pleroma: port to secrets.nix
This commit is contained in:
parent
a407bd9920
commit
243a8e1e4c
|
@ -1,20 +1,21 @@
|
||||||
# docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/pleroma.nix
|
# docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/pleroma.nix
|
||||||
#
|
#
|
||||||
# to run it in a oci-container: https://github.com/barrucadu/nixfiles/blob/master/services/pleroma.nix
|
# to run it in a oci-container: https://github.com/barrucadu/nixfiles/blob/master/services/pleroma.nix
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, secrets, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.pleroma.enable = true;
|
services.pleroma.enable = true;
|
||||||
# XXX colin: this isn't checked into git, so make sure to create it first:
|
# TODO: we should write a config file somewhere outside the store... somehow.
|
||||||
services.pleroma.secretConfigFile = "/etc/nixos/secrets/pleroma.secret.exs";
|
services.pleroma.secretConfigFile = "/dev/null";
|
||||||
# services.pleroma.secretConfigFile = "/var/lib/pleroma/prod.secret.exs";
|
|
||||||
services.pleroma.configs = [
|
services.pleroma.configs = [
|
||||||
''
|
''
|
||||||
import Config
|
import Config
|
||||||
|
|
||||||
config :pleroma, Pleroma.Web.Endpoint,
|
config :pleroma, Pleroma.Web.Endpoint,
|
||||||
url: [host: "fed.uninsane.org", scheme: "https", port: 443],
|
url: [host: "fed.uninsane.org", scheme: "https", port: 443],
|
||||||
http: [ip: {127, 0, 0, 1}, port: 4000]
|
http: [ip: {127, 0, 0, 1}, port: 4000],
|
||||||
|
secret_key_base: "${secrets.pleroma.secret_key_base}",
|
||||||
|
signing_salt: "${secrets.pleroma.signing_salt}"
|
||||||
|
|
||||||
config :pleroma, :instance,
|
config :pleroma, :instance,
|
||||||
name: "Perfectly Sane",
|
name: "Perfectly Sane",
|
||||||
|
@ -45,6 +46,7 @@
|
||||||
config :pleroma, Pleroma.Repo,
|
config :pleroma, Pleroma.Repo,
|
||||||
adapter: Ecto.Adapters.Postgres,
|
adapter: Ecto.Adapters.Postgres,
|
||||||
username: "pleroma",
|
username: "pleroma",
|
||||||
|
password: "${secrets.pleroma.db_password}",
|
||||||
database: "pleroma",
|
database: "pleroma",
|
||||||
hostname: "localhost",
|
hostname: "localhost",
|
||||||
pool_size: 10,
|
pool_size: 10,
|
||||||
|
@ -52,6 +54,14 @@
|
||||||
parameters: [
|
parameters: [
|
||||||
plan_cache_mode: "force_custom_plan"
|
plan_cache_mode: "force_custom_plan"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# Configure web push notifications
|
||||||
|
config :web_push_encryption, :vapid_details,
|
||||||
|
subject: "mailto:notify.pleroma@uninsane.org",
|
||||||
|
public_key: "${secrets.pleroma.vapid_public_key}",
|
||||||
|
private_key: "${secrets.pleroma.vapid_private_key}"
|
||||||
|
|
||||||
|
config :joken, default_signer: "${secrets.pleroma.joken_default_signer}"
|
||||||
|
|
||||||
config :pleroma, :database, rum_enabled: false
|
config :pleroma, :database, rum_enabled: false
|
||||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/instance/static"
|
config :pleroma, :instance, static_dir: "/var/lib/pleroma/instance/static"
|
||||||
|
|
|
@ -11,4 +11,12 @@
|
||||||
# wg genkey > wg0.private
|
# wg genkey > wg0.private
|
||||||
# wg pubkey < wg0.private > wg0.public
|
# wg pubkey < wg0.private > wg0.public
|
||||||
wireguard.privateKey = "<REPLACEME>";
|
wireguard.privateKey = "<REPLACEME>";
|
||||||
|
|
||||||
|
# these would otherwise be found in 'pleroma.secret.exs'
|
||||||
|
pleroma.secret_key_base = "<REPLACEME>";
|
||||||
|
pleroma.signing_salt = "<REPLACEME>";
|
||||||
|
pleroma.db_password = "<REPLACEME>";
|
||||||
|
pleroma.vapid_public_key = "<REPLACEME>";
|
||||||
|
pleroma.vapid_private_key = "<REPLACEME>";
|
||||||
|
pleroma.joken_default_signer = "<REPLACEME>";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue