muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add lemmy

Browse source
This commit is contained in:
muon 2025-05-17 10:54:00 +00:00
parent 588fed0ea6
commit ed26516625
6 changed files with 121 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/muho/configuration.nix
View file

@ -42,6 +42,7 @@ in {
mods.server.cal.enable = true; mods.server.cal.enable = true;
mods.server.chat.enable = true; mods.server.chat.enable = true;
mods.server.ntfy.enable = true; mods.server.ntfy.enable = true;
mods.server.lemmy.enable = true;
mods.server.dash.enable = false; mods.server.dash.enable = false;
mods.server.nginx.ports.dash = 3009; mods.server.nginx.ports.dash = 3009;
@ -138,5 +139,5 @@ in {
# hardware.nvidia.powerManagement.enable = false; # hardware.nvidia.powerManagement.enable = false;
# Version of first install # Version of first install
system.stateVersion = "23.05"; system.stateVersion = "23.11";
} }

14
hosts/ports.nix
View file

@ -1,4 +1,11 @@
{ pkgs, lib, config, ... }: { { pkgs, lib, config, ... }: {
options.mods.server = with lib; {
local.ports = mkOption {
type = types.attrsOf (types.ints.u16);
default = { };
};
};
config = {
mods.server.nginx.ports = { mods.server.nginx.ports = {
photos = 3001; photos = 3001;
homebox = 3002; homebox = 3002;
@ -10,9 +17,16 @@
chat = 3008; chat = 3008;
# dash = 3009; # dash = 3009;
ntfy = 3010; ntfy = 3010;
lemmy = 3011;
search = 8081; search = 8081;
videos = 8082; videos = 8082;
reddit = 8083; reddit = 8083;
}; };
mods.server.local.ports = {
# grav = 5001
lemmy-api = 5002;
pict-rs = 5003;
};
};
} }

1
modules/nixos/server/default.nix
View file

@ -22,5 +22,6 @@
./dash.nix ./dash.nix
./nvr.nix ./nvr.nix
./ntfy.nix ./ntfy.nix
./lemmy.nix
]; ];
} }

83
modules/nixos/server/lemmy.nix Normal file
View file

@ -0,0 +1,83 @@
{ pkgs, lib, config, ... }:
let
inherit (lib) mkEnableOption;
cfg = config.mods.server.lemmy;
port = config.mods.server.local.ports.lemmy-api;
port-ui = config.mods.server.nginx.ports.lemmy;
port-pict = config.mods.server.local.ports.pict-rs;
hostname = "lemmy.muon.host";
bind = "0.0.0.0";
in {
options.mods.server.lemmy = {
enable = mkEnableOption {
default = false;
description = "enables lemmy engine server";
};
};
config = {
services.lemmy = lib.mkIf cfg.enable {
enable = true;
ui.port = port-ui;
settings = { inherit port hostname bind; };
database.createLocally = true;
};
systemd.services.lemmy-ui = lib.mkIf cfg.enable {
environment = lib.mkForce {
LEMMY_UI_HOST = "${bind}:${toString port-ui}";
LEMMY_UI_LEMMY_INTERNAL_HOST = "${bind}:${toString port}";
LEMMY_UI_LEMMY_EXTERNAL_HOST = hostname;
LEMMY_UI_HTTPS = "false";
NODE_ENV = "production";
};
};
services.pict-rs = lib.mkIf cfg.enable {
enable = true;
port = port-pict;
address = "0.0.0.0";
};
services.nginx.virtualHosts."${hostname}".locations = let
ui = "http://10.0.0.3:${toString port-ui}";
backend = "http://10.0.0.3:${toString port}";
in lib.mkIf config.mods.server.nginx.enable {
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
# backend requests
proxyPass = backend;
proxyWebsockets = true;
recommendedProxySettings = true;
};
"/" = {
# mixed frontend and backend requests, based on the request headers
extraConfig = ''
set $proxpass "${ui}";
if ($http_accept = "application/activity+json") {
set $proxpass "${backend}";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "${backend}";
}
if ($request_method = POST) {
set $proxpass "${backend}";
}
# Cuts off the trailing slash on URLs to make them valid
rewrite ^(.+)/+$ $1 permanent;
proxy_pass $proxpass;
# Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
# The other headers are optional, for the sake of better log data.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

