{ config, pkgs, tree, ... }: let secrets = config.services.secrets.secrets; ports = import ../ports.nix {}; misskeyDomain = "social.owo.monster"; misskeyPackages = with pkgs; [ nodejs nodePackages.node-gyp nodePackages.pnpm python3 pkg-config glib vips stdenv ]; misskeyConfig = { url = "https://${misskeyDomain}/"; port = ports.misskey; id = "aid"; db = { host = "localhost"; port = "5432"; db = "misskey"; user = "misskey"; pass = "password"; }; redis = { host = "127.0.0.1"; port = ports.misskey-redis; }; # Allows federation with gotosocial which requires AP Get to be signed signToActivityPubGet = true; clusterLimit = 4; outgoingAddressFamily = "dual"; }; in { environment.etc."misskey.yml".text = pkgs.lib.generators.toYAML {} misskeyConfig; users.users."misskey" = { isNormalUser = true; createHome = true; }; home-manager.users."misskey" = { home.packages = misskeyPackages; home.stateVersion = "22.05"; imports = with tree; [home.base home.dev.small]; }; systemd.services.misskey-password = { serviceConfig.Type = "oneshot"; wantedBy = ["misskey.service"]; wants = ["postgresql.service"]; after = ["postgresql.service"]; script = '' ${pkgs.postgresql}/bin/psql -c "ALTER USER misskey WITH PASSWORD 'password';" ''; serviceConfig.User = "misskey"; }; systemd.services.misskey = { wantedBy = ["multi-user.target"]; after = ["misskey-password.service"]; wants = ["postgresql.service" "redis-misskey.service"]; path = with pkgs; [bash git] ++ misskeyPackages; environment.NODE_ENV = "production"; serviceConfig = { User = "misskey"; WorkingDirectory = "/home/misskey/misskey"; ExecStartPre = "${pkgs.nodePackages.pnpm}/bin/pnpm migrate"; ExecStart = "${pkgs.nodePackages.pnpm}/bin/pnpm start"; #TimeoutSec = 60; #StandardOutput = "syslog"; #StandardError = "syslog"; #SyslogIdentifier = "misskey"; #Restart = "always"; }; }; services.nginx.virtualHosts."${misskeyDomain}" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:${toString ports.misskey}"; proxyWebsockets = true; }; }; }; services.postgresql = { enable = true; ensureUsers = [ { name = "misskey"; ensurePermissions."DATABASE misskey" = "ALL PRIVILEGES"; } ]; ensureDatabases = ["misskey"]; }; services.redis.servers."misskey" = { enable = true; port = ports.misskey-redis; }; environment.systemPackages = with pkgs; [ rclone (pkgs.writeShellScriptBin "rclone-misskey" '' ${pkgs.rclone}/bin/rclone --config ${secrets.misskey_storage_rclone_config.path} \ $@ '') ]; systemd.tmpfiles.rules = [ "d /home/misskey/misskey-files - misskey users" "d /home/misskey/.config - misskey users" "d /home/misskey/.config/rclone - misskey users" "L /home/misskey/.config/rclone/rclone.conf - - - - ${secrets.misskey_storage_rclone_config.path}" ]; systemd.services."misskey-files-sync" = { serviceConfig.Type = "oneshot"; script = let bsdtar = "${pkgs.libarchive}/bin/bsdtar"; rclone = "${pkgs.rclone}/bin/rclone"; in '' pushd /home/misskey pushd /home/misskey/misskey-files ${bsdtar} cvf ../Media.tar . popd ${rclone} copy Media.tar Storage-Media-Crypt:Media.tar rm Media.tar popd ''; serviceConfig.User = "misskey"; }; systemd.timers."misskey-files-sync" = { wantedBy = ["timers.target"]; partOf = ["misskey-files-sync.service"]; timerConfig = { OnStartupSec = "60"; OnCalendar = "4h"; }; }; }