chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
陈浩南
2023-10-02 22:27:35 +08:00
parent 97952ec828
commit e3336b95f8
4 changed files with 103 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@@ -214,7 +214,7 @@
nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
smartd.enable = true;
nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
misskey.instances.misskey = { autoStart = false; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
misskey.instances.misskey.hostname = "xn--qbtm095lrg0bfka60z.chn.moe";
misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
beesd = { enable = true; instances.root = { device = "/"; hashTableSizeMB = 2048; }; };
};
@@ -356,7 +356,7 @@
rsshub.enable = true;
nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
wallabag.enable = true;
misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
misskey.instances.misskey.hostname = "xn--s8w913fdga.chn.moe";
misskey-proxy."xn--s8w913fdga.chn.moe" = {};
synapse.enable = true;
synapse-proxy."synapse.chn.moe" = {};

2
modules/services/meilisearch.nix
View File

@@ -101,7 +101,7 @@ inputs:
max_indexing_memory = "16Gb"
max_indexing_threads = 1
'';
owner = inputs.config.users.users.misskey.name;
owner = instance.value.user;
};
})
(attrsToList meilisearch.instances));

161
modules/services/misskey.nix
View File

@@ -44,16 +44,17 @@ inputs:
inherit (builtins) map listToAttrs toString replaceStrings;
in mkMerge
[
(mkMerge (map
(instance:
{
systemd =
{
systemd = mkMerge (map
(instance:
{
services."misskey-${instance.name}" = rec
{
enable = instance.value.autoStart;
description = "misskey ${instance.name}";
after = [ "network.target" "redis-misskey-${instance.name}.service" "postgresql.service" ]
++ (if instance.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ] else []);
++ (if instance.value.meilisearch.enable then [ "meilisearch-misskey-${instance.name}.service" ]
else []);
requires = after;
wantedBy = [ "multi-user.target" ];
environment.MISSKEY_CONFIG_YML = inputs.config.sops.templates."misskey/${instance.name}.yml".path;
@@ -70,8 +71,10 @@ inputs:
};
};
tmpfiles.rules = [ "d /var/lib/misskey/${instance.name}/files 0700 misskey misskey" ];
};
fileSystems =
})
(attrsToList misskey.instances));
fileSystems = mkMerge (map
(instance:
{
"/var/lib/misskey/${instance.name}/work" =
{
@@ -83,55 +86,63 @@ inputs:
device = "/var/lib/misskey/${instance.name}/files";
options = [ "bind" "private" "x-gvfs-hide" ];
};
};
sops.templates."misskey/${instance.name}.yml" =
})
(attrsToList misskey.instances));
sops.templates = listToAttrs (map
(instance:
{
content =
let
placeholder = inputs.config.sops.placeholder;
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
in
''
url: https://${instance.value.hostname}/
port: ${toString instance.value.port}
db:
host: 127.0.0.1
port: 5432
db: ${replaceStrings [ "-" ] [ "_" ] instance.name}
user: ${instance.name}
pass: ${placeholder."postgresql/misskey-${instance.name}"}
extra:
statement_timeout: 60000
dbReplications: false
redis:
host: 127.0.0.1
port: ${toString redis.port}
pass: ${placeholder."redis/misskey-${instance.name}"}
id: 'aid'
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
proxyRemoteFiles: true
signToActivityPubGet: true
maxFileSize: 1073741824
''
+ (if instance.value.meilisearch.enable then
''
meilisearch:
host: 127.0.0.1
port: ${toString meilisearch.port}
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
ssl: false
index: misskey
scope: globa
'' else "");
owner = inputs.config.users.users."misskey-${instance.name}".name;
};
users =
name = "misskey/${instance.name}.yml";
value =
{
content =
let
placeholder = inputs.config.sops.placeholder;
redis = inputs.config.nixos.services.redis.instances."misskey-${instance.name}";
meilisearch = inputs.config.nixos.services.meilisearch.instances."misskey-${instance.name}";
in
''
url: https://${instance.value.hostname}/
port: ${toString instance.value.port}
db:
host: 127.0.0.1
port: 5432
db: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
user: misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}
pass: ${placeholder."postgresql/misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"}
extra:
statement_timeout: 60000
dbReplications: false
redis:
host: 127.0.0.1
port: ${toString redis.port}
pass: ${placeholder."redis/misskey-${instance.name}"}
id: 'aid'
proxyBypassHosts:
- api.deepl.com
- api-free.deepl.com
- www.recaptcha.net
- hcaptcha.com
- challenges.cloudflare.com
proxyRemoteFiles: true
signToActivityPubGet: true
maxFileSize: 1073741824
''
+ (if instance.value.meilisearch.enable then
''
meilisearch:
host: 127.0.0.1
port: ${toString meilisearch.port}
apiKey: ${placeholder."meilisearch/misskey-${instance.name}"}
ssl: false
index: misskey
scope: globa
'' else "");
owner = inputs.config.users.users."misskey-${instance.name}".name;
};
})
(attrsToList misskey.instances));
users = mkMerge (map
(instance:
{
users."misskey-${instance.name}" =
{
@@ -141,19 +152,37 @@ inputs:
createHome = true;
};
groups."misskey-${instance.name}" = {};
};
nixos.services =
{
redis.instances."misskey-${instance.name}".port = instance.value.redis.port;
postgresql = { enable = true; instances."misskey-${instance.name}" = {}; };
meilisearch.instances."misskey-${instance.name}" =
})
(attrsToList misskey.instances));
nixos.services =
{
redis.instances = listToAttrs (map
(instance:
{
user = inputs.config.users.users."misskey-${instance.name}".name;
port = instance.value.meilisearch.port;
};
name = "misskey-${instance.name}";
value.port = instance.value.redis.port;
})
(attrsToList misskey.instances));
postgresql =
{
enable = true;
instances = listToAttrs (map
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
(attrsToList misskey.instances));
};
})
(attrsToList misskey.instances)))
meilisearch.instances = listToAttrs (map
(instance:
{
name = "misskey-${instance.name}";
value =
{
user = inputs.config.users.users."misskey-${instance.name}".name;
port = instance.value.meilisearch.port;
};
})
(attrsToList misskey.instances));
};
}
(mkIf (misskey-proxy != {})
{
nixos.services.nginx =

