beep

extras/laura-ssh-root.nix

@@ -1,7 +0,0 @@
-{ ... }: {
-  users.users.root = {
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWDArL4+m9kUmLyWcmUby5+CVrmBThP0KbQWep32+BF laura@zotan.network"
-    ];
-  };
-}

flake.lock

@@ -96,11 +96,11 @@
         "utils": "utils_3"
       },
       "locked": {
-        "lastModified": 1666875108,
+        "lastModified": 1666990295,
-        "narHash": "sha256-sf0uvlDIatV/eYUJ8N5+Si21og3B6G+AKXive3RUH4E=",
+        "narHash": "sha256-JPMTX8W36IPV1jmKV1qEhNBI4MbIPYsnccWyTUlSiG0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "32fe7d2ebb7e338ad95a3ea9393fc6ad681368ce",
+        "rev": "423211401c245934db5052e3867cac704f658544",
         "type": "github"
       },
       "original": {
@@ -186,11 +186,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1666703756,
+        "lastModified": 1667050928,
-        "narHash": "sha256-GwpMJ1hT+z1fMAUkaGtvbvofJQwdVFDEGVhfE82+AUk=",
+        "narHash": "sha256-xOn0ZgjImIyeecEsrjxuvlW7IW5genTwvvnDQRFncB8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f994293d1eb8812f032e8919e10a594567cf6ef7",
+        "rev": "fdebb81f45a1ba2c4afca5fd9f526e1653ad0949",
         "type": "github"
       },
       "original": {

hosts/hetzner-vm/hetzner-vm.nix

@@ -19,10 +19,9 @@
     hosts.hetzner-vm.services.mail
     hosts.hetzner-vm.services.gitlab-static-sites
     hosts.hetzner-vm.services.lappy-dev
+    hosts.hetzner-vm.services.misskey
 
     (modulesPath + "/profiles/qemu-guest.nix")
-
-    ../../extras/laura-ssh-root.nix
   ];
 
   home-manager.users.root = {

hosts/hetzner-vm/services/mailserver/config.nix

@@ -1,6 +1,10 @@
 { }: rec {
   fqdn = "mail.owo.monster";
-  domains = [ "owo.monster" "kitteh.pw" "mailchaos.net" ];
+  domains = [
+    "owo.monster"
+    "kitteh.pw"
+    # "mailchaos.net"
+  ];
 
   debug_mode = false;
 
@@ -22,9 +26,9 @@
         "chaos@owo.monster"
 
         # for websites not liking .monster
-        "all@mailchaos.net"
+        #"all@mailchaos.net"
-        "chaoticryptidz@mailchaos.net"
+        #"chaoticryptidz@mailchaos.net"
-        "chaos@mailchaos.net"
+        #"chaos@mailchaos.net"
 
         # legacy - to be deprecated by 2023-01-01 
         "kitteh@owo.monster"

hosts/hetzner-vm/services/misskey-pkg.nix

@@ -0,0 +1,27 @@
+
+
+{ lib, stdenv, fetchFromGitHub }:
+
+let
+  version = "12.119.0";
+
+  src = fetchFromGitHub {
+    owner = "misskey-dev";
+    repo = "misskey";
+    rev = version;
+    sha256 = "sha256-2ijgk9/BWndJva71XTDfnLM7oG5qFVYhwxOXUK7UA6s=";
+  };
+in stdenv.mkDerivation {
+  pname = "misskey";
+  inherit version src;
+
+  installPhase = ''
+    cp -r $src $out
+  '';
+
+  meta = with lib; {
+    description = "Interplanetary microblogging platform. 🚀";
+    homepage = "https://misskey-hub.net/";
+    platforms = platforms.unix;
+  };
+}

