pleroma: port to secrets.nix
This commit is contained in:
parent
a407bd9920
commit
243a8e1e4c
|
@ -1,20 +1,21 @@
|
|||
# docs: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/pleroma.nix
|
||||
#
|
||||
# to run it in a oci-container: https://github.com/barrucadu/nixfiles/blob/master/services/pleroma.nix
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, secrets, ... }:
|
||||
|
||||
{
|
||||
services.pleroma.enable = true;
|
||||
# XXX colin: this isn't checked into git, so make sure to create it first:
|
||||
services.pleroma.secretConfigFile = "/etc/nixos/secrets/pleroma.secret.exs";
|
||||
# services.pleroma.secretConfigFile = "/var/lib/pleroma/prod.secret.exs";
|
||||
# TODO: we should write a config file somewhere outside the store... somehow.
|
||||
services.pleroma.secretConfigFile = "/dev/null";
|
||||
services.pleroma.configs = [
|
||||
''
|
||||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "fed.uninsane.org", scheme: "https", port: 443],
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000]
|
||||
http: [ip: {127, 0, 0, 1}, port: 4000],
|
||||
secret_key_base: "${secrets.pleroma.secret_key_base}",
|
||||
signing_salt: "${secrets.pleroma.signing_salt}"
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "Perfectly Sane",
|
||||
|
@ -45,6 +46,7 @@
|
|||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "pleroma",
|
||||
password: "${secrets.pleroma.db_password}",
|
||||
database: "pleroma",
|
||||
hostname: "localhost",
|
||||
pool_size: 10,
|
||||
|
@ -53,6 +55,14 @@
|
|||
plan_cache_mode: "force_custom_plan"
|
||||
]
|
||||
|
||||
# Configure web push notifications
|
||||
config :web_push_encryption, :vapid_details,
|
||||
subject: "mailto:notify.pleroma@uninsane.org",
|
||||
public_key: "${secrets.pleroma.vapid_public_key}",
|
||||
private_key: "${secrets.pleroma.vapid_private_key}"
|
||||
|
||||
config :joken, default_signer: "${secrets.pleroma.joken_default_signer}"
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/instance/static"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||
|
|
|
@ -11,4 +11,12 @@
|
|||
# wg genkey > wg0.private
|
||||
# wg pubkey < wg0.private > wg0.public
|
||||
wireguard.privateKey = "<REPLACEME>";
|
||||
|
||||
# these would otherwise be found in 'pleroma.secret.exs'
|
||||
pleroma.secret_key_base = "<REPLACEME>";
|
||||
pleroma.signing_salt = "<REPLACEME>";
|
||||
pleroma.db_password = "<REPLACEME>";
|
||||
pleroma.vapid_public_key = "<REPLACEME>";
|
||||
pleroma.vapid_private_key = "<REPLACEME>";
|
||||
pleroma.joken_default_signer = "<REPLACEME>";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue