2023-08-25 18:25:34 +08:00
|
|
|
inputs:
|
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
2023-08-25 18:25:34 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
misskey =
|
|
|
|
{
|
|
|
|
enable = mkOption { type = types.bool; default = false; };
|
|
|
|
port = mkOption { type = types.ints.unsigned; default = 9726; };
|
|
|
|
hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };
|
|
|
|
};
|
2023-08-26 14:07:57 +08:00
|
|
|
misskey-proxy = mkOption
|
2023-08-25 22:55:33 +08:00
|
|
|
{
|
2023-08-26 14:07:57 +08:00
|
|
|
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
|
|
|
{
|
|
|
|
hostname = mkOption { type = types.str; default = submoduleInputs.config._module.args.name; };
|
|
|
|
};}));
|
|
|
|
default = {};
|
2023-08-25 22:55:33 +08:00
|
|
|
};
|
2023-08-25 18:25:34 +08:00
|
|
|
};
|
|
|
|
config =
|
|
|
|
let
|
2023-08-25 22:55:33 +08:00
|
|
|
inherit (inputs.config.nixos.services) misskey misskey-proxy;
|
2023-08-26 14:07:57 +08:00
|
|
|
inherit (inputs.localLib) stripeTabs attrsToList;
|
2023-08-25 22:55:33 +08:00
|
|
|
inherit (inputs.lib) mkIf mkMerge;
|
2023-08-25 18:25:34 +08:00
|
|
|
inherit (builtins) map listToAttrs toString replaceStrings;
|
2023-08-25 22:55:33 +08:00
|
|
|
in mkMerge
|
|
|
|
[
|
|
|
|
(mkIf misskey.enable
|
2023-08-25 18:25:34 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
systemd =
|
2023-08-25 18:25:34 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
services.misskey =
|
2023-08-25 19:36:09 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
description = "misskey";
|
2023-08-26 13:47:45 +08:00
|
|
|
after = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
|
|
|
|
requires = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
|
2023-08-25 22:55:33 +08:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/default.yml".path;
|
|
|
|
serviceConfig = rec
|
|
|
|
{
|
|
|
|
User = inputs.config.users.users.misskey.name;
|
|
|
|
Group = inputs.config.users.users.misskey.group;
|
|
|
|
WorkingDirectory = "/var/lib/misskey/work";
|
|
|
|
ExecStart = "${WorkingDirectory}/bin/misskey";
|
|
|
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
|
|
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
|
|
};
|
2023-08-25 19:36:09 +08:00
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
|
2023-08-25 18:25:34 +08:00
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
fileSystems =
|
2023-08-25 19:36:09 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
"/var/lib/misskey/work" =
|
|
|
|
{
|
|
|
|
device = "${inputs.pkgs.localPackages.misskey}";
|
|
|
|
options = [ "bind" ];
|
|
|
|
};
|
|
|
|
"/var/lib/misskey/work/files" =
|
|
|
|
{
|
|
|
|
device = "/var/lib/misskey/files";
|
|
|
|
options = [ "bind" ];
|
|
|
|
};
|
2023-08-25 19:36:09 +08:00
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
sops.templates."misskey/default.yml" =
|
2023-08-25 19:36:09 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
content =
|
|
|
|
let
|
|
|
|
placeholder = inputs.config.sops.placeholder;
|
|
|
|
misskey = inputs.config.nixos.services.misskey;
|
|
|
|
redis = inputs.config.nixos.services.redis.instances.misskey;
|
|
|
|
in replaceStrings ["\t"] [" "] (stripeTabs
|
|
|
|
''
|
|
|
|
url: https://${misskey.hostname}/
|
|
|
|
port: ${toString misskey.port}
|
|
|
|
db:
|
|
|
|
host: 127.0.0.1
|
|
|
|
port: 5432
|
|
|
|
db: misskey
|
|
|
|
user: misskey
|
|
|
|
pass: ${placeholder."postgresql/misskey"}
|
2023-08-29 10:32:09 +08:00
|
|
|
extra:
|
|
|
|
statement_timeout: 60000
|
2023-08-25 22:55:33 +08:00
|
|
|
dbReplications: false
|
|
|
|
redis:
|
|
|
|
host: 127.0.0.1
|
|
|
|
port: ${toString redis.port}
|
|
|
|
pass: ${placeholder."redis/misskey"}
|
2023-08-26 13:30:35 +08:00
|
|
|
meilisearch:
|
|
|
|
host: 127.0.0.1
|
|
|
|
port: 7700
|
|
|
|
apiKey: ${placeholder."meilisearch/misskey"}
|
|
|
|
ssl: false
|
|
|
|
index: misskey
|
|
|
|
scope: global
|
2023-08-25 22:55:33 +08:00
|
|
|
id: 'aid'
|
|
|
|
proxyBypassHosts:
|
|
|
|
- api.deepl.com
|
|
|
|
- api-free.deepl.com
|
|
|
|
- www.recaptcha.net
|
|
|
|
- hcaptcha.com
|
|
|
|
- challenges.cloudflare.com
|
|
|
|
proxyRemoteFiles: true
|
|
|
|
signToActivityPubGet: true
|
|
|
|
maxFileSize: 1073741824
|
|
|
|
'');
|
|
|
|
owner = inputs.config.users.users.misskey.name;
|
2023-08-25 19:36:09 +08:00
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
users =
|
|
|
|
{
|
|
|
|
users.misskey = { isSystemUser = true; group = "misskey"; home = "/var/lib/misskey"; createHome = true; };
|
|
|
|
groups.misskey = {};
|
|
|
|
};
|
|
|
|
nixos.services =
|
2023-08-25 19:36:09 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
redis.instances.misskey.port = 3545;
|
|
|
|
nginx =
|
2023-08-25 22:30:31 +08:00
|
|
|
{
|
2023-08-25 22:55:33 +08:00
|
|
|
enable = true;
|
|
|
|
httpProxy =
|
2023-08-25 22:30:31 +08:00
|
|
|
{
|
2023-08-26 01:00:32 +08:00
|
|
|
"${misskey.hostname}" =
|
|
|
|
{
|
|
|
|
upstream = "http://127.0.0.1:${toString misskey.port}";
|
|
|
|
websocket = true;
|
|
|
|
setHeaders.Host = misskey.hostname;
|
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
"direct.${misskey.hostname}" =
|
|
|
|
{
|
|
|
|
upstream = "http://127.0.0.1:${toString misskey.port}";
|
|
|
|
websocket = true;
|
2023-08-26 01:00:32 +08:00
|
|
|
setHeaders.Host = misskey.hostname;
|
2023-08-25 22:55:33 +08:00
|
|
|
detectAuth = true;
|
|
|
|
};
|
2023-08-25 22:30:31 +08:00
|
|
|
};
|
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
postgresql = { enable = true; instances.misskey = {}; };
|
2023-08-26 13:30:35 +08:00
|
|
|
meilisearch.instances.misskey = { user = inputs.config.users.users.misskey.name; port = 7700; };
|
2023-08-25 19:36:09 +08:00
|
|
|
};
|
2023-08-25 22:55:33 +08:00
|
|
|
})
|
2023-08-26 14:07:57 +08:00
|
|
|
(mkIf (misskey-proxy != {})
|
2023-08-25 22:55:33 +08:00
|
|
|
{
|
2023-08-25 23:22:47 +08:00
|
|
|
nixos.services.nginx =
|
2023-08-25 22:55:33 +08:00
|
|
|
{
|
2023-08-25 23:22:47 +08:00
|
|
|
enable = true;
|
2023-08-26 14:07:57 +08:00
|
|
|
httpProxy = listToAttrs (map
|
|
|
|
(proxy:
|
|
|
|
{
|
|
|
|
name = proxy.value.hostname;
|
|
|
|
value =
|
|
|
|
{
|
|
|
|
upstream = "https://direct.${proxy.value.hostname}";
|
|
|
|
websocket = true;
|
|
|
|
setHeaders.Host = "direct.${proxy.value.hostname}";
|
|
|
|
addAuth = true;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
(attrsToList misskey-proxy));
|
2023-08-25 22:55:33 +08:00
|
|
|
};
|
|
|
|
})
|
|
|
|
];
|
2023-08-25 18:25:34 +08:00
|
|
|
}
|