diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/by-name/sh/sharkey/module.nix | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/modules/by-name/sh/sharkey/module.nix b/modules/by-name/sh/sharkey/module.nix new file mode 100644 index 0000000..a296edd --- /dev/null +++ b/modules/by-name/sh/sharkey/module.nix @@ -0,0 +1,144 @@ +{ + config, + lib, + pkgs, + pkgsUnstable, + nixpkgs-unstable, + ... +}: let + cfg = config.vhack.sharkey; +in { + imports = [ + # TODO(@bpeetz): Remove this import once we update to NixOS 25.11 <2025-07-12> + "${nixpkgs-unstable}/nixos/modules/services/web-apps/sharkey.nix" + ]; + + options.vhack.sharkey = { + enable = lib.mkEnableOption "sharkey"; + + fqdn = lib.mkOption { + description = "The fully qualified domain name of this instance."; + type = lib.types.str; + example = "sharkey.shonk.social"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgsUnstable.sharkey; + defaultText = lib.literalExpression "vhackPackages.sharkey"; + description = "Sharkey package to use."; + }; + + mediaDirectory = lib.mkOption { + type = lib.types.path; + default = "/var/lib/sharkey"; + description = "The directory where sharkey stores it's data."; + }; + + settings = lib.mkOption { + inherit (pkgs.formats.yaml {}) type; + default = {}; + description = '' + Extra Configuration for Sharkey, see + <link xlink:href="https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/.config/example.yml"/> + for supported settings. + + Note, that this is applied on-top of the neccessary config. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services = { + sharkey = { + enable = true; + + inherit (cfg) package; + openFirewall = false; + setupRedis = true; + setupPostgresql = true; + + settings = + cfg.settings + // { + url = "https://${cfg.fqdn}/"; + port = 5312; + + inherit (cfg) mediaDirectory; + fulltextSearch.provider = "sqlLike"; + }; + }; + + nginx.virtualHosts."${cfg.fqdn}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.sharkey.settings.port}"; + proxyWebsockets = true; + }; + + enableACME = true; + forceSSL = true; + }; + }; + + systemd.services.sharkey = { + # TODO(@bpeetz): `postgresql.target` is only available in NixOS 25.11, as such we + # need to override this back to the postgresql.service. <2025-07-12> + after = lib.mkForce [ + "postgresql.service" + "redis-sharkey.service" + ]; + bindsTo = lib.mkForce [ + "postgresql.service" + "redis-sharkey.service" + ]; + + serviceConfig = { + # The upstream service uses DynamicUsers, which currently poses issues to our + # directory persisting strategy. + User = "sharkey"; + Group = "sharkey"; + DynamicUser = lib.mkForce false; + }; + }; + + vhack = { + nginx.enable = true; + + persist.directories = [ + { + directory = "${config.services.redis.servers."sharkey".settings.dir}"; + user = "sharkey"; + group = "redis-sharey"; + mode = "0770"; + } + { + directory = "${cfg.mediaDirectory}"; + user = "sharkey"; + group = "sharkey"; + mode = "0700"; + } + ]; + }; + + users = { + groups.sharkey = { + gid = config.vhack.constants.ids.gids.sharkey; + }; + users.sharkey = { + isSystemUser = true; + group = "sharkey"; + uid = config.vhack.constants.ids.uids.sharkey; + home = cfg.package; + packages = [cfg.package]; + }; + + groups.redis-sharkey = { + gid = config.vhack.constants.ids.gids.redis-sharkey; + }; + users.redis-sharkey = { + group = "redis-sharkey"; + uid = config.vhack.constants.ids.uids.redis-sharkey; + }; + }; + }; +} |