2023-04-28 02:02:39 +00:00
{ config , lib , . . . }:
let
inherit ( builtins ) toString ;
inherit ( lib ) mkForce ;
uiPort = 1234 ; # default ui port is 1234
backendPort = 8536 ; # default backend port is 8536
# - i guess the "backend" port is used for federation?
in {
services . lemmy = {
enable = true ;
settings . hostname = " l e m m y . u n i n s a n e . o r g " ;
settings . options . federation . enabled = true ;
settings . options . port = backendPort ;
# settings.database.host = "localhost";
2023-05-09 10:05:14 +00:00
# defaults
# settings.database = {
# user = "lemmy";
# host = "/run/postgresql";
# # host = "localhost"; # fails with "fe_sendauth: no password supplied"
# port = 5432;
# database = "lemmy";
# pool_size = 5;
# };
2023-04-28 02:02:39 +00:00
ui . port = uiPort ;
database . createLocally = true ;
} ;
systemd . services . lemmy . serviceConfig = {
# fix to use a normal user so we can configure perms correctly
DynamicUser = mkForce false ;
User = " l e m m y " ;
Group = " l e m m y " ;
2023-05-09 10:05:14 +00:00
# Environment = [ "RUST_BACKTRACE=full" "RUST_LOG=info" ];
} ;
systemd . services . lemmy . environment = {
RUST_BACKTRACE = " f u l l " ;
# upstream defaults LEMMY_DATABASE_URL = "postgres:///lemmy?host=/run/postgresql";
# - Postgres complains that we didn't specify a user
# lemmy formats the url as:
# - postgres://{user}:{password}@{host}:{port}/{database}
# LEMMY_DATABASE_URL = "postgres://lemmy@/run/postgresql"; # connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: database "run/postgresql" does not exist
# LEMMY_DATABASE_URL = "postgres://lemmy?host=/run/postgresql"; # no PostgreSQL user name specified in startup packet
LEMMY_DATABASE_URL = mkForce " p o s t g r e s : / / l e m m y @ ? h o s t = / r u n / p o s t g r e s q l " ;
2023-04-28 02:02:39 +00:00
} ;
users . groups . lemmy = { } ;
users . users . lemmy = {
group = " l e m m y " ;
isSystemUser = true ;
} ;
services . nginx . virtualHosts . " l e m m y . u n i n s a n e . o r g " = {
forceSSL = true ;
enableACME = true ;
locations = let
ui = " h t t p : / / 1 2 7 . 0 . 0 . 1 : ${ toString uiPort } " ;
backend = " h t t p : / / 1 2 7 . 0 . 0 . 1 : ${ toString backendPort } " ;
in {
# see <LemmyNet/lemmy:docker/federation/nginx.conf>
" ~ ^ / ( a p i | p i c t r s | f e e d s | n o d e i n f o | . w e l l - k n o w n ) " = {
extraConfig = ''
set $ proxpass $ { ui } ;
if ( $ http_accept = " a p p l i c a t i o n / a c t i v i t y + j s o n " ) {
set $ proxpass $ { backend } ;
}
if ( $ http_accept = " a p p l i c a t i o n / l d + j s o n ; p r o f i l e = \" h t t p s : / / w w w . w 3 . o r g / n s / a c t i v i t y s t r e a m s \" " ) {
set $ proxpass $ { backend } ;
}
# Cuts off the trailing slash on URLs to make them valid
rewrite ^ ( . + ) /+ $ $ 1 permanent ;
'' ;
proxyPass = " $ p r o x p a s s " ;
} ;
" / " . proxyPass = ui ;
} ;
} ;
sane . services . trust-dns . zones . " u n i n s a n e . o r g " . inet . CNAME . " l e m m y " = " n a t i v e " ;
}