Compare commits
2 Commits
987e992502
...
b98f056993
Author | SHA1 | Date |
---|---|---|
Félix Baylac-Jacqué | b98f056993 | |
Félix Baylac-Jacqué | 848f616aa1 |
|
@ -0,0 +1,106 @@
|
|||
{ config, options, lib, pkgs, stdenv, ... }:
|
||||
let
|
||||
cfg = config.services.pleroma;
|
||||
in {
|
||||
options = {
|
||||
services.pleroma = with lib; {
|
||||
enable = mkEnableOption "pleroma";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = import ../default.nix { inherit pkgs; };
|
||||
description = "Pleroma package to use.";
|
||||
};
|
||||
|
||||
runMigrationOnStartup = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Run the database migrations on the Pleroma service startup.";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/pleroma";
|
||||
description = "Directory storing Pleroma's data.";
|
||||
};
|
||||
|
||||
configuration = mkOption {
|
||||
type = types.str;
|
||||
description = "Pleroma configuration. Will be stored at /etc/pleroma/config.exs.";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "pleroma";
|
||||
description = "User account under which pleroma runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "pleroma";
|
||||
description = "Group account under which pleroma runs.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users = {
|
||||
users."${cfg.user}" = {
|
||||
description = "Pleroma user";
|
||||
createHome = true;
|
||||
home = cfg.dataDir;
|
||||
extraGroups = [ cfg.group ];
|
||||
};
|
||||
groups = {
|
||||
pleroma = {};
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.pleroma = {
|
||||
description = "Pleroma social network";
|
||||
after = [ "network-online.target" "postgresql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
MIX_ENV = "prod";
|
||||
};
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
Type = "forking";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
|
||||
# Checking the conf file is there then running the database
|
||||
# migration before each service start, just in case there are
|
||||
# some pending ones.
|
||||
#
|
||||
# It's sub-optimal as we'll always run this, even if pleroma
|
||||
# has not been updated. But the no-op process is pretty fast.
|
||||
# Better be safe than sorry migration-wise.
|
||||
ExecStartPre = pkgs.writers.writeBashBin "pleromaStartPre" ''
|
||||
if [ ! -f "/etc/pleroma/config.exs" ]; then
|
||||
echo "ERROR: Missing pleroma config file at /etc/pleroma/config.exs"
|
||||
echo "Did you read http://git.xxxxx ?"
|
||||
exit 1
|
||||
fi
|
||||
${cfg.package}/bin/pleroma_ctl migrate'';
|
||||
|
||||
ExecStart = "${cfg.package}/bin/pleroma daemon";
|
||||
ExecStop = "${cfg.package}/bin/pleroma stop";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
|
||||
# Systemd sandboxing directives.
|
||||
# Taken from the upstream contrib systemd service at
|
||||
# pleroma/installation/pleroma.service
|
||||
PrivateTmp = true;
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "full";
|
||||
PrivateDevices = false;
|
||||
NoNewPrivileges = true;
|
||||
CapabilityBoundingSet = "~CAP_SYS_ADMIN";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
42
readme.md
42
readme.md
|
@ -1,12 +1,46 @@
|
|||
# Pleroma on NixOS: OTP Release
|
||||
|
||||
## TODO
|
||||
## Quick Start
|
||||
|
||||
- Add NixOS module.
|
||||
Add your pleroma configuration to `/etc/pleroma/config.exs`, make sure
|
||||
it's readable by the `pleroma` user.
|
||||
|
||||
## Minor Annoyances
|
||||
You can then use the following example to get started.
|
||||
|
||||
We're retrieving the binary distribution directly from the GitLab CI pipeline.
|
||||
```
|
||||
```
|
||||
|
||||
## Pleroma Configuration Management
|
||||
|
||||
Pleroma is expecting its configuration to be found at
|
||||
`/etc/pleroma/config.exs`. This configuration file is containing some
|
||||
secrets, making impossible for it to live in the Nix store.
|
||||
|
||||
You'll have to create this file manually. Two options:
|
||||
|
||||
1. You are migrating a src-based install (mix-based). You can re-use
|
||||
your `$src_root/config/prod.secret.exs` file. Change the `use Mix.Config`
|
||||
statement with `use Config`.
|
||||
2. This is a new installation. In that case you can use
|
||||
`pleroma_ctl instance gen --output config.exs --output-psql setup.psql`,
|
||||
this will prompt you some questions and will generate both your
|
||||
config file and database initial migration. Note: `pleroma_ctl`
|
||||
will be in your system path as soon as you enable the pleroma
|
||||
service. You can alternatively build it by building this repo's
|
||||
`default.nix` derivation.
|
||||
|
||||
## Pleroma Database Init
|
||||
|
||||
If it's not already done, you need to seed your pleroma postgresql database.
|
||||
|
||||
If you created your brand new pleroma configuration with
|
||||
`pleroma_ctl instance gen --output-psql seed.psql`, you can load the
|
||||
`seed.psql` dump to the database with `sudo -u pleroma psql -f seed.psql`.
|
||||
|
||||
## Update Pleroma to a New Version
|
||||
|
||||
We're retrieving the binary distribution directly from the GitLab CI
|
||||
pipeline.
|
||||
|
||||
To find the latest and greatest bindist stable URL, you have to visit
|
||||
https://git.pleroma.social/pleroma/pleroma/-/tree/stable, clicky click
|
||||
|
|
Loading…
Reference in New Issue