2023-08-25 18:25:34 +08:00
|
|
|
inputs:
|
|
|
|
|
{
|
2023-09-01 21:05:26 +08:00
|
|
|
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
|
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
misskey.instances = mkOption
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
type = types.attrsOf (types.submodule { options =
|
|
|
|
|
{
|
|
|
|
|
autoStart = mkOption { type = types.bool; default = true; };
|
|
|
|
|
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
|
|
|
|
redis.port = mkOption { type = types.ints.unsigned; default = 3545; };
|
|
|
|
|
hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };
|
|
|
|
|
meilisearch =
|
|
|
|
|
{
|
|
|
|
|
enable = mkOption { type = types.bool; default = true; };
|
|
|
|
|
port = mkOption { type = types.ints.unsigned; default = 7700; };
|
|
|
|
|
};
|
|
|
|
|
};});
|
|
|
|
|
default = {};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
|
misskey-proxy = mkOption
|
|
|
|
|
{
|
|
|
|
|
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
|
|
|
|
{
|
2023-09-03 16:53:56 +08:00
|
|
|
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
|
|
|
|
|
upstream = mkOption
|
|
|
|
|
{
|
|
|
|
|
type = types.oneOf [ types.nonEmptyStr (types.submodule { options =
|
|
|
|
|
{
|
|
|
|
|
address = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
|
|
|
|
|
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
|
|
|
|
};})];
|
|
|
|
|
default = "127.0.0.1:9726";
|
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};}));
|
|
|
|
|
default = {};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config =
|
|
|
|
|
let
|
|
|
|
|
inherit (inputs.config.nixos.services) misskey misskey-proxy;
|
|
|
|
|
inherit (inputs.localLib) stripeTabs attrsToList;
|
|
|
|
|
inherit (inputs.lib) mkIf mkMerge;
|
|
|
|
|
inherit (builtins) map listToAttrs toString replaceStrings;
|
|
|
|
|
in mkMerge
|
|
|
|
|
[
|
2023-10-02 21:38:06 +08:00
|
|
|
(mkMerge (map
|
|
|
|
|
(instance:
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
systemd =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
services."misskey-${instance.name}" = rec
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
description = "misskey ${instance.name}";
|
|
|
|
|
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
|
|
|
|
|
++ (if instance.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ] else []);
|
|
|
|
|
requires = after;
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
|
|
|
|
|
serviceConfig = rec
|
|
|
|
|
{
|
|
|
|
|
User = inputs.config.users.users."misskey-${instance.name}".name;
|
|
|
|
|
Group = inputs.config.users.users."misskey-${instance.name}".group;
|
|
|
|
|
WorkingDirectory = "/var/lib/misskey/${instance.name}/work";
|
|
|
|
|
ExecStart = "${WorkingDirectory}/bin/misskey";
|
|
|
|
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
|
|
|
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
|
|
|
Restart = "always";
|
|
|
|
|
RuntimeMaxSec = "1d";
|
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-10-02 21:38:06 +08:00
|
|
|
tmpfiles.rules = [ "d /var/lib/misskey/${instance.name}/files 0700 misskey misskey" ];
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-10-02 21:38:06 +08:00
|
|
|
fileSystems =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
"/var/lib/misskey/${instance.name}/work" =
|
|
|
|
|
{
|
|
|
|
|
device = "${inputs.pkgs.localPackages.misskey}";
|
|
|
|
|
options = [ "bind" "private" "x-gvfs-hide" ];
|
|
|
|
|
};
|
|
|
|
|
"/var/lib/misskey/${instance.name}/work/files" =
|
|
|
|
|
{
|
|
|
|
|
device = "/var/lib/misskey/${instance.name}/files";
|
|
|
|
|
