Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add misskey package and module #161855

Closed
wants to merge 4 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
Original file line number Diff line number Diff line change
Expand Up @@ -809,6 +809,7 @@
./services/networking/monero.nix
./services/networking/morty.nix
./services/networking/miredo.nix
./services/networking/misskey.nix
./services/networking/mstpd.nix
./services/networking/mtprotoproxy.nix
./services/networking/mtr-exporter.nix
Expand Down
70 changes: 70 additions & 0 deletions nixos/modules/services/networking/misskey.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:

let
cfg = config.services.misskey;

settingsFormat = pkgs.formats.yaml {};
configFile = settingsFormat.generate "misskey-config.yml" cfg.settings;
in {
options = {
services.misskey = with lib; {
enable = mkEnableOption "misskey";

settings = mkOption {
type = settingsFormat.type;
default = {};
description = ''
Configuration for Misskey, see
<link xlink:href="https://github.com/misskey-dev/misskey/blob/develop/.config/example.yml"/>
for supported settings.
'';
};
};
};

config = lib.mkIf cfg.enable {
documentation.enable = false;

systemd.services.misskey = {
after = [ "network-online.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /run/misskey/default.yml
cd ${pkgs.misskey}/packages/backend
./node_modules/.bin/typeorm migration:run
'';
serviceConfig = {
StateDirectory = "misskey";
StateDirectoryMode = "700";
RuntimeDirectory = "misskey";
RuntimeDirectoryMode = "700";
ExecStart = "${pkgs.nodejs}/bin/node --experimental-json-modules ${pkgs.misskey}/packages/backend/built/index.js";
TimeoutSec = 60;

# implies RemoveIPC=, PrivateTmp=, NoNewPrivileges=, RestrictSUIDSGID=,
# ProtectSystem=strict, ProtectHome=read-only
DynamicUser = true;
LockPersonality = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectProc = "invisible";
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
UMask = "0077";
yu-re-ka marked this conversation as resolved.
Show resolved Hide resolved
};
environment.NODE_ENV = "production";
};
};
meta.maintainers = with lib.maintainers; [ yuka ];
meta.doc = ./misskey.xml;
}
103 changes: 103 additions & 0 deletions nixos/modules/services/networking/misskey.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="misskey">
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the outermost element should be a <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="misskey">, otherwise the manual doesn't build

<title>Misskey</title>
<para>
<link xlink:href="https://misskey-hub.net">Misskey</link> is an
ActivityPub Server.
</para>
<section xml:id="setting-up-misskey">
<title>Setting up Misskey</title>
<para>
Misskey needs PostgreSQL and Redis as dependencies.
</para>
<section xml:id="postgresql">
<title>PostgreSQL</title>
<para>
For PostgreSQL, add the following snippet to your
<literal>configuration.nix</literal>:
</para>
<programlisting language="bash">
services.postgresql = {
enable = true;
ensureDatabases = [ &quot;misskey&quot; ];
ensureUsers = [
{
name = &quot;misskey&quot;;
ensurePermissions.&quot;DATABASE misskey&quot; = &quot;ALL PRIVILEGES&quot;;
}
];
};
</programlisting>
</section>
<section xml:id="redis">
<title>Redis</title>
<para>
For Redis, add the following snippet to your
<literal>configuration.nix</literal>:
</para>
<programlisting language="bash">
services.redis.servers.misskey = {
enable = true;
bind = &quot;127.0.0.1&quot;;
port = 16434;
};
</programlisting>
</section>
<section xml:id="nginx">
<title>nginx</title>
<para>
An example nginx config could look like the following:
</para>
<programlisting language="bash">
services.nginx = {
enable = true;

recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;

