nix-files/hosts/by-name/servo/services/lemmy.nix

{ config, lib, ... }:
let
  inherit (builtins) toString;
  inherit (lib) mkForce;
  uiPort = 1234;  # default ui port is 1234
  backendPort = 8536; # default backend port is 8536
  # - i guess the "backend" port is used for federation?
in {
  services.lemmy = {
    enable = true;
    settings.hostname = "lemmy.uninsane.org";
    settings.federation.enabled = true;
    # federation.debug forces outbound federation queries to be run synchronously
    # settings.federation.debug = true;
    settings.port = backendPort;
    ui.port = uiPort;
    database.createLocally = true;
  };

  systemd.services.lemmy.serviceConfig = {
    # fix to use a normal user so we can configure perms correctly
    DynamicUser = mkForce false;
    User = "lemmy";
    Group = "lemmy";
  };
  systemd.services.lemmy.environment = {
    RUST_BACKTRACE = "full";
    # RUST_LOG = "debug";
    # upstream defaults LEMMY_DATABASE_URL = "postgres:///lemmy?host=/run/postgresql";
    # - Postgres complains that we didn't specify a user
    # lemmy formats the url as:
    # - postgres://{user}:{password}@{host}:{port}/{database}
    # SO suggests (https://stackoverflow.com/questions/3582552/what-is-the-format-for-the-postgresql-connection-string-url):
    # - postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]
    # LEMMY_DATABASE_URL = "postgres://lemmy@/run/postgresql";  # connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL:  database "run/postgresql" does not exist
    # LEMMY_DATABASE_URL = "postgres://lemmy?host=/run/postgresql";  # no PostgreSQL user name specified in startup packet
    # LEMMY_DATABASE_URL = mkForce "postgres://lemmy@?host=/run/postgresql";  # WORKS
    LEMMY_DATABASE_URL = mkForce "postgres://lemmy@/lemmy?host=/run/postgresql";
  };
  users.groups.lemmy = {};
  users.users.lemmy = {
    group = "lemmy";
    isSystemUser = true;
  };

  services.nginx.virtualHosts."lemmy.uninsane.org" = {
    forceSSL = true;
    enableACME = true;
    locations = let
      ui = "http://127.0.0.1:${toString uiPort}";
      backend = "http://127.0.0.1:${toString backendPort}";
    in {
      # see <LemmyNet/lemmy:docker/federation/nginx.conf>
      # see <LemmyNet/lemmy:docker/nginx.conf>
      # see <LemmyNet/lemmy-ansible:templates/nginx.conf>
      "/" = {
        # "frontend general requests"
        proxyPass = "$proxpass";
        extraConfig = ''
          set $proxpass "${ui}";
          if ($http_accept = "application/activity+json") {
            set $proxpass "${backend}";
          }
          if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
            set $proxpass "${backend}";
          }

          # XXX: lemmy-ansible nginx uses this maximally broad redirection
          # if ($http_accept ~ "^application/.*$") {
          #   set $proxpass "${backend}";
          # }
          # XXX: POST redirection occurs in lemmy-ansible and docker/nginx.conf but not docker/federation/nginx.conf
          if ($request_method = POST) {
            set $proxpass "${backend}";
          }

          # Cuts off the trailing slash on URLs to make them valid
          rewrite ^(.+)/+$ $1 permanent;

          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        '';
      };
      "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
        # "backend"
        proxyPass = backend;
        proxyWebsockets = true;
        extraConfig = ''
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        '';
      };
    };
  };

  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
}
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`{ config, lib, ... }:`
			`let`
			`inherit (builtins) toString;`
			`inherit (lib) mkForce;`
			`uiPort = 1234; # default ui port is 1234`
			`backendPort = 8536; # default backend port is 8536`
			`# - i guess the "backend" port is used for federation?`
			`in {`
			`services.lemmy = {`
			`enable = true;`
			`settings.hostname = "lemmy.uninsane.org";`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`settings.federation.enabled = true;`
			`# federation.debug forces outbound federation queries to be run synchronously`
lemmy: remove federation.debug 2023-05-12 04:47:10 +00:00			`# settings.federation.debug = true;`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`settings.port = backendPort;`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`ui.port = uiPort;`
			`database.createLocally = true;`
			`};`