options = [ "bind" "private" "x-gvfs-hide" ];
|
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-10-02 21:38:06 +08:00
|
|
|
sops.templates."misskey/${instance.name}.yml" =
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-10-02 21:38:06 +08:00
|
|
|
content =
|
|
|
|
|
let
|
|
|
|
|
placeholder = inputs.config.sops.placeholder;
|
|
|
|
|
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
|
|
|
|
|
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
|
|
|
|
|
in
|
|
|
|
|
''
|
|
|
|
|
url: https://${instance.value.hostname}/
|
|
|
|
|
port: ${toString instance.value.port}
|
|
|
|
|
db:
|
|
|
|
|
host: 127.0.0.1
|
|
|
|
|
port: 5432
|
|
|
|
|
db: ${replaceStrings [ "-" ] [ "_" ] instance.name}
|
|
|
|
|
user: ${instance.name}
|
|
|
|
|
pass: ${placeholder."postgresql/misskey-${instance.name}"}
|
|
|
|
|
extra:
|
|
|
|
|
statement_timeout: 60000
|
|
|
|
|
dbReplications: false
|
|
|
|
|
redis:
|
|
|
|
|
host: 127.0.0.1
|
|
|
|
|
port: ${toString redis.port}
|
|
|
|
|
pass: ${placeholder."redis/misskey-${instance.name}"}
|
|
|
|
|
id: 'aid'
|
|
|
|
|
proxyBypassHosts:
|
|
|
|
|
- api.deepl.com
|
|
|
|
|
- api-free.deepl.com
|
|
|
|
|
- www.recaptcha.net
|
|
|
|
|
- hcaptcha.com
|
|
|
|
|
- challenges.cloudflare.com
|
|
|
|
|
proxyRemoteFiles: true
|
|
|
|
|
signToActivityPubGet: true
|
|
|
|
|
maxFileSize: 1073741824
|
|
|
|
|
''
|
|
|
|
|
+ (if instance.value.meilisearch.enable then
|
|
|
|
|
''
|
|
|
|
|
meilisearch:
|
|
|
|
|
host: 127.0.0.1
|
|
|
|
|
port: ${toString meilisearch.port}
|
|
|
|
|
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
|
|
|
|
|
ssl: false
|
|
|
|
|
index: misskey
|
|
|
|
|
scope: globa
|
|
|
|
|
'' else "");
|
|
|
|
|
owner = inputs.config.users.users."misskey-${instance.name}".name;
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
2023-10-02 21:38:06 +08:00
|
|
|
users =
|
|
|
|
|
{
|
|
|
|
|
users."misskey-${instance.name}" =
|
|
|
|
|
{
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
group = "misskey-${instance.name}";
|
|
|
|
|
home = "/var/lib/misskey/${instance.name}";
|
|
|
|
|
createHome = true;
|
|
|
|
|
};
|
|
|
|
|
groups."misskey-${instance.name}" = {};
|
|
|
|
|
};
|
|
|
|
|
nixos.services =
|
|
|
|
|
{
|
|
|
|
|
redis.instances."misskey-${instance.name}".port = instance.value.redis.port;
|
|
|
|
|
postgresql = { enable = true; instances."misskey-${instance.name}" = {}; };
|
|
|
|
|
meilisearch.instances."misskey-${instance.name}" =
|
|
|
|
|
{
|
|
|
|
|
user = inputs.config.users.users."misskey-${instance.name}".name;
|
|
|
|
|
port = instance.value.meilisearch.port;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
(attrsToList misskey.instances)))
|
2023-09-01 21:05:26 +08:00
|
|
|
(mkIf (misskey-proxy != {})
|
|
|
|
|
{
|
|
|
|
|
nixos.services.nginx =
|
|
|
|
|
{
|
|
|
|
|
enable = true;
|
|
|
|
|
httpProxy = listToAttrs (map
|
2023-09-03 16:53:56 +08:00
|
|
|
(proxy: with proxy.value;
|
2023-09-01 21:05:26 +08:00
|
|
|
{
|
2023-09-03 16:53:56 +08:00
|
|
|
name = hostname;
|
2023-09-01 21:05:26 +08:00
|
|
|
value =
|
|
|
|
|
{
|
2023-09-16 15:34:27 +08:00
|
|
|
rewriteHttps = true;
|
|
|
|
|
locations."/" =
|
|
|
|
|
{
|
|
|
|
|
upstream = if builtins.typeOf upstream == "string" then "http://${upstream}"
|
|
|
|
|
else "http://${upstream.address}:${toString upstream.port}";
|
|
|
|
|
websocket = true;
|
|
|
|
|
setHeaders.Host = hostname;
|
|
|
|
|
};
|
2023-09-01 21:05:26 +08:00
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
(attrsToList misskey-proxy));
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
];
|
2023-08-25 18:25:34 +08:00
|
|
|
}
|
