From d06516a71b296d643ed12c5bfce11b68b368f881 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 28 Apr 2023 02:02:39 +0000
Subject: [PATCH] servo: try to ship lemmy (it's failing with some DB migration
 stuff)

---
 hosts/by-name/servo/services/default.nix |  1 +
 hosts/by-name/servo/services/lemmy.nix   | 59 ++++++++++++++++++++++++
 hosts/common/ids.nix                     |  2 +
 3 files changed, 62 insertions(+)
 create mode 100644 hosts/by-name/servo/services/lemmy.nix

diff --git a/hosts/by-name/servo/services/default.nix b/hosts/by-name/servo/services/default.nix
index 2516e90e..cd24e150 100644
--- a/hosts/by-name/servo/services/default.nix
+++ b/hosts/by-name/servo/services/default.nix
@@ -14,6 +14,7 @@
     ./jellyfin.nix
     ./kiwix-serve.nix
     ./komga.nix
+    ./lemmy.nix
     ./matrix
     ./navidrome.nix
     ./nixserve.nix
diff --git a/hosts/by-name/servo/services/lemmy.nix b/hosts/by-name/servo/services/lemmy.nix
new file mode 100644
index 00000000..f4dbea86
--- /dev/null
+++ b/hosts/by-name/servo/services/lemmy.nix
@@ -0,0 +1,59 @@
+{ config, lib, ... }:
+let
+  inherit (builtins) toString;
+  inherit (lib) mkForce;
+  uiPort = 1234;  # default ui port is 1234
+  backendPort = 8536; # default backend port is 8536
+  # - i guess the "backend" port is used for federation?
+in {
+  services.lemmy = {
+    enable = true;
+    settings.hostname = "lemmy.uninsane.org";
+    settings.options.federation.enabled = true;
+    settings.options.port = backendPort;
+    # settings.database.host = "localhost";
+    ui.port = uiPort;
+    database.createLocally = true;
+  };
+
+  systemd.services.lemmy.serviceConfig = {
+    # fix to use a normal user so we can configure perms correctly
+    DynamicUser = mkForce false;
+    User = "lemmy";
+    Group = "lemmy";
+  };
+  users.groups.lemmy = {};
+  users.users.lemmy = {
+    group = "lemmy";
+    isSystemUser = true;
+  };
+
+  services.nginx.virtualHosts."lemmy.uninsane.org" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = let
+      ui = "http://127.0.0.1:${toString uiPort}";
+      backend = "http://127.0.0.1:${toString backendPort}";
+    in {
+      # see <LemmyNet/lemmy:docker/federation/nginx.conf>
+      "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
+        extraConfig = ''
+          set $proxpass ${ui};
+          if ($http_accept = "application/activity+json") {
+            set $proxpass ${backend};
+          }
+          if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
+            set $proxpass ${backend};
+          }
+
+          # Cuts off the trailing slash on URLs to make them valid
+          rewrite ^(.+)/+$ $1 permanent;
+        '';
+        proxyPass = "$proxpass";
+      };
+      "/".proxyPass = ui;
+    };
+  };
+
+  sane.services.trust-dns.zones."uninsane.org".inet.CNAME."lemmy" = "native";
+}
diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix
index 7b5d0947..b79446f3 100644
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -36,6 +36,8 @@
   sane.ids.calibre-web.gid = 2406;
   sane.ids.komga.uid = 2407;
   sane.ids.komga.gid = 2407;
+  sane.ids.lemmy.uid = 2408;
+  sane.ids.lemmy.gid = 2408;
 
   sane.ids.colin.uid = 1000;
   sane.ids.guest.uid = 1100;