mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-08 17:43:11 +00:00
c1ed3a522c
Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store. In the past tmpfiles.d was used, but its entire contents get to the nix store. Now, all files with secrets are generated in activation scripts, with the help of jq and sed. Also dead Pleroma code was deleted, but CAPTCHA is still broken. Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/19 Co-authored-by: Inex Code <inex.code@selfprivacy.org> Co-committed-by: Inex Code <inex.code@selfprivacy.org>
51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{ pkgs, config, ... }:
|
|
let
|
|
cfg = config.services.userdata;
|
|
in
|
|
{
|
|
services = {
|
|
pleroma = {
|
|
enable = cfg.pleroma.enable;
|
|
user = "pleroma";
|
|
group = "pleroma";
|
|
configs = [
|
|
(builtins.replaceStrings
|
|
[ "$DOMAIN" "$LUSER" ]
|
|
[ cfg.domain cfg.username ]
|
|
(builtins.readFile ./config.exs))
|
|
];
|
|
};
|
|
postgresql = {
|
|
enable = true;
|
|
package = pkgs.postgresql_12;
|
|
initialScript = "/etc/setup.psql";
|
|
ensureDatabases = [
|
|
"pleroma"
|
|
];
|
|
ensureUsers = [
|
|
{
|
|
name = "pleroma";
|
|
ensurePermissions = {
|
|
"DATABASE pleroma" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
environment.etc."setup.psql".text = ''
|
|
CREATE USER pleroma;
|
|
CREATE DATABASE pleroma OWNER pleroma;
|
|
\c pleroma;
|
|
--Extensions made by ecto.migrate that need superuser access
|
|
CREATE EXTENSION IF NOT EXISTS citext;
|
|
CREATE EXTENSION IF NOT EXISTS pg_trgm;
|
|
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
|
'';
|
|
users.users.pleroma = {
|
|
extraGroups = [ "postgres" ];
|
|
isNormalUser = false;
|
|
isSystemUser = true;
|
|
group = "pleroma";
|
|
};
|
|
}
|