Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add mastodon package and module #60788

Closed
wants to merge 2 commits into from

Conversation

@petabyteboy
Copy link
Member

@petabyteboy petabyteboy commented May 2, 2019

Motivation for this change

This module can already be used to set up a fully functional mastodon instance, but there is still a lot to do:

  • Discuss if moretea/yarn2nix should be added to nixpkgs again
  • Don't force users to store secrets in nix store
  • Improve documentation of module options
  • Add mastodon user and group ids
  • Add meta information to the mastodon package
  • Investigate if it makes sense to allow enabling and disabling the three services seperately, similar to the kubernetes module

Some things would be nice to have but are not strictly required for a first version in my opinion:

  • Write some tests
  • Investigate if building streaming, sidekiq and web services seperately would be possible and advantageous
  • Add more advanced options, i.e. the number of sidekiq threads, support for S3 storage backend, ...
  • Package mastodon tools like tootctl in a way that makes them easy to use

Any feedback is appreciated :-)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch 7 times, most recently from c750ceb to d8e0488 May 2, 2019
@petabyteboy petabyteboy marked this pull request as ready for review May 2, 2019
@petabyteboy petabyteboy requested a review from Infinisil as a code owner May 2, 2019
@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch from 4c5bd7e to 4f017df May 2, 2019
@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented May 2, 2019

Of course we are facing the same IFD issue with yarn2nix as with riot-desktop and #59111.
It seems like the only solution for now is including yarn.nix and package.json in nixpkgs.

@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch 2 times, most recently from 1ebe235 to c9b430f May 2, 2019
@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented May 2, 2019

Unfortunately it seems like this is a dead end:
moretea/yarn2nix uses builtins.fetchGit, because the yarn.lock file does not contain hashes for git dependencies. builtins.fetchGit doesn't work on Hydra/OfBorg, because it runs at eval-time in restricted mode and network access is not allowed.

I will try to use https://github.com/Profpatsch/yarn2nix tomorrow, which hashes the git dependencies when creating the nix expression, and then uses pkgs.fetchgit. Since we have to include a pregenerated Nix expression for the dependencies anyways (otherwise we get IFD problems), this is a small loss.

@alyssais
Copy link
Member

@alyssais alyssais commented May 3, 2019

@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented May 3, 2019

Can I do ...? @GrahamcOfBorg eval
As I understand it, you should be able to eval, but not build, unless you're a known or trusted user, in OfBorg terminology.

That's what I concluded too, but as it says in the OfBorg readme, there is no reason to call eval manually since it happens automatically.

@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented May 3, 2019

After trying to integrate profpatsch/yarn2nix into nixpkgs, I give up on that. There are multiple broken Haskell packages required for profpatsch/yarn2nix to run.

My new plan is to add support for Hydra-enabled git dependencies to moretea/yarn2nix.

@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented May 3, 2019

Hooray /o/

@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented Oct 21, 2019

Actually it does work by using the migration chain, it's just quite slow.

@ashkitten
Copy link
Contributor

@ashkitten ashkitten commented Oct 21, 2019

to clarify my wishes about custom forks - i meant that more as a blanket statement about making it easy to update mastodon to any release, custom fork or not, because it seemed difficult to assemble all the required components and potentially easy to miss something. i was just advocating for an update script, really. sorry for confusion

@happy-river
Copy link

@happy-river happy-river commented Nov 15, 2019

Actually it does work by using the migration chain, it's just quite slow.

It's too slow for the amount of patience I have, so I found a way to test whether a postgresql database has no tables yet and use rake db:schema:load instead of rake db:migrate in that case. I've also ported the two mastodon tests to the new Python test driver. Both commits can be found in my mastodon-python-tests branch, which is based on this pull request rebased onto a recent master.

keypair=$(bin/rake webpush:generate_keys)
echo $keypair | grep Private | sed 's/^Private -> //' > ${cfg.vapidPrivateKeyFile}
echo $keypair | grep Public | sed 's/^Public -> //' > ${cfg.vapidPublicKeyFile}
Comment on lines 300 to 302

This comment has been minimized.

@happy-river

happy-river Nov 15, 2019

This isn't working as expected. With a configuration that doesn't specify the keys, it puts both keys on a single line into both /var/lib/mastodon/secrets/vapid-private-key and vapid-public-key:

Generated VAPID keypair: Public -> BC8xMKgr9Vtx9Sw2RHxnC__9d61l308waEeFS9XRyhtbbH8m5dsUyQ1S-2rxjEyvAfnOdf8AmzbDLHbAu-fCv4g= Private -> Noj-8wTsdT8zSY1ooBpbWGLJ3IPLj4WWkbSYUKikTr8=

This comment has been minimized.

@petabyteboy

petabyteboy Dec 14, 2019
Author Member

Should be fixed, please confirm

This comment has been minimized.

@happy-river

happy-river Dec 29, 2019

Yes, it's fixed.

@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch from 3a4ef92 to db9718e Nov 15, 2019
@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented Nov 15, 2019

I have pushed your changes to my branch. Thanks!

@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch 3 times, most recently from f8cf0b0 to fabbd0d Nov 22, 2019
@kampka kampka mentioned this pull request Dec 6, 2019
6 of 10 tasks complete
pkgs/servers/mastodon/default.nix Outdated Show resolved Hide resolved
pkgs/top-level/all-packages.nix Outdated Show resolved Hide resolved
@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch 3 times, most recently from 8ec7c7e to 054130e Dec 14, 2019
@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch from 054130e to 0f7f958 Dec 14, 2019
nixos/mastodon: add webserver test
nixos/mastodon: add package tests
Tests and fixes contributed by @happy-river, thanks!
@petabyteboy petabyteboy force-pushed the petabyteboy:feature/mastodon branch from 0f7f958 to b9dc3ee Dec 15, 2019
DB_PASS=$(cat ${cfg.database.passwordFile})
SMTP_PASSWORD=$(cat ${cfg.smtp.passwordFile})
Comment on lines +310 to +311

This comment has been minimized.

@happy-river

happy-river Dec 29, 2019

To support passwords with spaces:

        DB_PASS="$(cat ${cfg.database.passwordFile})"
        SMTP_PASSWORD="$(cat ${cfg.smtp.passwordFile})"

join pg_namespace s on s.oid = c.relnamespace \
where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \
and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then
SAFETY_ASSURED=1 rake db:schema:load

This comment has been minimized.

@happy-river

happy-river Dec 29, 2019

Suggested change
SAFETY_ASSURED=1 rake db:schema:load
SAFETY_ASSURED=1 rake db:schema:load
rake db:seed

Mastodon 3.0.0 added an instance actor account which must be seeded into a newly created production database.

Path to file containing the secret key base
Can be generated by running
cd $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath); bin/rake secret

This comment has been minimized.

@happy-river

happy-river Dec 29, 2019

nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath just tells you what the path of the Mastodon package is. It doesn't actually build the package, so if the package isn't already in the Nix store, as might be the case if you're just getting started setting up this module, this command won't work.

The best replacement I've come up with is: nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret

See my branch 60788-tootctl for a commit where I've made this change in the several places where it is needed, added mention that the keys will be generated automatically if they are not supplied, and also edited most of the other option descriptions for formatting and clarity.

@happy-river
Copy link

@happy-river happy-river commented Dec 29, 2019

I've now successfully created a Mastodon instance using this module and NixOps and a configuration that looks like this:

  tooter = { config, pkgs, ... }: {
    services.mastodon = {
      enable = true;
      configureNginx = true;
      localDomain = "example.com";
      smtp = {
        host = "smtp.example.org";
        port = 587;
        user = "user@mail.example.com";
        fromAddress = "Administrator <admin@mail.example.com>";
      };
    };
    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };

I deployed it, copied my SMTP password over, restarted it, used its web interface to create an account, and then needed to use tootctl to promote the account to an administrator. But tootctl needs Mastodon's environment variables to be set up correctly, or it won't work. My solution to that problem can be found in my 60788-tootctl branch. It creates a shell script mastodon-env which sets up the environment for another command. With that done, making an administrator account became:

$ nixops ssh -d mastodon tooter
[root@tooter:~]# su - mastodon -s /bin/sh
[mastodon@tooter:~]$ mastodon-env tootctl accounts modify myaccount --role admin

This works, but I'm open to better solutions. One feature that might be added to mastodon-env is to make it optionally cd to the Mastodon package directory, which would be helpful if you want to use it to run any rake tasks.

@petabyteboy
Copy link
Member Author

@petabyteboy petabyteboy commented Jan 1, 2020

This project has caused me too much stress and I'm not really interested in improving it any further. Maybe @happy-river can open a PR and continue this.

@petabyteboy petabyteboy closed this Jan 1, 2020
@Miaourt
Copy link

@Miaourt Miaourt commented Jan 1, 2020

Don't worry, Take care of you @petabyteboy !

@happy-river
Copy link

@happy-river happy-river commented Jan 2, 2020

Thanks for everything you've done on this @petabyteboy ! I will continue to work on this and will create a new PR in a few days.

@volth
Copy link
Contributor

@volth volth commented Jan 29, 2020

Any progress with this? It seems like a very good start.

@bqv
Copy link
Contributor

@bqv bqv commented Jan 29, 2020

I actually got this working with a few monkeypatches. Been running it for almost a month. Seems like it shouldn't need much more work.

@@ -0,0 +1,9 @@
let
pkgs = import <nixpkgs> {};

This comment has been minimized.

@volth

volth Jan 30, 2020
Contributor

I am not using <nixpkgs> variable at all (there is <nixpkgs-booted>, <nixpkgs-current> and <nixpkgs-next> instead), so this pattern does not work.
Probably better to change to

{ fetchFromGitHub }:
fetchFromGitHub {
 ...
}

and callPackage ./source-unpatched.nix {}; instead of import ./source-unpatched.nix;;
It is even shorter.

This comment has been minimized.

@happy-river

happy-river Jan 30, 2020

I did pretty much the same thing in #78810 to remove the reference to <nixpkgs>.

@happy-river happy-river mentioned this pull request Jan 30, 2020
5 of 12 tasks complete
@happy-river
Copy link

@happy-river happy-river commented Jan 30, 2020

I've just created #78810 which contains this pull request with improvements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.