···

       
13
       
 
       
    hostname = "lemmy.union.rocks";

     

       
14
       
 
       
    database.createLocally = true;

     

       
15
       
 
       
  };

     

       
16
       
-
       
  jwtSecretPath = "/run/secrets/lemmyJwt";

     

       
17
       
 
       
  caddy.enable = true;

     

       
18
       
 
       
}

     

       
19
       
 
       
```

     

       
20
       
-
       


     

       
21
       
-
       
(note that you can use something like agenix to get your secret jwt to the specified path)

     

       
22
       
 
       


     

       
23
       
 
       
this will start the backend on port 8536 and the frontend on port 1234.

     

       
24
       
 
       
It will expose your instance with a caddy reverse proxy to the hostname you've provided.

     

···

       
13
       
 
       
    hostname = "lemmy.union.rocks";

     

       
14
       
 
       
    database.createLocally = true;

     

       
15
       
 
       
  };

     

       
0
       
 
       

     

       
16
       
 
       
  caddy.enable = true;

     

       
17
       
 
       
}

     

       
18
       
 
       
```

     

       
0
       
 
       

     

       
0
       
 
       

     

       
19
       
 
       


     

       
20
       
 
       
this will start the backend on port 8536 and the frontend on port 1234.

     

       
21
       
 
       
It will expose your instance with a caddy reverse proxy to the hostname you've provided.

     

···

       
10
       
 
       
  # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml`

     

       
11
       
 
       
  meta.doc = ./lemmy.xml;

     

       
12
       
 
       


     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
13
       
 
       
  options.services.lemmy = {

     

       
14
       
 
       


     

       
15
       
 
       
    enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust");

     

       
16
       
-
       


     

       
17
       
-
       
    jwtSecretPath = mkOption {

     

       
18
       
-
       
      type = types.path;

     

       
19
       
-
       
      description = lib.mdDoc "Path to read the jwt secret from.";

     

       
20
       
-
       
    };

     

       
21
       
 
       


     

       
22
       
 
       
    ui = {

     

       
23
       
 
       
      port = mkOption {

     
···

       
168
       
 
       


     

       
169
       
 
       
        requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ];

     

       
170
       
 
       


     

       
171
       
-
       
        # script is needed here since loadcredential is not accessible on ExecPreStart

     

       
172
       
 
       
        script = ''

     

       
173
       
 
       
          ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson

     

       
174
       
-
       
          jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )"

     

       
175
       
-
       
          ${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson

     

       
176
       
 
       
          ${pkgs.lemmy-server}/bin/lemmy_server

     

       
177
       
 
       
        '';

     

       
178
       
 
       


     

       
179
       
 
       
        serviceConfig = {

     

       
180
       
 
       
          DynamicUser = true;

     

       
181
       
 
       
          RuntimeDirectory = "lemmy";

     

       
182
       
-
       
          LoadCredential = "jwt_secret:${cfg.jwtSecretPath}";

     

       
183
       
 
       
        };

     

       
184
       
 
       
      };

     

       
185
       
 
       


     

···

       
10
       
 
       
  # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml`

     

       
11
       
 
       
  meta.doc = ./lemmy.xml;

     

       
12
       
 
       


     

       
13
       
+
       
  imports = [

     

       
14
       
+
       
    (mkRemovedOptionModule [ "services" "lemmy" "jwtSecretPath" ] "As of v0.13.0, Lemmy auto-generates the JWT secret.")

     

       
15
       
+
       
  ];

     

       
16
       
+
       


     

       
17
       
 
       
  options.services.lemmy = {

     

       
18
       
 
       


     

       
19
       
 
       
    enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust");

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
20
       
 
       


     

       
21
       
 
       
    ui = {

     

       
22
       
 
       
      port = mkOption {

     
···

       
167
       
 
       


     

       
168
       
 
       
        requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ];

     

       
169
       
 
       


     

       
0
       
 
       

     

       
170
       
 
       
        script = ''

     

       
171
       
 
       
          ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson

     

       
0
       
 
       

     

       
0
       
 
       

     

       
172
       
 
       
          ${pkgs.lemmy-server}/bin/lemmy_server

     

       
173
       
 
       
        '';

     

       
174
       
 
       


     

       
175
       
 
       
        serviceConfig = {

     

       
176
       
 
       
          DynamicUser = true;

     

       
177
       
 
       
          RuntimeDirectory = "lemmy";

     

       
0
       
 
       

     

       
178
       
 
       
        };

     

       
179
       
 
       
      };

     

       
180
       
 
       


     

···

       
8
       
 
       
    <para>

     

       
9
       
 
       
      the minimum to start lemmy is

     

       
10
       
 
       
    </para>

     

       
11
       
-
       
    <programlisting language="bash">

     

       
12
       
 
       
services.lemmy = {

     

       
13
       
 
       
  enable = true;

     

       
14
       
 
       
  settings = {

     

       
15
       
 
       
    hostname = &quot;lemmy.union.rocks&quot;;

     

       
16
       
 
       
    database.createLocally = true;

     

       
17
       
 
       
  };

     

       
18
       
-
       
  jwtSecretPath = &quot;/run/secrets/lemmyJwt&quot;;

     

       
19
       
 
       
  caddy.enable = true;

     

       
20
       
 
       
}

     

       
21
       
 
       
</programlisting>

     

       
22
       
-
       
    <para>

     

       
23
       
-
       
      (note that you can use something like agenix to get your secret

     

       
24
       
-
       
      jwt to the specified path)

     

       
25
       
-
       
    </para>

     

       
26
       
 
       
    <para>

     

       
27
       
 
       
      this will start the backend on port 8536 and the frontend on port

     

       
28
       
 
       
      1234. It will expose your instance with a caddy reverse proxy to

     

···

       
8
       
 
       
    <para>

     

       
9
       
 
       
      the minimum to start lemmy is

     

       
10
       
 
       
    </para>

     

       
11
       
+
       
    <programlisting language="nix">

     

       
12
       
 
       
services.lemmy = {

     

       
13
       
 
       
  enable = true;

     

       
14
       
 
       
  settings = {

     

       
15
       
 
       
    hostname = &quot;lemmy.union.rocks&quot;;

     

       
16
       
 
       
    database.createLocally = true;

     

       
17
       
 
       
  };

     

       
0
       
 
       

     

       
18
       
 
       
  caddy.enable = true;

     

       
19
       
 
       
}

     

       
20
       
 
       
</programlisting>

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
21
       
 
       
    <para>

     

       
22
       
 
       
      this will start the backend on port 8536 and the frontend on port

     

       
23
       
 
       
      1234. It will expose your instance with a caddy reverse proxy to

     

···

       
14
       
 
       
    "${lemmyNodeName}" = {

     

       
15
       
 
       
      services.lemmy = {

     

       
16
       
 
       
        enable = true;

     

       
17
       
-
       
        jwtSecretPath = pkgs.writeTextFile {

     

       
18
       
-
       
          name = "lemmy-secret";

     

       
19
       
-
       
          text = "very-secret-password123";

     

       
20
       
-
       
        };

     

       
21
       
 
       
        ui.port = uiPort;

     

       
22
       
 
       
        settings = {

     

       
23
       
 
       
          hostname = "http://${lemmyNodeName}";

     

···

       
14
       
 
       
    "${lemmyNodeName}" = {

     

       
15
       
 
       
      services.lemmy = {

     

       
16
       
 
       
        enable = true;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
17
       
 
       
        ui.port = uiPort;

     

       
18
       
 
       
        settings = {

     

       
19
       
 
       
          hostname = "http://${lemmyNodeName}";