			`systemd.services.lemmy.serviceConfig = {`
			`# fix to use a normal user so we can configure perms correctly`
			`DynamicUser = mkForce false;`
			`User = "lemmy";`
			`Group = "lemmy";`
lemmy: fix the database connection 2023-05-09 10:05:14 +00:00			`};`
			`systemd.services.lemmy.environment = {`
			`RUST_BACKTRACE = "full";`
lemmy: remove debugging statements 2023-05-12 04:49:15 +00:00			`# RUST_LOG = "debug";`
lemmy: fix the database connection 2023-05-09 10:05:14 +00:00			`# upstream defaults LEMMY_DATABASE_URL = "postgres:///lemmy?host=/run/postgresql";`
			`# - Postgres complains that we didn't specify a user`
			`# lemmy formats the url as:`
			`# - postgres://{user}:{password}@{host}:{port}/{database}`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`# SO suggests (https://stackoverflow.com/questions/3582552/what-is-the-format-for-the-postgresql-connection-string-url):`
			`# - postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]`
lemmy: fix the database connection 2023-05-09 10:05:14 +00:00			`# LEMMY_DATABASE_URL = "postgres://lemmy@/run/postgresql"; # connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: database "run/postgresql" does not exist`
			`# LEMMY_DATABASE_URL = "postgres://lemmy?host=/run/postgresql"; # no PostgreSQL user name specified in startup packet`
lemmy: remove debugging statements 2023-05-12 04:49:15 +00:00			`# LEMMY_DATABASE_URL = mkForce "postgres://lemmy@?host=/run/postgresql"; # WORKS`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`LEMMY_DATABASE_URL = mkForce "postgres://lemmy@/lemmy?host=/run/postgresql";`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`};`
			`users.groups.lemmy = {};`
			`users.users.lemmy = {`
			`group = "lemmy";`
			`isSystemUser = true;`
			`};`

			`services.nginx.virtualHosts."lemmy.uninsane.org" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = let`
			`ui = "http://127.0.0.1:${toString uiPort}";`
			`backend = "http://127.0.0.1:${toString backendPort}";`
			`in {`
			`# see <LemmyNet/lemmy:docker/federation/nginx.conf>`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`# see <LemmyNet/lemmy:docker/nginx.conf>`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`# see <LemmyNet/lemmy-ansible:templates/nginx.conf>`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`"/" = {`
			`# "frontend general requests"`
lemmy: switch back to using nix-style `proxyPass` 2023-05-12 02:47:47 +00:00			`proxyPass = "$proxpass";`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`extraConfig = ''`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`set $proxpass "${ui}";`
lemmy: restrict the http_accept types i forward to the backend it seems that forwarding `POST`s is the important part i was missing earlier 2023-05-12 03:05:26 +00:00			`if ($http_accept = "application/activity+json") {`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`set $proxpass "${backend}";`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`}`
lemmy: restrict the http_accept types i forward to the backend it seems that forwarding `POST`s is the important part i was missing earlier 2023-05-12 03:05:26 +00:00			`if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {`
			`set $proxpass "${backend}";`
			`}`

			`# XXX: lemmy-ansible nginx uses this maximally broad redirection`
			`# if ($http_accept ~ "^application/.*$") {`
			`# set $proxpass "${backend}";`
			`# }`
lemmy: switch back to using nix-style `proxyPass` 2023-05-12 02:47:47 +00:00			`# XXX: POST redirection occurs in lemmy-ansible and docker/nginx.conf but not docker/federation/nginx.conf`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00			`if ($request_method = POST) {`
			`set $proxpass "${backend}";`
			`}`

servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`# Cuts off the trailing slash on URLs to make them valid`
			`rewrite ^(.+)/+$ $1 permanent;`
lemmy: fix federation now when i subscribe to a community, the request actually seems to go through. this change probably does more than necessary, but it serves as a known-good config 2023-05-12 02:35:37 +00:00
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`'';`
			`};`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`"~ ^/(api\|pictrs\|feeds\|nodeinfo\|.well-known)" = {`
			`# "backend"`
			`proxyPass = backend;`
lemmy: enable proxyWebsockets instead of manually specifying upgrade logic 2023-05-12 04:46:38 +00:00			`proxyWebsockets = true;`
lemmy: fixup websocket forwarding able to create admin account and subscribe to remote communities. haven't tested posting comments. 2023-05-10 06:11:13 +00:00			`extraConfig = ''`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`'';`
			`};`
servo: try to ship lemmy (it's failing with some DB migration stuff) 2023-04-28 02:02:39 +00:00			`};`
			`};`

			`sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";`
			`}`