hosts/hetzner-vm/services/misskey.nix

@@ -0,0 +1,143 @@
+{ pkgs, tree, ... }:
+let
+  misskeyDomain = "social.owo.monster";
+  misskeyPort = 3020;
+  redisPort = 3019;
+
+  misskeyPackages = with pkgs; [
+    nodejs
+    yarn
+    nodePackages.node-gyp
+
+    python3
+    pkg-config
+    glib
+    vips
+
+    stdenv
+  ];
+
+  misskeyPackage = pkgs.callPackage ./misskey-pkg.nix { };
+
+  misskeyConfig = {
+    url = "https://${misskeyDomain}/";
+    port = misskeyPort;
+    id = "aid";
+
+    db = {
+      host = "localhost";
+      port = "5432";
+      db = "misskey";
+      user = "misskey";
+      pass = "password";
+    };
+
+    redis = {
+      host = "127.0.0.1";
+      port = redisPort;
+    };
+  };
+
+  misskeyConfigFile = builtins.toFile "default.yml"
+    (pkgs.lib.generators.toYAML { } misskeyConfig);
+
+in {
+  users.users."misskey" = {
+    isNormalUser = true;
+    createHome = true;
+  };
+
+  home-manager.users."misskey" = {
+    home.packages = misskeyPackages;
+    home.stateVersion = "22.05";
+
+    imports = with tree; [ home.base home.dev.small ];
+  };
+
+  systemd.tmpfiles.rules = [ "d /home/misskey/misskey-files - misskey users" ];
+
+  systemd.services.misskey-files = {
+    serviceConfig.Type = "oneshot";
+    after = [ "home-manager-misskey.service" "network.target" ];
+    path = with pkgs; [ bash git ] ++ misskeyPackages;
+    script = ''
+      rm -rf /home/misskey/misskey || true
+      cp -rv ${misskeyPackage} /home/misskey/misskey
+
+      rm -rf /home/misskey/misskey/.config
+      mkdir /home/misskey/misskey/.config
+      cat ${misskeyConfigFile} > /home/misskey/misskey/.config/default.yml
+
+      ln -s /home/misskey/misskey-files /home/misskey/misskey/files
+
+      cd /home/misskey/misskey
+      yarn install
+      NODE_ENV=production yarn build
+
+      chown -R misskey:users /home/misskey/misskey
+    '';
+  };
+
+  systemd.services.misskey-password = {
+    serviceConfig.Type = "oneshot";
+    wants = [ "postgresql.service" ];
+    script = ''
+      ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';"
+    '';
+    serviceConfig.User = "misskey";
+  };
+
+  systemd.services.misskey = {
+    after = [ "misskey-files.service" "misskey-password.service" ];
+    wants = [
+      "postgresql.service"
+      "redis-misskey.service"
+      "misskey-password.service"
+    ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [ bash git ] ++ misskeyPackages;
+    environment.NODE_ENV = "production";
+    serviceConfig = {
+      User = "misskey";
+      WorkingDirectory = "/home/misskey/misskey";
+      ExecStartPre = "${pkgs.yarn}/bin/yarn migrate";
+      ExecStart =
+        "${pkgs.nodejs}/bin/node --experimental-json-modules packages/backend/built/index.js";
+      #TimeoutSec = 60;
+      #StandardOutput = "syslog";
+      #StandardError = "syslog";
+      #SyslogIdentifier = "misskey";
+      #Restart = "always";
+    };
+  };
+
+  services.nginx.virtualHosts."${misskeyDomain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:${toString misskeyPort}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureUsers = [{
+      name = "misskey";
+      ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
+    }];
+    ensureDatabases = [ "misskey" ];
+    initialScript = pkgs.writeText "init" ''
+      create user misskey with password 'password';
+      grant all privileges on database misskey to misskey;
+    '';
+  };
+
+  services.redis.servers."misskey" = {
+    enable = true;
+    port = redisPort;
+  };
+}
+

hosts/hetzner-vm/services/restic.nix

@@ -22,6 +22,11 @@ let
     mail_config.sieve_directory
     mail_config.dkim_directory
     "/var/lib/redis-rspamd"
+
+    # misskey
+    "/home/misskey/misskey-files"
+    "/var/lib/redis-misskey"
+
   ];
   backupPrepareCommand = "${
       (pkgs.writeShellScriptBin "backupPrepareCommand" ''

hosts/storage/storage.nix

@@ -11,8 +11,6 @@
 
     ./hardware.nix
     ./misc.nix
-
-    ../../extras/laura-ssh-root.nix
   ];
 
   users.groups.storage = { };