nixos/modules/services/misskey.nix

inputs:
{
	options.nixos.services = let inherit (inputs.lib) mkOption types; in
	{
		misskey =
		{
			enable = mkOption { type = types.bool; default = false; };
			port = mkOption { type = types.ints.unsigned; default = 9726; };
			hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };
		};
		misskey-proxy = mkOption
		{
			type = types.attrsOf (types.submodule (submoduleInputs: { options =
			{
				hostname = mkOption { type = types.str; default = submoduleInputs.config._module.args.name; };
			};}));
			default = {};
		};
	};
	config =
		let
			inherit (inputs.config.nixos.services) misskey misskey-proxy;
			inherit (inputs.localLib) stripeTabs attrsToList;
			inherit (inputs.lib) mkIf mkMerge;
			inherit (builtins) map listToAttrs toString replaceStrings;
		in mkMerge
		[
			(mkIf misskey.enable
			{
				systemd =
				{
					services.misskey =
					{
						description = "misskey";
						after = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
						requires = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];
						wantedBy = [ "multi-user.target" ];
						environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/default.yml".path;
						serviceConfig = rec
						{
							User = inputs.config.users.users.misskey.name;
							Group = inputs.config.users.users.misskey.group;
							WorkingDirectory = "/var/lib/misskey/work";
							ExecStart = "${WorkingDirectory}/bin/misskey";
							CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
							AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
						};
					};
					tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];
				};
				fileSystems =
				{
					"/var/lib/misskey/work" =
					{
						device = "${inputs.pkgs.localPackages.misskey}";
						options = [ "bind" ];
					};
					"/var/lib/misskey/work/files" =
					{
						device = "/var/lib/misskey/files";
						options = [ "bind" ];
					};
				};
				sops.templates."misskey/default.yml" =
				{
					content =
						let
							placeholder = inputs.config.sops.placeholder;
							misskey = inputs.config.nixos.services.misskey;
							redis = inputs.config.nixos.services.redis.instances.misskey;
						in replaceStrings ["\t"] ["  "] (stripeTabs
						''
							url: https://${misskey.hostname}/
							port: ${toString misskey.port}
							db:
								host: 127.0.0.1
								port: 5432
								db: misskey
								user: misskey
								pass: ${placeholder."postgresql/misskey"}
								extra:
									statement_timeout: 60000
							dbReplications: false
							redis:
								host: 127.0.0.1
								port: ${toString redis.port}
								pass: ${placeholder."redis/misskey"}
							meilisearch:
								host: 127.0.0.1
								port: 7700
								apiKey: ${placeholder."meilisearch/misskey"}
								ssl: false
								index: misskey
								scope: global
							id: 'aid'
							proxyBypassHosts:
								- api.deepl.com
								- api-free.deepl.com
								- www.recaptcha.net
								- hcaptcha.com
								- challenges.cloudflare.com
							proxyRemoteFiles: true
							signToActivityPubGet: true
							maxFileSize: 1073741824
						'');
					owner = inputs.config.users.users.misskey.name;
				};
				users =
				{
					users.misskey = { isSystemUser = true; group = "misskey"; home = "/var/lib/misskey"; createHome = true; };
					groups.misskey = {};
				};
				nixos.services =
				{
					redis.instances.misskey.port = 3545;
					nginx =
					{
						enable = true;
						httpProxy =
						{
							"${misskey.hostname}" =
							{
								upstream = "http://127.0.0.1:${toString misskey.port}";
								websocket = true;
								setHeaders.Host = misskey.hostname;
							};
							"direct.${misskey.hostname}" =
							{
								upstream = "http://127.0.0.1:${toString misskey.port}";
								websocket = true;
								setHeaders.Host = misskey.hostname;
								detectAuth = true;
							};
						};
					};
					postgresql = { enable = true; instances.misskey = {}; };