nginx.virtualHosts.&quot;misskey.example.net&quot; = {
enableACME = true;
forceSSL = true;
locations = {
&quot;/&quot; = {
proxyPass = &quot;http://127.0.0.1:${toString config.services.misskey.settings.port}/&quot;;
proxyWebsockets = true;
};
};
};
};
</programlisting>
</section>
<section xml:id="misskey-1">
<title>Misskey</title>
<para>
Example misskey config:
</para>
<programlisting language="bash">
services.misskey = {
enable = true;
settings = {
url = &quot;https://misskey.example.net/&quot;;
port = 11231;
id = &quot;aid&quot;;
db = {
host = &quot;/run/postgresql&quot;;
port = config.services.postgresql.port;
user = &quot;misskey&quot;;
};
redis = {
host = &quot;localhost&quot;;
port = config.services.redis.servers.misskey.port;
};
};
};
</programlisting>
<para>
Additional configuration options can be found on
<link xlink:href="https://github.com/misskey-dev/misskey/blob/develop/.config/example.yml">misskey's
GitHub repository</link>.
</para>
</section>
</section>
</section>
95 changes: 95 additions & 0 deletions pkgs/servers/misskey/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchYarnDeps
, fixup_yarn_lock
, yarn
, nodejs
, python3
, pkg-config
, glib
, vips
}:

let
version = "12.108.1";

src = fetchFromGitHub {
owner = "misskey-dev";
repo = "misskey";
rev = version;
sha256 = "sha256-NTspyTNy3cqc43+YLeCKRR46D7BvtIWoNCmwgqykHgs=";
};

deps = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
sha256 = "sha256-1NEeuBVp5e7RtFzYeT4nTGxGs2oeTxqiz20pEZXmcbo=";
};
backendDeps = fetchYarnDeps {
yarnLock = "${src}/packages/backend/yarn.lock";
sha256 = "sha256-G01hkYthBCZnsvPNaTIXSgTN9/1inJXhh34umxfxUsc=";
};
clientDeps = fetchYarnDeps {
yarnLock = "${src}/packages/client/yarn.lock";
sha256 = "sha256-LwGjqHN59KditL3igVP1/TZ7cZSbrZopOl9A0c1nlW8=";
};

in stdenv.mkDerivation {
pname = "misskey";
inherit version src;

nativeBuildInputs = [ fixup_yarn_lock yarn nodejs python3 pkg-config ];
buildInputs = [ glib vips ];

buildPhase = ''
export HOME=$PWD
export NODE_ENV=production

# Build node modules
fixup_yarn_lock yarn.lock
fixup_yarn_lock packages/backend/yarn.lock
fixup_yarn_lock packages/client/yarn.lock
yarn config --offline set yarn-offline-mirror ${deps}
yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
(
cd packages/backend
yarn config --offline set yarn-offline-mirror ${backendDeps}
yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
)
(
cd packages/client
yarn config --offline set yarn-offline-mirror ${clientDeps}
yarn install --offline --frozen-lockfile --ignore-engines --ignore-scripts --no-progress
)
patchShebangs node_modules
patchShebangs packages/backend/node_modules
patchShebangs packages/client/node_modules
(
cd packages/backend/node_modules/re2
npm_config_nodedir=${nodejs} npm run rebuild
)
(
cd packages/backend/node_modules/sharp
npm_config_nodedir=${nodejs} ../.bin/node-gyp rebuild
)

yarn build
'';

installPhase = ''
mkdir -p $out/packages/client
ln -s /var/lib/misskey $out/files
ln -s /run/misskey $out/.config
cp -r locales node_modules built $out
cp -r packages/backend $out/packages/backend
cp -r packages/client/assets $out/packages/client/assets
'';

meta = with lib; {
description = "Interplanetary microblogging platform. 🚀";
homepage = "https://misskey-hub.net/";
license = licenses.agpl3;
maintainers = with maintainers; [ yuka kloenk ];
platforms = platforms.unix;
};
}
2 changes: 2 additions & 0 deletions pkgs/top-level/all-packages.nix
Original file line number Diff line number Diff line change
Expand Up @@ -21473,6 +21473,8 @@ with pkgs;

miniHttpd = callPackage ../servers/http/mini-httpd {};

misskey = callPackage ../servers/misskey { };

mlflow-server = callPackage ../servers/mlflow-server { };

mlmmj = callPackage ../servers/mail/mlmmj { };
Expand Down