diff --git a/extras/laura-ssh-root.nix b/extras/laura-ssh-root.nix deleted file mode 100644 index 9c1b44c..0000000 --- a/extras/laura-ssh-root.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWDArL4+m9kUmLyWcmUby5+CVrmBThP0KbQWep32+BF laura@zotan.network" - ]; - }; -} diff --git a/flake.lock b/flake.lock index 1ffadca..7caf21a 100644 --- a/flake.lock +++ b/flake.lock @@ -96,11 +96,11 @@ "utils": "utils_3" }, "locked": { - "lastModified": 1666875108, - "narHash": "sha256-sf0uvlDIatV/eYUJ8N5+Si21og3B6G+AKXive3RUH4E=", + "lastModified": 1666990295, + "narHash": "sha256-JPMTX8W36IPV1jmKV1qEhNBI4MbIPYsnccWyTUlSiG0=", "owner": "nix-community", "repo": "home-manager", - "rev": "32fe7d2ebb7e338ad95a3ea9393fc6ad681368ce", + "rev": "423211401c245934db5052e3867cac704f658544", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1666703756, - "narHash": "sha256-GwpMJ1hT+z1fMAUkaGtvbvofJQwdVFDEGVhfE82+AUk=", + "lastModified": 1667050928, + "narHash": "sha256-xOn0ZgjImIyeecEsrjxuvlW7IW5genTwvvnDQRFncB8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f994293d1eb8812f032e8919e10a594567cf6ef7", + "rev": "fdebb81f45a1ba2c4afca5fd9f526e1653ad0949", "type": "github" }, "original": { diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index 2e51203..6b8d4eb 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -19,10 +19,9 @@ hosts.hetzner-vm.services.mail hosts.hetzner-vm.services.gitlab-static-sites hosts.hetzner-vm.services.lappy-dev + hosts.hetzner-vm.services.misskey (modulesPath + "/profiles/qemu-guest.nix") - - ../../extras/laura-ssh-root.nix ]; home-manager.users.root = { diff --git a/hosts/hetzner-vm/services/mailserver/config.nix b/hosts/hetzner-vm/services/mailserver/config.nix index 64b7989..c1ad7d5 100644 --- a/hosts/hetzner-vm/services/mailserver/config.nix +++ b/hosts/hetzner-vm/services/mailserver/config.nix @@ -1,6 +1,10 @@ { }: rec { fqdn = "mail.owo.monster"; - domains = [ "owo.monster" "kitteh.pw" "mailchaos.net" ]; + domains = [ + "owo.monster" + "kitteh.pw" + # "mailchaos.net" + ]; debug_mode = false; @@ -22,9 +26,9 @@ "chaos@owo.monster" # for websites not liking .monster - "all@mailchaos.net" - "chaoticryptidz@mailchaos.net" - "chaos@mailchaos.net" + #"all@mailchaos.net" + #"chaoticryptidz@mailchaos.net" + #"chaos@mailchaos.net" # legacy - to be deprecated by 2023-01-01 "kitteh@owo.monster" diff --git a/hosts/hetzner-vm/services/misskey-pkg.nix b/hosts/hetzner-vm/services/misskey-pkg.nix new file mode 100644 index 0000000..d3c16c6 --- /dev/null +++ b/hosts/hetzner-vm/services/misskey-pkg.nix @@ -0,0 +1,27 @@ + + +{ lib, stdenv, fetchFromGitHub }: + +let + version = "12.119.0"; + + src = fetchFromGitHub { + owner = "misskey-dev"; + repo = "misskey"; + rev = version; + sha256 = "sha256-2ijgk9/BWndJva71XTDfnLM7oG5qFVYhwxOXUK7UA6s="; + }; +in stdenv.mkDerivation { + pname = "misskey"; + inherit version src; + + installPhase = '' + cp -r $src $out + ''; + + meta = with lib; { + description = "Interplanetary microblogging platform. 🚀"; + homepage = "https://misskey-hub.net/"; + platforms = platforms.unix; + }; +} diff --git a/hosts/hetzner-vm/services/misskey.nix b/hosts/hetzner-vm/services/misskey.nix new file mode 100644 index 0000000..e2760fb --- /dev/null +++ b/hosts/hetzner-vm/services/misskey.nix @@ -0,0 +1,143 @@ +{ pkgs, tree, ... }: +let + misskeyDomain = "social.owo.monster"; + misskeyPort = 3020; + redisPort = 3019; + + misskeyPackages = with pkgs; [ + nodejs + yarn + nodePackages.node-gyp + + python3 + pkg-config + glib + vips + + stdenv + ]; + + misskeyPackage = pkgs.callPackage ./misskey-pkg.nix { }; + + misskeyConfig = { + url = "https://${misskeyDomain}/"; + port = misskeyPort; + id = "aid"; + + db = { + host = "localhost"; + port = "5432"; + db = "misskey"; + user = "misskey"; + pass = "password"; + }; + + redis = { + host = "127.0.0.1"; + port = redisPort; + }; + }; + + misskeyConfigFile = builtins.toFile "default.yml" + (pkgs.lib.generators.toYAML { } misskeyConfig); + +in { + users.users."misskey" = { + isNormalUser = true; + createHome = true; + }; + + home-manager.users."misskey" = { + home.packages = misskeyPackages; + home.stateVersion = "22.05"; + + imports = with tree; [ home.base home.dev.small ]; + }; + + systemd.tmpfiles.rules = [ "d /home/misskey/misskey-files - misskey users" ]; + + systemd.services.misskey-files = { + serviceConfig.Type = "oneshot"; + after = [ "home-manager-misskey.service" "network.target" ]; + path = with pkgs; [ bash git ] ++ misskeyPackages; + script = '' + rm -rf /home/misskey/misskey || true + cp -rv ${misskeyPackage} /home/misskey/misskey + + rm -rf /home/misskey/misskey/.config + mkdir /home/misskey/misskey/.config + cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml + + ln -s /home/misskey/misskey-files /home/misskey/misskey/files + + cd /home/misskey/misskey + yarn install + NODE_ENV=production yarn build + + chown -R misskey:users /home/misskey/misskey + ''; + }; + + systemd.services.misskey-password = { + serviceConfig.Type = "oneshot"; + wants = [ "postgresql.service" ]; + script = '' + ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';" + ''; + serviceConfig.User = "misskey"; + }; + + systemd.services.misskey = { + after = [ "misskey-files.service" "misskey-password.service" ]; + wants = [ + "postgresql.service" + "redis-misskey.service" + "misskey-password.service" + ]; + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ bash git ] ++ misskeyPackages; + environment.NODE_ENV = "production"; + serviceConfig = { + User = "misskey"; + WorkingDirectory = "/home/misskey/misskey"; + ExecStartPre = "${pkgs.yarn}/bin/yarn migrate"; + ExecStart = + "${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js"; + #TimeoutSec = 60; + #StandardOutput = "syslog"; + #StandardError = "syslog"; + #SyslogIdentifier = "misskey"; + #Restart = "always"; + }; + }; + + services.nginx.virtualHosts."${misskeyDomain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${toString misskeyPort}"; + proxyWebsockets = true; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureUsers = [{ + name = "misskey"; + ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES"; + }]; + ensureDatabases = [ "misskey" ]; + initialScript = pkgs.writeText "init" '' + create user misskey with password 'password'; + grant all privileges on database misskey to misskey; + ''; + }; + + services.redis.servers."misskey" = { + enable = true; + port = redisPort; + }; +} + diff --git a/hosts/hetzner-vm/services/restic.nix b/hosts/hetzner-vm/services/restic.nix index 88fc7c7..c3e8b97 100644 --- a/hosts/hetzner-vm/services/restic.nix +++ b/hosts/hetzner-vm/services/restic.nix @@ -22,6 +22,11 @@ let mail_config.sieve_directory mail_config.dkim_directory "/var/lib/redis-rspamd" + + # misskey + "/home/misskey/misskey-files" + "/var/lib/redis-misskey" + ]; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' diff --git a/hosts/storage/storage.nix b/hosts/storage/storage.nix index 0c884ff..efdeff6 100644 --- a/hosts/storage/storage.nix +++ b/hosts/storage/storage.nix @@ -11,8 +11,6 @@ ./hardware.nix ./misc.nix - - ../../extras/laura-ssh-root.nix ]; users.groups.storage = { };