infra/hosts/web01/lemmy.nix

59 lines
1.6 KiB
Nix
Raw Normal View History

2023-07-13 16:06:00 +12:00
{ inputs, pkgs, lib, config, ... }:
2023-07-06 02:48:33 +12:00
let
domain = "lemmy.nix-community.org";
in
{
2023-07-13 16:06:00 +12:00
sops.secrets.pictrs-env = { };
sops.secrets.lemmy-secretfile = { };
2023-07-06 02:48:33 +12:00
services.lemmy = {
enable = true;
nginx.enable = true;
database.createLocally = true;
2023-07-13 16:06:00 +12:00
secretFile = config.sops.secrets.lemmy-secretfile.path;
2023-07-06 02:48:33 +12:00
settings = {
hostname = domain;
2023-07-13 16:06:00 +12:00
pictrs = {
url = with config.services.pict-rs; "http://${address}:${toString port}";
};
2023-07-06 02:48:33 +12:00
};
};
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
};
# Lemmy image storage
services.pict-rs = {
enable = true;
dataDir = "/mnt/lemmy-pict-rs";
};
# In the transition from 0.3.3 to 0.4 pict-rs breaks it's previous
# conflation of data storage and statate storage.
# 0.4 is still not released but we need this separation already.
# This renames the env vars set by the NixOS module.
#
2023-07-13 16:06:00 +12:00
# Migrate to using upstream NixOS definitions when 0.4 is in nixpkgs.
systemd.services.pict-rs.serviceConfig.EnvironmentFile = [
config.sops.secrets.pictrs-env.path
];
systemd.services.pict-rs.unitConfig.RequiresMountsFor = [ "/mnt/lemmy-pict-rs" ];
systemd.services.pict-rs.environment = {
PICTRS__REPO__PATH = "/var/lib/pict-rs/sled";
PICTRS__STORE__PATH = "/mnt/lemmy-pict-rs";
};
systemd.services.pict-rs.serviceConfig.ExecStart = lib.mkForce "${lib.getExe pkgs.pict-rs} run";
nixpkgs.overlays = [
(_final: _prev: {
inherit (inputs.pict-rs.packages.x86_64-linux) pict-rs;
})
];
2023-07-06 02:48:33 +12:00
# Pict-rs uses DynamicUser
systemd.services.pict-rs.serviceConfig.ReadWritePaths = "/mnt/lemmy-pict-rs";
}