					meilisearch.instances.misskey = { user = inputs.config.users.users.misskey.name; port = 7700; };
				};
			})
			(mkIf (misskey-proxy != {})
			{
				nixos.services.nginx =
				{
					enable = true;
					httpProxy = listToAttrs (map
						(proxy:
						{
							name = proxy.value.hostname;
							value =
							{
								upstream = "https://direct.${proxy.value.hostname}";
								websocket = true;
								setHeaders.Host = "direct.${proxy.value.hostname}";
								addAuth = true;
							};
						})
						(attrsToList misskey-proxy));
				};
			})
		];
}
add misskey 2023-08-25 18:25:34 +08:00			`inputs:`
			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`options.nixos.services = let inherit (inputs.lib) mkOption types; in`
add misskey 2023-08-25 18:25:34 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`misskey =`
			`{`
			`enable = mkOption { type = types.bool; default = false; };`
			`port = mkOption { type = types.ints.unsigned; default = 9726; };`
			`hostname = mkOption { type = types.str; default = "misskey.chn.moe"; };`
			`};`
misskey proxy allow multiple instances 2023-08-26 14:07:57 +08:00			`misskey-proxy = mkOption`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`{`
misskey proxy allow multiple instances 2023-08-26 14:07:57 +08:00			`type = types.attrsOf (types.submodule (submoduleInputs: { options =`
			`{`
			`hostname = mkOption { type = types.str; default = submoduleInputs.config._module.args.name; };`
			`};}));`
			`default = {};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`};`
add misskey 2023-08-25 18:25:34 +08:00			`};`
			`config =`
			`let`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`inherit (inputs.config.nixos.services) misskey misskey-proxy;`
misskey proxy allow multiple instances 2023-08-26 14:07:57 +08:00			`inherit (inputs.localLib) stripeTabs attrsToList;`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`inherit (inputs.lib) mkIf mkMerge;`
add misskey 2023-08-25 18:25:34 +08:00			`inherit (builtins) map listToAttrs toString replaceStrings;`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`in mkMerge`
			`[`
			`(mkIf misskey.enable`
add misskey 2023-08-25 18:25:34 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`systemd =`
add misskey 2023-08-25 18:25:34 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`services.misskey =`
完成misskey服务 2023-08-25 19:36:09 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`description = "misskey";`
Revert "misskey: remove meilisearch" This reverts commit a3a5ab23c0c1c6cfbe5b529f5507633ac7f73119. 2023-08-30 20:08:08 +08:00			`after = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];`
			`requires = [ "network.target" "redis-misskey.service" "postgresql.service" "meilisearch-misskey.service" ];`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`wantedBy = [ "multi-user.target" ];`
			`environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/default.yml".path;`
			`serviceConfig = rec`
			`{`
			`User = inputs.config.users.users.misskey.name;`
			`Group = inputs.config.users.users.misskey.group;`
			`WorkingDirectory = "/var/lib/misskey/work";`
			`ExecStart = "${WorkingDirectory}/bin/misskey";`
			`CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];`
			`AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];`
			`};`
完成misskey服务 2023-08-25 19:36:09 +08:00			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`tmpfiles.rules = [ "d /var/lib/misskey/files 0700 misskey misskey" ];`
add misskey 2023-08-25 18:25:34 +08:00			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`fileSystems =`
完成misskey服务 2023-08-25 19:36:09 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`"/var/lib/misskey/work" =`
			`{`
			`device = "${inputs.pkgs.localPackages.misskey}";`
			`options = [ "bind" ];`
			`};`
			`"/var/lib/misskey/work/files" =`
			`{`
			`device = "/var/lib/misskey/files";`
			`options = [ "bind" ];`
			`};`
完成misskey服务 2023-08-25 19:36:09 +08:00			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`sops.templates."misskey/default.yml" =`
