`rm -rf /home/misskey/misskey/.config`
			`mkdir /home/misskey/misskey/.config`
			`cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml`

			`ln -s /home/misskey/misskey-files /home/misskey/misskey/files`

			`cd /home/misskey/misskey`
			`yarn install`
			`NODE_ENV=production yarn build`

			`chown -R misskey:users /home/misskey/misskey`
			`'';`
			`};`

			`systemd.services.misskey-password = {`
			`serviceConfig.Type = "oneshot";`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`wantedBy = ["misskey.service"];`
			`wants = ["postgresql.service"];`
			`after = ["postgresql.service"];`
beep 2022-11-02 08:40:25 +00:00			`script = ''`
			`${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"`
			`'';`
			`serviceConfig.User = "misskey";`
			`};`

			`systemd.services.misskey = {`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`wantedBy = ["multi-user.target"];`
			`after = ["misskey-password.service" "misskey-files.service"];`
			`wants = ["postgresql.service" "redis-misskey.service"];`
			`path = with pkgs; [bash git] ++ misskeyPackages;`
beep 2022-11-02 08:40:25 +00:00			`environment.NODE_ENV = "production";`
			`serviceConfig = {`
			`User = "misskey";`
			`WorkingDirectory = "/home/misskey/misskey";`
			`ExecStartPre = "${pkgs.yarn}/bin/yarn migrate";`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`ExecStart = "${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js";`
beep 2022-11-02 08:40:25 +00:00			`#TimeoutSec = 60;`
			`#StandardOutput = "syslog";`
			`#StandardError = "syslog";`
			`#SyslogIdentifier = "misskey";`
			`#Restart = "always";`
			`};`
			`};`

			`services.nginx.virtualHosts."${misskeyDomain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = {`
			`"/" = {`
tidy 2022-11-03 06:44:02 +00:00			`proxyPass = "http://127.0.0.1:${toString ports.misskey}";`
beep 2022-11-02 08:40:25 +00:00			`proxyWebsockets = true;`
			`};`
			`};`
			`};`

			`services.postgresql = {`
			`enable = true;`
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`ensureUsers = [`
			`{`
			`name = "misskey";`
			`ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";`
			`}`
			`];`
			`ensureDatabases = ["misskey"];`
beep 2022-11-02 08:40:25 +00:00			`initialScript = pkgs.writeText "init" ''`
			`create user misskey with password 'password';`
			`grant all privileges on database misskey to misskey;`
			`'';`
			`};`

			`services.redis.servers."misskey" = {`
			`enable = true;`
tidy 2022-11-03 06:44:02 +00:00			`port = ports.misskey-redis;`
beep 2022-11-02 08:40:25 +00:00			`};`
			`}`