movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-20 08:29:20 +03:00
Code Activity
nixpkgs/nixos/modules/services/web-apps/lemmy.nix

386 lines
12 KiB
Nix
Raw Permalink Normal View History

treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
{
lib,
pkgs,
config,
utils,
...
}:
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
with lib;
let
cfg = config.services.lemmy;
settingsFormat = pkgs.formats.json { };
in
{
meta.maintainers = with maintainers; [ happysalada ];
nixos/manual: render module chapters with nixos-render-docs this converts meta.doc into an md pointer, not an xml pointer. since we no longer need xml for manual chapters we can also remove support for manual chapters from md-to-db.sh since pandoc converts smart quotes to docbook quote elements and our nixos-render-docs does not we lose this distinction in the rendered output. that's probably not that bad, our stylesheet didn't make use of this anyway (and pre-23.05 versions of the chapters didn't use quote elements either). also updates the nixpkgs manual to clarify that option docs support all extensions (although it doesn't support headings at all, so heading anchors don't work by extension).
2023-01-25 00:33:40 +01:00
meta.doc = ./lemmy.md;
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
nixos/lemmy: remove `services.lemmy.jwtSecretPath` Co-authored-by: Ctem <c@ctem.me> Co-authored-by: Brian Leung <leungbk@posteo.net> Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
2022-09-12 10:34:55 +02:00
imports = [
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
(mkRemovedOptionModule [
"services"
"lemmy"
"jwtSecretPath"
] "As of v0.13.0, Lemmy auto-generates the JWT secret.")
nixos/lemmy: remove `services.lemmy.jwtSecretPath` Co-authored-by: Ctem <c@ctem.me> Co-authored-by: Brian Leung <leungbk@posteo.net> Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
2022-09-12 10:34:55 +02:00
];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
options.services.lemmy = {
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
enable = mkEnableOption "lemmy a federated alternative to reddit in rust";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
nixos/lemmy: allow overriding packages
2023-06-06 08:19:37 -07:00
server = {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
package = mkPackageOption pkgs "lemmy-server" { };
nixos/lemmy: allow overriding packages
2023-06-06 08:19:37 -07:00
};
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
ui = {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
package = mkPackageOption pkgs "lemmy-ui" { };
nixos/lemmy: allow overriding packages
2023-06-06 08:19:37 -07:00
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
port = mkOption {
type = types.port;
default = 1234;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "Port where lemmy-ui should listen for incoming requests.";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
};
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
caddy.enable = mkEnableOption "exposing lemmy with the caddy reverse proxy";
nginx.enable = mkEnableOption "exposing lemmy with the nginx reverse proxy";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
nixos/lemmy: only use env var when instructed Lemmy checks the environment variable before the configuration file; i.e. if the file is used to configure the database but the environment variable is set to anything, the connection will fail because it'll ignore the file. This was the previous behavior. Now, the environment variable will be unset unless the user explicitly chooses to set it, which makes the file-based configuration function correctly. It's also possible to manually set the environment variable, which has the major advantage of working around [this issue][0], which prevents certain setups from working. [0]: https://github.com/LemmyNet/lemmy/issues/2945
2023-06-06 08:11:49 -07:00
database = {
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
createLocally = mkEnableOption "creation of database on the instance";
nixos/lemmy: only use env var when instructed Lemmy checks the environment variable before the configuration file; i.e. if the file is used to configure the database but the environment variable is set to anything, the connection will fail because it'll ignore the file. This was the previous behavior. Now, the environment variable will be unset unless the user explicitly chooses to set it, which makes the file-based configuration function correctly. It's also possible to manually set the environment variable, which has the major advantage of working around [this issue][0], which prevents certain setups from working. [0]: https://github.com/LemmyNet/lemmy/issues/2945
2023-06-06 08:11:49 -07:00
uri = mkOption {
type = with types; nullOr str;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "The connection URI to use. Takes priority over the configuration file if set.";
nixos/lemmy: only use env var when instructed Lemmy checks the environment variable before the configuration file; i.e. if the file is used to configure the database but the environment variable is set to anything, the connection will fail because it'll ignore the file. This was the previous behavior. Now, the environment variable will be unset unless the user explicitly chooses to set it, which makes the file-based configuration function correctly. It's also possible to manually set the environment variable, which has the major advantage of working around [this issue][0], which prevents certain setups from working. [0]: https://github.com/LemmyNet/lemmy/issues/2945
2023-06-06 08:11:49 -07:00
};
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
uriFile = mkOption {
type = with types; nullOr path;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "File which contains the database uri.";
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
};
};
pictrsApiKeyFile = mkOption {
type = with types; nullOr path;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "File which contains the value of `pictrs.api_key`.";
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
};
smtpPasswordFile = mkOption {
type = with types; nullOr path;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "File which contains the value of `email.smtp_password`.";
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
};
adminPasswordFile = mkOption {
type = with types; nullOr path;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "File which contains the value of `setup.admin_password`.";
nixos/lemmy: only use env var when instructed Lemmy checks the environment variable before the configuration file; i.e. if the file is used to configure the database but the environment variable is set to anything, the connection will fail because it'll ignore the file. This was the previous behavior. Now, the environment variable will be unset unless the user explicitly chooses to set it, which makes the file-based configuration function correctly. It's also possible to manually set the environment variable, which has the major advantage of working around [this issue][0], which prevents certain setups from working. [0]: https://github.com/LemmyNet/lemmy/issues/2945
2023-06-06 08:11:49 -07:00
};
nixos/lemmy: settings.database.createLocally -> database.createLocally Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Ctem <c@ctem.me> Co-authored-by: a-kenji <aks.kenji@protonmail.com>
2022-09-19 00:09:38 -07:00
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
settings = mkOption {
default = { };
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "Lemmy configuration";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
type = types.submodule {
freeformType = settingsFormat.type;
options.hostname = mkOption {
type = types.str;
default = null;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "The domain name of your instance (eg 'lemmy.ml').";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
options.port = mkOption {
type = types.port;
default = 8536;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "Port where lemmy should listen for incoming requests.";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
options.captcha = {
enabled = mkOption {
type = types.bool;
default = true;
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "Enable Captcha.";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
difficulty = mkOption {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
type = types.enum [
"easy"
"medium"
"hard"
];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
default = "medium";
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned.
2024-04-13 14:54:15 +02:00
description = "The difficultly of the captcha to solve.";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
};
};
};
};
config =
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
let
secretOptions = {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
pictrsApiKeyFile = {
setting = [
"pictrs"
"api_key"
];
path = cfg.pictrsApiKeyFile;
};
smtpPasswordFile = {
setting = [
"email"
"smtp_password"
];
path = cfg.smtpPasswordFile;
};
adminPasswordFile = {
setting = [
"setup"
"admin_password"
];
path = cfg.adminPasswordFile;
};
uriFile = {
setting = [
"database"
"uri"
];
path = cfg.database.uriFile;
};
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
};
secrets = lib.filterAttrs (option: data: data.path != null) secretOptions;
in
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
lib.mkIf cfg.enable {
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
services.lemmy.settings =
lib.attrsets.recursiveUpdate
(
mapAttrs (name: mkDefault) {
bind = "127.0.0.1";
tls_enabled = true;
pictrs = {
url = with config.services.pict-rs; "http://${address}:${toString port}";
};
actor_name_max_length = 20;
rate_limit.message = 180;
rate_limit.message_per_second = 60;
rate_limit.post = 6;
rate_limit.post_per_second = 600;
rate_limit.register = 3;
rate_limit.register_per_second = 3600;
rate_limit.image = 6;
rate_limit.image_per_second = 3600;
}
// {
database = mapAttrs (name: mkDefault) {
user = "lemmy";
host = "/run/postgresql";
port = 5432;
database = "lemmy";
pool_size = 5;
};
}
)
(
lib.foldlAttrs (
acc: option: data:
acc // lib.setAttrByPath data.setting { _secret = option; }
) { } secrets
);
# the option name is the id of the credential loaded by LoadCredential
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
nixos/lemmy: inline localPostgres into database assertion Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Ctem <c@ctem.me> Co-authored-by: a-kenji <aks.kenji@protonmail.com> Co-authored-by: Brian Leung <leungbk@posteo.net> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
2022-09-16 00:28:29 -07:00
services.postgresql = mkIf cfg.database.createLocally {
nixos/lemmy: use PostgreSQL module to ensure database/user existence Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: a-kenji <aks.kenji@protonmail.com> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
2022-09-21 00:48:02 -07:00
enable = true;
ensureDatabases = [ cfg.settings.database.database ];
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
ensureUsers = [
{
name = cfg.settings.database.user;
ensureDBOwnership = true;
}
];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
services.pict-rs.enable = true;
services.caddy = mkIf cfg.caddy.enable {
enable = mkDefault true;
virtualHosts."${cfg.settings.hostname}" = {
extraConfig = ''
handle_path /static/* {
nixos/lemmy: allow overriding packages
2023-06-06 08:19:37 -07:00
root * ${cfg.ui.package}/dist
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
file_server
}
lemmy: fix ui commit_hash path
2023-08-27 19:27:40 +08:00
handle_path /static/${cfg.ui.package.passthru.commit_sha}/* {
Fix Lemmy Caddy config static path handling Due to lemmy-ui using a sub-path for the static files, the original static path handling was not sufficient
2023-08-16 21:39:11 +02:00
root * ${cfg.ui.package}/dist
file_server
}
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
@for_backend {
services/lemmy: fix /feeds/* and /nodeinfo/* API endpoints Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Matthias Meschede <MMesch@users.noreply.github.com> Co-authored-by: a-kenji <aks.kenji@protonmail.com> Co-authored-by: Ctem <c@ctem.me> Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2022-09-09 01:18:41 -07:00
path /api/* /pictrs/* /feeds/* /nodeinfo/*
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
}
handle @for_backend {
reverse_proxy 127.0.0.1:${toString cfg.settings.port}
}
@post {
method POST
}
handle @post {
reverse_proxy 127.0.0.1:${toString cfg.settings.port}
}
@jsonld {
header Accept "application/activity+json"
header Accept "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
}
handle @jsonld {
reverse_proxy 127.0.0.1:${toString cfg.settings.port}
}
handle {
reverse_proxy 127.0.0.1:${toString cfg.ui.port}
}
'';
};
};
nixos/lemmy: support nginx
2023-05-17 20:20:13 +00:00
services.nginx = mkIf cfg.nginx.enable {
enable = mkDefault true;
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
virtualHosts."${cfg.settings.hostname}".locations =
let
ui = "http://127.0.0.1:${toString cfg.ui.port}";
backend = "http://127.0.0.1:${toString cfg.settings.port}";
in
{
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
# backend requests
proxyPass = backend;
proxyWebsockets = true;
recommendedProxySettings = true;
};
"/" = {
# mixed frontend and backend requests, based on the request headers
extraConfig = ''
set $proxpass "${ui}";
if ($http_accept = "application/activity+json") {
set $proxpass "${backend}";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
set $proxpass "${backend}";
}
if ($request_method = POST) {
set $proxpass "${backend}";
}
# Cuts off the trailing slash on URLs to make them valid
rewrite ^(.+)/+$ $1 permanent;
proxy_pass $proxpass;
# Proxied `Host` header is required to validate ActivityPub HTTP signatures for incoming events.
# The other headers are optional, for the sake of better log data.
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
nixos/lemmy: support nginx
2023-05-17 20:20:13 +00:00
};
};
nixos/lemmy: remove option removed upstream
2023-06-15 08:26:40 -07:00
assertions = [
{
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
assertion =
cfg.database.createLocally
-> cfg.settings.database.host == "localhost" || cfg.settings.database.host == "/run/postgresql";
nixos/lemmy: remove option removed upstream
2023-06-15 08:26:40 -07:00
message = "if you want to create the database locally, you need to use a local database";
}
{
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
assertion =
(!(hasAttrByPath [ "federation" ] cfg.settings))
&& (!(hasAttrByPath [ "federation" "enabled" ] cfg.settings));
nixos/lemmy: remove option removed upstream
2023-06-15 08:26:40 -07:00
message = "`services.lemmy.settings.federation` was removed in 0.17.0 and no longer has any effect";
}
nixos/lemmy: limit impurity by secrets Split `services.lemmy.secretFile` into multiple options to allow only secrets.
2023-07-04 23:49:12 +02:00
{
assertion = cfg.database.uriFile != null -> cfg.database.uri == null && !cfg.database.createLocally;
message = "specifying a database uri while also specifying a database uri file is not allowed";
}
nixos/lemmy: remove option removed upstream
2023-06-15 08:26:40 -07:00
];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
systemd.services.lemmy =
let
substitutedConfig = "/run/lemmy/config.hjson";
in
{
description = "Lemmy server";
environment = {
LEMMY_CONFIG_LOCATION =
if secrets == { } then settingsFormat.generate "config.hjson" cfg.settings else substitutedConfig;
LEMMY_DATABASE_URL =
if cfg.database.uri != null then
cfg.database.uri
else
(mkIf (cfg.database.createLocally) "postgres:///lemmy?host=/run/postgresql&user=lemmy");
};
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
documentation = [
"https://join-lemmy.org/docs/en/admins/from_scratch.html"
"https://join-lemmy.org/docs/en/"
];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
wantedBy = [ "multi-user.target" ];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
after = [ "pict-rs.service" ] ++ lib.optionals cfg.database.createLocally [ "postgresql.service" ];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
requires = lib.optionals cfg.database.createLocally [ "postgresql.service" ];
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
# substitute secrets and prevent others from reading the result
# if somehow $CREDENTIALS_DIRECTORY is not set we fail
preStart = mkIf (secrets != { }) ''
set -u
umask u=rw,g=,o=
cd "$CREDENTIALS_DIRECTORY"
${utils.genJqSecretsReplacementSnippet cfg.settings substitutedConfig}
'';
lemmy: Support secret options This commit implements #101777 by merging the config with an external file at startup.
2023-06-24 19:39:01 +02:00
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
serviceConfig = {
DynamicUser = true;
RuntimeDirectory = "lemmy";
ExecStart = "${cfg.server.package}/bin/lemmy_server";
LoadCredential = lib.foldlAttrs (
acc: option: data:
acc ++ [ "${option}:${toString data.path}" ]
) [ ] secrets;
PrivateTmp = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
};
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
systemd.services.lemmy-ui = {
description = "Lemmy ui";
environment = {
LEMMY_UI_HOST = "127.0.0.1:${toString cfg.ui.port}";
lemmy-{server,ui}: 0.18.0 -> 0.18.1
2023-07-08 11:56:14 +12:00
LEMMY_UI_LEMMY_INTERNAL_HOST = "127.0.0.1:${toString cfg.settings.port}";
LEMMY_UI_LEMMY_EXTERNAL_HOST = cfg.settings.hostname;
LEMMY_UI_HTTPS = "false";
lemmy-ui: Set NODE_ENV to run server in production mode
2023-07-13 14:03:40 +12:00
NODE_ENV = "production";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
documentation = [
nixos/lemmy: fix documentation links
2023-04-26 22:00:46 +00:00
"https://join-lemmy.org/docs/en/admins/from_scratch.html"
"https://join-lemmy.org/docs/en/"
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
];
wantedBy = [ "multi-user.target" ];
after = [ "lemmy.service" ];
requires = [ "lemmy.service" ];
serviceConfig = {
DynamicUser = true;
nixos/lemmy: allow overriding packages
2023-06-06 08:19:37 -07:00
WorkingDirectory = "${cfg.ui.package}";
ExecStart = "${pkgs.nodejs}/bin/node ${cfg.ui.package}/dist/js/server.js";
nixos/lemmy: init Co-authored-by: Raphael Megzari <raphael@megzari.com>
2021-09-23 10:27:42 -04:00
};
};
};
}
Copy permalink