2023-04-28 02:02:39 +00:00
{ config , lib , . . . }:
let
inherit ( builtins ) toString ;
inherit ( lib ) mkForce ;
uiPort = 1234 ; # default ui port is 1234
backendPort = 8536 ; # default backend port is 8536
# - i guess the "backend" port is used for federation?
in {
services . lemmy = {
enable = true ;
settings . hostname = " l e m m y . u n i n s a n e . o r g " ;
2023-05-12 02:35:37 +00:00
settings . federation . enabled = true ;
# federation.debug forces outbound federation queries to be run synchronously
settings . federation . debug = true ;
settings . port = backendPort ;
2023-04-28 02:02:39 +00:00
# settings.database.host = "localhost";
2023-05-09 10:05:14 +00:00
# defaults
# settings.database = {
# user = "lemmy";
# host = "/run/postgresql";
# # host = "localhost"; # fails with "fe_sendauth: no password supplied"
# port = 5432;
# database = "lemmy";
# pool_size = 5;
# };
2023-04-28 02:02:39 +00:00
ui . port = uiPort ;
database . createLocally = true ;
} ;
systemd . services . lemmy . serviceConfig = {
# fix to use a normal user so we can configure perms correctly
DynamicUser = mkForce false ;
User = " l e m m y " ;
Group = " l e m m y " ;
2023-05-09 10:05:14 +00:00
# Environment = [ "RUST_BACKTRACE=full" "RUST_LOG=info" ];
} ;
systemd . services . lemmy . environment = {
RUST_BACKTRACE = " f u l l " ;
2023-05-12 02:35:37 +00:00
RUST_LOG = " d e b u g " ;
2023-05-09 10:05:14 +00:00
# upstream defaults LEMMY_DATABASE_URL = "postgres:///lemmy?host=/run/postgresql";
# - Postgres complains that we didn't specify a user
# lemmy formats the url as:
# - postgres://{user}:{password}@{host}:{port}/{database}
2023-05-10 06:11:13 +00:00
# SO suggests (https://stackoverflow.com/questions/3582552/what-is-the-format-for-the-postgresql-connection-string-url):
# - postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]
2023-05-09 10:05:14 +00:00
# LEMMY_DATABASE_URL = "postgres://lemmy@/run/postgresql"; # connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: database "run/postgresql" does not exist
# LEMMY_DATABASE_URL = "postgres://lemmy?host=/run/postgresql"; # no PostgreSQL user name specified in startup packet
2023-05-10 06:11:13 +00:00
# LEMMY_DATABASE_URL = mkForce "postgres://lemmy@?host=/run/postgresql"; # WORKS!
LEMMY_DATABASE_URL = mkForce " p o s t g r e s : / / l e m m y @ / l e m m y ? h o s t = / r u n / p o s t g r e s q l " ;
2023-04-28 02:02:39 +00:00
} ;
users . groups . lemmy = { } ;
users . users . lemmy = {
group = " l e m m y " ;
isSystemUser = true ;
} ;
services . nginx . virtualHosts . " l e m m y . u n i n s a n e . o r g " = {
forceSSL = true ;
enableACME = true ;
locations = let
ui = " h t t p : / / 1 2 7 . 0 . 0 . 1 : ${ toString uiPort } " ;
backend = " h t t p : / / 1 2 7 . 0 . 0 . 1 : ${ toString backendPort } " ;
in {
# see <LemmyNet/lemmy:docker/federation/nginx.conf>
2023-05-10 06:11:13 +00:00
# see <LemmyNet/lemmy:docker/nginx.conf>
2023-05-12 02:35:37 +00:00
# see <LemmyNet/lemmy-ansible:templates/nginx.conf>
2023-05-10 06:11:13 +00:00
" / " = {
# "frontend general requests"
2023-05-12 02:47:47 +00:00
proxyPass = " $ p r o x p a s s " ;
2023-04-28 02:02:39 +00:00
extraConfig = ''
2023-05-12 02:35:37 +00:00
set $ proxpass " ${ ui } " ;
# if ($http_accept = "application/activity+json") {
# set $proxpass "${backend}";
# }
# if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
# set $proxpass "${backend}";
# }
# XXX: lemmy-ansible nginx uses this maximally broad redirection
if ( $ http_accept ~ " ^ a p p l i c a t i o n / . * $ " ) {
set $ proxpass " ${ backend } " ;
2023-04-28 02:02:39 +00:00
}
2023-05-12 02:47:47 +00:00
# XXX: POST redirection occurs in lemmy-ansible and docker/nginx.conf but not docker/federation/nginx.conf
2023-05-12 02:35:37 +00:00
if ( $ request_method = POST ) {
set $ proxpass " ${ backend } " ;
}
2023-04-28 02:02:39 +00:00
# Cuts off the trailing slash on URLs to make them valid
rewrite ^ ( . + ) /+ $ $ 1 permanent ;
2023-05-12 02:35:37 +00:00
proxy_set_header X-Real-IP $ remote_addr ;
proxy_set_header Host $ host ;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
2023-04-28 02:02:39 +00:00
'' ;
} ;
2023-05-10 06:11:13 +00:00
" ~ ^ / ( a p i | p i c t r s | f e e d s | n o d e i n f o | . w e l l - k n o w n ) " = {
# "backend"
proxyPass = backend ;
# <lemmy-docs:src/en/administration/troubleshooting.md> calls out these lines for the websocket
extraConfig = ''
proxy_http_version 1 .1 ;
proxy_set_header Upgrade $ http_upgrade ;
proxy_set_header Connection " u p g r a d e " ;
proxy_set_header X-Real-IP $ remote_addr ;
proxy_set_header Host $ host ;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
'' ;
} ;
2023-04-28 02:02:39 +00:00
} ;
} ;
sane . services . trust-dns . zones . " u n i n s a n e . o r g " . inet . CNAME . " l e m m y " = " n a t i v e " ;
}