完成misskey服务 2023-08-25 19:36:09 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`content =`
			`let`
			`placeholder = inputs.config.sops.placeholder;`
			`misskey = inputs.config.nixos.services.misskey;`
			`redis = inputs.config.nixos.services.redis.instances.misskey;`
			`in replaceStrings ["\t"] [" "] (stripeTabs`
			`''`
			`url: https://${misskey.hostname}/`
			`port: ${toString misskey.port}`
			`db:`
			`host: 127.0.0.1`
			`port: 5432`
			`db: misskey`
			`user: misskey`
			`pass: ${placeholder."postgresql/misskey"}`
misskey: increase statement_timeout 2023-08-29 10:32:09 +08:00			`extra:`
			`statement_timeout: 60000`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`dbReplications: false`
			`redis:`
			`host: 127.0.0.1`
			`port: ${toString redis.port}`
			`pass: ${placeholder."redis/misskey"}`
Revert "misskey: remove meilisearch" This reverts commit a3a5ab23c0c1c6cfbe5b529f5507633ac7f73119. 2023-08-30 20:08:08 +08:00			`meilisearch:`
			`host: 127.0.0.1`
			`port: 7700`
			`apiKey: ${placeholder."meilisearch/misskey"}`
			`ssl: false`
			`index: misskey`
			`scope: global`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`id: 'aid'`
			`proxyBypassHosts:`
			`- api.deepl.com`
			`- api-free.deepl.com`
			`- www.recaptcha.net`
			`- hcaptcha.com`
			`- challenges.cloudflare.com`
			`proxyRemoteFiles: true`
			`signToActivityPubGet: true`
			`maxFileSize: 1073741824`
			`'');`
			`owner = inputs.config.users.users.misskey.name;`
完成misskey服务 2023-08-25 19:36:09 +08:00			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`users =`
			`{`
			`users.misskey = { isSystemUser = true; group = "misskey"; home = "/var/lib/misskey"; createHome = true; };`
			`groups.misskey = {};`
			`};`
			`nixos.services =`
完成misskey服务 2023-08-25 19:36:09 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`redis.instances.misskey.port = 3545;`
			`nginx =`
misskey 增加代理，并准备部署到 vps7 2023-08-25 22:30:31 +08:00			`{`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`enable = true;`
			`httpProxy =`
misskey 增加代理，并准备部署到 vps7 2023-08-25 22:30:31 +08:00			`{`
fix nginx 2023-08-26 01:00:32 +08:00			`"${misskey.hostname}" =`
			`{`
			`upstream = "http://127.0.0.1:${toString misskey.port}";`
			`websocket = true;`
			`setHeaders.Host = misskey.hostname;`
			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`"direct.${misskey.hostname}" =`
			`{`
			`upstream = "http://127.0.0.1:${toString misskey.port}";`
			`websocket = true;`
fix nginx 2023-08-26 01:00:32 +08:00			`setHeaders.Host = misskey.hostname;`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`detectAuth = true;`
			`};`
misskey 增加代理，并准备部署到 vps7 2023-08-25 22:30:31 +08:00			`};`
			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`postgresql = { enable = true; instances.misskey = {}; };`
Revert "misskey: remove meilisearch" This reverts commit a3a5ab23c0c1c6cfbe5b529f5507633ac7f73119. 2023-08-30 20:08:08 +08:00			`meilisearch.instances.misskey = { user = inputs.config.users.users.misskey.name; port = 7700; };`
完成misskey服务 2023-08-25 19:36:09 +08:00			`};`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`})`
misskey proxy allow multiple instances 2023-08-26 14:07:57 +08:00			`(mkIf (misskey-proxy != {})`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`{`
fix 2023-08-25 23:22:47 +08:00			`nixos.services.nginx =`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`{`
fix 2023-08-25 23:22:47 +08:00			`enable = true;`
misskey proxy allow multiple instances 2023-08-26 14:07:57 +08:00			`httpProxy = listToAttrs (map`
			`(proxy:`
			`{`
			`name = proxy.value.hostname;`
			`value =`
			`{`
			`upstream = "https://direct.${proxy.value.hostname}";`
			`websocket = true;`
			`setHeaders.Host = "direct.${proxy.value.hostname}";`
			`addAuth = true;`
			`};`
			`})`
			`(attrsToList misskey-proxy));`
enable 铜锣湾实验室 2023-08-25 22:55:33 +08:00			`};`
			`})`
			`];`
add misskey 2023-08-25 18:25:34 +08:00			`}`