hades: add pleroma service
This commit is contained in:
parent
1f29508108
commit
7268c1f853
|
@ -99,6 +99,12 @@ in {
|
|||
port = 8084;
|
||||
};
|
||||
|
||||
pleroma = {
|
||||
enable = true;
|
||||
port = 8086;
|
||||
secretConfigFile = config.age.secrets."pleroma/pleroma-config".path;
|
||||
};
|
||||
|
||||
restic-backup = {
|
||||
enable = true;
|
||||
repo = "b2:hades-backup-alarsyo";
|
||||
|
|
|
@ -28,6 +28,8 @@
|
|||
"paperless/admin-password" = {};
|
||||
"paperless/secret-key" = {};
|
||||
|
||||
"pleroma/pleroma-config" = {};
|
||||
|
||||
"restic-backup/hades-credentials" = {};
|
||||
"restic-backup/hades-password" = {};
|
||||
|
||||
|
|
BIN
modules/secrets/pleroma/pleroma-config.age
Normal file
BIN
modules/secrets/pleroma/pleroma-config.age
Normal file
Binary file not shown.
|
@ -24,6 +24,8 @@ in {
|
|||
"paperless/admin-password.age".publicKeys = [alarsyo hades];
|
||||
"paperless/secret-key.age".publicKeys = [alarsyo hades];
|
||||
|
||||
"pleroma/pleroma-config.age".publicKeys = [alarsyo hades];
|
||||
|
||||
"restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
|
||||
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
|
||||
"restic-backup/hades-password.age".publicKeys = [alarsyo hades];
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
./paperless.nix
|
||||
./photoprism.nix
|
||||
./pipewire.nix
|
||||
./pleroma.nix
|
||||
./postgresql-backup.nix
|
||||
./postgresql.nix
|
||||
./restic-backup.nix
|
||||
|
|
105
services/pleroma.nix
Normal file
105
services/pleroma.nix
Normal file
|
@ -0,0 +1,105 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit
|
||||
(lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
;
|
||||
|
||||
cfg = config.my.services.pleroma;
|
||||
my = config.my;
|
||||
|
||||
domain = config.networking.domain;
|
||||
hostname = config.networking.hostName;
|
||||
fqdn = "${hostname}.${domain}";
|
||||
in {
|
||||
options.my.services.pleroma = let
|
||||
inherit (lib) types;
|
||||
in {
|
||||
enable = mkEnableOption "Pleroma";
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8080;
|
||||
example = 8080;
|
||||
description = "Pleroma server port";
|
||||
};
|
||||
|
||||
secretConfigFile = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/pleroma/secrets.exs";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.pleroma = {
|
||||
enable = true;
|
||||
secretConfigFile = cfg.secretConfigFile;
|
||||
|
||||
configs = [
|
||||
''
|
||||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "social.${domain}", scheme: "https", port: 443],
|
||||
http: [ip: {127, 0, 0, 1}, port: ${cfg.port}]
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "social.alarsyo.net",
|
||||
email: "contact+pleroma@alarsyo.net",
|
||||
notify_email: "pleroma@alarsyo.net",
|
||||
limit: 5000,
|
||||
registrations_open: false
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
redirect_on_failure: true
|
||||
#base_url: "https://cache.pleroma.social"
|
||||
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "pleroma",
|
||||
database: "pleroma",
|
||||
hostname: "localhost"
|
||||
|
||||
# Configure web push notifications
|
||||
config :web_push_encryption, :vapid_details,
|
||||
subject: "mailto:contact+pleroma@alarsyo.net"
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||
|
||||
# Enable Strict-Transport-Security once SSL is working:
|
||||
# config :pleroma, :http_security,
|
||||
# sts: true
|
||||
|
||||
config :pleroma, configurable_from_database: false
|
||||
|
||||
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
|
||||
''
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."social.${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = fqdn;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}/";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
etag on;
|
||||
client_max_body_size 50m;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs.${fqdn}.extraDomainNames = ["social.${domain}"];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue