stuff

flake.lock

@@ -61,11 +61,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1651886851,
-        "narHash": "sha256-kbXOJSf1uho0/7P54nZkJdJY3oAelIjyc6tfiRhaXJI=",
+        "lastModified": 1652167840,
+        "narHash": "sha256-Qx//y33FkhUun+en60SakO9iQPPLu18fUpr3kKTkif8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "882bd8118bdbff3a6e53e5ced393932b351ce2f6",
+        "rev": "4293902b64990d43847fe90e50ef7908f7dc1e30",
         "type": "github"
       },
       "original": {
@@ -135,11 +135,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1651726670,
-        "narHash": "sha256-dSGdzB49SEvdOJvrQWfQYkAefewXraHIV08Vz6iDXWQ=",
+        "lastModified": 1652082323,
+        "narHash": "sha256-7GSVLvfCJtH9dJ3om9Lg4fsi9UKvoxxR69gUTcx0ol8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c777cdf5c564015d5f63b09cc93bef4178b19b01",
+        "rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d",
         "type": "github"
       },
       "original": {

hosts/hetzner-vm/hetzner-vm.nix

@@ -16,6 +16,7 @@
     hosts.hetzner-vm.services.quassel
     hosts.hetzner-vm.services.mpd
     hosts.hetzner-vm.services.storage-sftp
+    hosts.hetzner-vm.services.misskey
 
     (modulesPath + "/profiles/qemu-guest.nix")
 

hosts/hetzner-vm/services/invidious.nix

@@ -39,11 +39,20 @@
     RuntimeMaxSec = "1200";
   };
 
-  services.nginx.virtualHosts."invidious-unproxied.owo.monster" = {
+  services.nginx.virtualHosts."invidious.owo.monster" = {
     forceSSL = true;
     enableACME = true;
     locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
   };
 
+  services.nginx.virtualHosts."invidious-nojs.owo.monster" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/".proxyPass = "http://127.0.0.1:3000";
+      "/js/".extraConfig = "deny all;";
+    };
+  };
+
   #networking.firewall.allowedTCPPorts = [ 3000 ];
 }

hosts/hetzner-vm/services/misskey.nix

@@ -0,0 +1,78 @@
+{ pkgs, ... }:
+let
+  misskeyDomain = "social.owo.monster";
+  misskeyPort = 3020;
+  redisPort = 3019;
+
+  # USE NPX YARN
+
+  misskeyBuildDeps = with pkgs; [
+    gccStdenv
+    nodePackages.node-gyp-build
+    python3
+    pkg-config
+    vips
+    nodePackages.npm
+  ];
+
+  misskeyPackages = with pkgs; [
+    git
+    jq
+
+
+    nodejs
+    nodePackages.npm
+
+    ffmpeg
+  ] ++ misskeyBuildDeps;
+in {
+  users.users."misskey" = {
+    isNormalUser = true;
+    createHome = true;
+  };
+  home-manager.users."misskey".home.packages = misskeyPackages;
+
+  # make .config/default.yml a symlink to /etc/misskey.yml
+  environment.etc."misskey.yml".text = pkgs.lib.generators.toYAML {} {
+    url = "https://${misskeyDomain}/";
+    port = misskeyPort;
+
+    db = {
+        host = "localhost";
+        port = "5432";
+        db = "misskey";
+        user = "misskey";
+        pass = "a";
+    };
+
+    redis = {
+        host = "127.0.0.1";
+        port = redisPort;
+    };
+  };
+
+  services.nginx.virtualHosts."${misskeyDomain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:${toString misskeyPort}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureUsers = [{
+      name = "misskey";
+      ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES";
+    }];
+    ensureDatabases = [ "misskey" ];
+  };
+
+  services.redis.servers."misskey" = {
+    enable = true;
+    port = redisPort;
+  };
+}

profiles/tailscale/tailscale.nix

@@ -1,4 +1,5 @@
 _: {
   services.tailscale.enable = true;
   networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.checkReversePath = "loose";
 }