10
secrets/pc.yaml
View File

@@ -9,11 +9,11 @@ store:
nginx:
maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
postgresql:
misskey: ENC[AES256_GCM,data:KiJ2smpRwJ1pzauCgVsmFH4aCiw4sEkCQ9JSTao5NdI=,iv:jIc0a797dokfByN2vJcYcAFfPC8MP7wCV5qsxoCDxcE=,tag:L5n1/xszwB0lhqYcbLqp2Q==,type:str]
misskey_misskey: ENC[AES256_GCM,data:MSDbQffk/WjZ6EYiwVuUMdhdv9VE59ZM7t4XldOKRO0=,iv:J/x9t4Pk5zi7Av9fbzxgAbbtbEUZttSx/JGRmmgmvE4=,tag:CwFR9K++T7YqYR932z3IAg==,type:str]
redis:
misskey: ENC[AES256_GCM,data:SAcZsRrhNB+CjpcvUcWLi5nhEA49bFM+HYHEkszNdZs=,iv:fOLletIWzCrhHZrgwl5dpdCnwUbcEeTaKNosXna8pfU=,tag:EpdBW/RexAoJ0z1G2Emvww==,type:str]
misskey-misskey: ENC[AES256_GCM,data:vcvQ/hs/F3BZd1sfvWwfEeB8vVoqdnprxobcmL6xsmg=,iv:S32yrjrjj56HbxTlfFGjOb+sO2M9KKEDEazCrpQWj6Q=,tag:iwnvqwQEdd6jicx9jJBdbg==,type:str]
meilisearch:
misskey: ENC[AES256_GCM,data:oBYIwQyfPyjsp1dfveVGqO7mY9LO7jaD+Mpe9nTm8Sd8XKgRPJWkce4tnBXBRzkdLURvDDD25uODUekdkkO1gA==,iv:/Gw3PX1w7dWWzEMCWrETGees8CjONwzIpTZSCkQsZXc=,tag:59GHYNPRTv3KFqhpUDXBLg==,type:str]
misskey-misskey: ENC[AES256_GCM,data:/wYR3Bz4LRk/Ks0vizlZS3Ebf5qVfnlBBqZEm/ZIBFdDuhddgu71cqCjTHIKQ6CYh3CoUyguKIIFWku/kOCHKA==,iv:dllKvZwxvZC4pVyEMOB9WNiVBsVxzo5kwbdYKCzzyrY=,tag:MvzqalVvBkyJoLbirN0V8Q==,type:str]
nebula:
key: ENC[AES256_GCM,data:kNm9hwMa/EhDeOCeZw1jEnroolTkeEeAxpSEDko6tHSDHwHbhfjr01ZzHKE=,iv:q2qCi99XgZJvRuF1dm16sK6BFIoa9QUN8p4LSiZq28o=,tag:ApOKdA91LBiWHv6TuXMkpA==,type:str]
sops:
@@ -40,8 +40,8 @@ sops:
OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
+K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-18T12:02:13Z"
mac: ENC[AES256_GCM,data:cO1AngVyJaj+M91wUCG4mGLRjYDF57CdV1UyYeWBXozNl1VxgTWlUFfQJFC5gIGKohAXhGT0SERLGPRVIkacd0hvuHdeHHyp7kzrwQGZTkfxu6oknlvXEXNUdrIiwoers5aJQbbdlEHI6jKL794VRtkykp3bJs0tSeI+v4EA6kI=,iv:YE+oJN+ZJ+1zmze0+GOYG/G8UI7VrVGO1Iwut6mrBfg=,tag:gF8EQSIbVoAzbb4kmWB/uA==,type:str]
lastmodified: "2023-10-02T14:01:56Z"
mac: ENC[AES256_GCM,data:dvIJiCSMhpCqaKxCrGAgNf3gqCFESxEaHz0IQkkq9pJSP80dvHmJMGig7qifleDZQGj4UVxtlyKyVg8ObsmbKUGEToDiIRkEfuIPX/vKbm8/z846T/wb90husaYjMUed4LCxXWA8hjmx/YjM1n52m5TWLSorgR2ox/NPcyrs5XM=,iv:eami+EvCNSLKzQgvJatBFzvu/uD5fxjqqZyEarqBgrY=,tag:qexJ/INgiBRrXFW4/msv8g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3