2023-05-16 06:04:29 +00:00
# docs:
# - <repo:LemmyNet/lemmy:docker/federation/nginx.conf>
# - <repo:LemmyNet/lemmy:docker/nginx.conf>
# - <repo:LemmyNet/lemmy-ansible:templates/nginx.conf>
2023-08-20 05:00:35 +00:00
{ config , lib , pkgs , . . . }:
2023-04-28 02:02:39 +00:00
let
inherit ( builtins ) toString ;
inherit ( lib ) mkForce ;
uiPort = 1234 ; # default ui port is 1234
backendPort = 8536 ; # default backend port is 8536
2023-08-20 05:00:35 +00:00
#^ i guess the "backend" port is used for federation?
pict-rs = pkgs . pict-rs . overrideAttrs ( upstream : {
# as of v 0.4.2, all non-GIF video is forcibly transcoded.
# that breaks lemmy, because of the request latency.
# and it eats up hella CPU.
# pict-rs is iffy around video altogether: mp4 seems the best supported.
postPatch = ( upstream . postPatch or " " ) + ''
substituteInPlace src/validate.rs \
- - replace ' if transcode_options . needs_reencode ( ) { ' ' if false { '
'' ;
} ) ;
2023-04-28 02:02:39 +00:00
in {
services . lemmy = {
enable = true ;
settings . hostname = " l e m m y . u n i n s a n e . o r g " ;
2023-05-12 02:35:37 +00:00
# federation.debug forces outbound federation queries to be run synchronously
2023-06-19 21:17:59 +00:00
# N.B.: this option might not be read for 0.17.0+? <https://github.com/LemmyNet/lemmy/blob/c32585b03429f0f76d1e4ff738786321a0a9df98/RELEASES.md#upgrade-instructions>
2023-05-12 04:47:10 +00:00
# settings.federation.debug = true;
2023-05-12 02:35:37 +00:00
settings . port = backendPort ;
2023-04-28 02:02:39 +00:00
ui . port = uiPort ;
database . createLocally = true ;
2023-05-16 06:04:29 +00:00
nginx . enable = true ;
2023-04-28 02:02:39 +00:00
} ;
systemd . services . lemmy . serviceConfig = {
# fix to use a normal user so we can configure perms correctly
DynamicUser = mkForce false ;
User = " l e m m y " ;
Group = " l e m m y " ;
2023-05-09 10:05:14 +00:00
} ;
systemd . services . lemmy . environment = {
RUST_BACKTRACE = " f u l l " ;
2023-05-12 04:49:15 +00:00
# RUST_LOG = "debug";
2023-06-11 11:24:15 +00:00
# RUST_LOG = "trace";
2023-05-09 10:05:14 +00:00
# upstream defaults LEMMY_DATABASE_URL = "postgres:///lemmy?host=/run/postgresql";
# - Postgres complains that we didn't specify a user
# lemmy formats the url as:
# - postgres://{user}:{password}@{host}:{port}/{database}
2023-05-10 06:11:13 +00:00
# SO suggests (https://stackoverflow.com/questions/3582552/what-is-the-format-for-the-postgresql-connection-string-url):
# - postgresql://[user[:password]@][netloc][:port][/dbname][?param1=value1&...]
2023-05-09 10:05:14 +00:00
# LEMMY_DATABASE_URL = "postgres://lemmy@/run/postgresql"; # connection to server on socket "/run/postgresql/.s.PGSQL.5432" failed: FATAL: database "run/postgresql" does not exist
# LEMMY_DATABASE_URL = "postgres://lemmy?host=/run/postgresql"; # no PostgreSQL user name specified in startup packet
2023-05-12 04:49:15 +00:00
# LEMMY_DATABASE_URL = mkForce "postgres://lemmy@?host=/run/postgresql"; # WORKS
2023-05-10 06:11:13 +00:00
LEMMY_DATABASE_URL = mkForce " p o s t g r e s : / / l e m m y @ / l e m m y ? h o s t = / r u n / p o s t g r e s q l " ;
2023-04-28 02:02:39 +00:00
} ;
users . groups . lemmy = { } ;
users . users . lemmy = {
group = " l e m m y " ;
isSystemUser = true ;
} ;
services . nginx . virtualHosts . " l e m m y . u n i n s a n e . o r g " = {
forceSSL = true ;
enableACME = true ;
} ;
2023-06-07 23:34:00 +00:00
sane . dns . zones . " u n i n s a n e . o r g " . inet . CNAME . " l e m m y " = " n a t i v e " ;
2023-08-20 05:00:35 +00:00
#v DO NOT REMOVE: defaults to 0.3, instead of latest, so always need to explicitly set this.
services . pict-rs . package = pict-rs ;
2023-08-20 05:01:24 +00:00
2023-08-20 05:00:35 +00:00
# pict-rs configuration is applied in this order:
# - via toml
# - via env vars (overrides everything above)
# - via CLI flags (overrides everything above)
# some of the CLI flags have defaults, making it the only actual way to configure certain things even when docs claim otherwise.
# CLI args: <https://git.asonix.dog/asonix/pict-rs#user-content-running>
systemd . services . pict-rs . serviceConfig . ExecStart = lib . mkForce ( lib . concatStringsSep " " [
" ${ lib . getBin pict-rs } / b i n / p i c t - r s r u n "
" - - m e d i a - m a x - f r a m e - c o u n t " ( builtins . toString ( 30 * 60 * 60 ) )
" - - m e d i a - p r o c e s s - t i m e o u t 1 2 0 "
" - - m e d i a - e n a b l e - f u l l - v i d e o t r u e " # allow audio
] ) ;
2023-04-28 02:02:39 +00:00
}