3
modules/nixos/sops/default.nix
View file

@ -14,5 +14,8 @@ in with lib; {
owner = "radicale"; owner = "radicale";
group = "radicale"; group = "radicale";
}; };
secrets.lemmy-password = mkIf cfg.server.lemmy.enable {
};
}; };
} }

12
modules/nixos/sops/secrets.yaml
View file

@ -1,11 +1,8 @@
muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1XIMJR1Vgn/f1uo62bu4a/bknAR5gEBfd/cSRUTdBBxd7Lec2k3fxQg==,iv:j1JTzyfjcKEqh+PK5tyCWBMV7MpwvIG9MJ9eiajksxM=,tag:ZcSEVBW1UOCvE40yIsaBFQ==,type:str] muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1XIMJR1Vgn/f1uo62bu4a/bknAR5gEBfd/cSRUTdBBxd7Lec2k3fxQg==,iv:j1JTzyfjcKEqh+PK5tyCWBMV7MpwvIG9MJ9eiajksxM=,tag:ZcSEVBW1UOCvE40yIsaBFQ==,type:str]
zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str] zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str]
htpasswd: ENC[AES256_GCM,data:YbDNElLsvRtC1ezgxIYI6U+ZZES1Lr6BXamNdbxQibj0NfC9oobP7ed8MQpFTlhhJZx5I5Xa6XtFrvjdo13NtdU=,iv:P98P1XxtdCp7+TuAwKybzjcWGF1OQtnAuQs4ObZct7o=,tag:gXrQaBxUvuVSB5yYhWcihA==,type:str] htpasswd: ENC[AES256_GCM,data:YbDNElLsvRtC1ezgxIYI6U+ZZES1Lr6BXamNdbxQibj0NfC9oobP7ed8MQpFTlhhJZx5I5Xa6XtFrvjdo13NtdU=,iv:P98P1XxtdCp7+TuAwKybzjcWGF1OQtnAuQs4ObZct7o=,tag:gXrQaBxUvuVSB5yYhWcihA==,type:str]
lemmy-password: ENC[AES256_GCM,data:VVPbhW6l+VYSUfmlySPSwITwonKQHaIY,iv:XcwM7Sz2novn3cHt4EK5HAZkYVPfPqwIcGtTWMQPByg=,tag:0b8epk98eTcx7b57yGcjpw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
enc: | enc: |
@ -34,8 +31,7 @@ sops:
cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts
OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-25T15:55:13Z" lastmodified: "2025-05-17T09:59:07Z"
mac: ENC[AES256_GCM,data:M/IPR1hqkiLHqt/fgmZ+HezGrmAKbu0LJJkMMr0895neP6WB571AQ29+VLRm+7jDp9qjKgelwDOU/t/UdUgKP1hSK0cOcHR1B7KecHVCFKHNdfaD70xzA4PUQpTFIc6bHyLSMeQAwoEDKkW3inuKwD6k1RVQmOOUMT9shs6Oe48=,iv:I6XbpfScaJwZPXyVkvreKL2tDwgt7p8Eub/pSD6Bm8g=,tag:6wdBYdoOgf9iX0cGT63v3Q==,type:str] mac: ENC[AES256_GCM,data:ewURL+W/C0XnEJiXipeSXr5F5hItD3LPMdThjBg1ObY/N7Tb28Tm18vCOpbr37H0gDWnDjNu2rzVN3+XjrbVzXe7n4YUzN2sZa2zZEJhHDTyQWdiPtMpApXeu1Va621EQymDyTm7N2hJz3MvadiWYIv/ft685FPY7qRX7pluUFc=,iv:FIoClE4hX8+PBHY5LOFeSowxSrAHIaDPFblD6Pkakes=,tag:FepKajXRusCbLTlJGPKm6g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.3 version: 3.10.2