119 lines
3.2 KiB
Nix
119 lines
3.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.fudo.services.lemmy;
|
|
|
|
hostname = config.instance.hostname;
|
|
|
|
domainName = config.fudo.hosts."${hostname}".domain;
|
|
|
|
hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
|
|
|
|
in {
|
|
options.fudo.services.lemmy = with types; {
|
|
enable = mkEnableOption "Enable lemmy server.";
|
|
|
|
hostname = mkOption {
|
|
type = str;
|
|
description = "Hostname at which this server will be reachable.";
|
|
};
|
|
|
|
site-name = mkOption {
|
|
type = str;
|
|
description = "Site Name";
|
|
};
|
|
|
|
smtp = {
|
|
host = mkOption {
|
|
type = str;
|
|
description = "SMTP server to relay Lemmy emails.";
|
|
};
|
|
|
|
port = mkOption {
|
|
type = port;
|
|
description = "Port to which to send outgoing messages.";
|
|
default = 25;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
fudo = {
|
|
secrets.host-secrets."${hostname}" = let
|
|
lemmyDbPasswdFile =
|
|
pkgs.lib.passwd.stablerandom-passwd-file "lemmy-server-passwd"
|
|
"lemmy-server-${config.instance.build-seed}";
|
|
lemmyDbPasswd = readFile lemmyDbPasswdFile;
|
|
in {
|
|
lemmyDbUrl = {
|
|
source-file = let
|
|
url =
|
|
"postgres:///lemmy?user=lemmy&password=${lemmyDbPasswd}&host=/var/run/postgresql";
|
|
in pkgs.writeText "lemmy-db.url" url;
|
|
target-file = "/run/lemmy/db.url";
|
|
};
|
|
dbLemmyPasswd = {
|
|
source-file = lemmyDbPasswdFile;
|
|
target-file = "/run/postgres/lemmy.passwd";
|
|
user = config.systemd.services.postgresql.serviceConfig.User;
|
|
};
|
|
lemmyAdminPasswdFile = {
|
|
source-file =
|
|
pkgs.lib.passwd.stablerandom-passwd-file "lemmy-admin.passwd"
|
|
config.instance.build-seed;
|
|
target-file = "/run/lemmy/admin.passwd";
|
|
};
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
databases.lemmy.users = config.instance.local-admins;
|
|
users.lemmy = {
|
|
password-file = hostSecrets.dbLemmyPasswd.target-file;
|
|
databases.lemmy = {
|
|
access = "CONNECT";
|
|
entity-access = {
|
|
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
"ALL SEQUENCES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.lemmy = {
|
|
requires = [ "fudo-secret-lemmyDbUrl.service" "postgresql.service" ];
|
|
after = [ "fudo-secret-lemmyDbUrl.service" "postgresql.service" ];
|
|
};
|
|
|
|
services.nginx.virtualHosts."${cfg.hostname}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
|
|
services.lemmy = {
|
|
enable = true;
|
|
nginx.enable = true;
|
|
adminPasswordFile = hostSecrets.lemmyAdminPasswdFile.target-file;
|
|
database.uriFile = hostSecrets.lemmyDbUrl.target-file;
|
|
ui.port = 50395;
|
|
settings = {
|
|
hostname = cfg.hostname;
|
|
host = cfg.hostname;
|
|
captcha.enabled = true;
|
|
email = {
|
|
smtp_server = "${cfg.smtp.host}:${toString cfg.smtp.port}";
|
|
smtp_from_address = "noreply@${cfg.hostname}";
|
|
tls_type = "starttls";
|
|
};
|
|
admin_username = "admin";
|
|
setup = {
|
|
site_name = cfg.site-name;
|
|
admin_username = "admin";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|