Home Explore Blog Models CI



nixpkgs
2nd chunk of `nixos/modules/services/networking/pleroma.md`
48a3991bc5690e8d1755c790fcff5f93f2b9479f1760cadc0000000100000892
          enabled: false,
          redirect_on_failure: true

        config :pleroma, Pleroma.Repo,
          adapter: Ecto.Adapters.Postgres,
          username: "pleroma",
          database: "pleroma",
          hostname: "localhost"

        # Configure web push notifications
        config :web_push_encryption, :vapid_details,
          subject: "mailto:admin@example.net"

        # ... TO CONTINUE ...
      ''
    ];
  };
}
```

Secrets must be moved into a file pointed by [](#opt-services.pleroma.secretConfigFile), in our case `/var/lib/pleroma/secrets.exs`. This file can be created copying the previously generated `config.exs` file and then removing all the settings, except the secrets. This is an example
```
# Pleroma instance passwords

import Config

config :pleroma, Pleroma.Web.Endpoint,
   secret_key_base: "<the secret generated by pleroma_ctl>",
   signing_salt: "<the secret generated by pleroma_ctl>"

config :pleroma, Pleroma.Repo,
  password: "<the secret generated by pleroma_ctl>"

# Configure web push notifications
config :web_push_encryption, :vapid_details,
  public_key: "<the secret generated by pleroma_ctl>",
  private_key: "<the secret generated by pleroma_ctl>"

# ... TO CONTINUE ...
```
Note that the lines of the same configuration group are comma separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly.

The service can be enabled with the usual
```ShellSession
$ nixos-rebuild switch
```

The service is accessible only from the local `127.0.0.1:4000` port. It can be tested using a port forwarding like this
```ShellSession
$ ssh -L 4000:localhost:4000 myuser@example.net
```
and then accessing <http://localhost:4000> from a web browser.

## Creating the admin user {#module-services-pleroma-admin-user}

After Pleroma service is running, all [Pleroma administration utilities](https://docs-develop.pleroma.social/) can be used. In particular an admin user can be created with
```ShellSession
$ pleroma_ctl user new <nickname> <email>  --admin --moderator --password <password>
```

## Configuring Nginx {#module-services-pleroma-nginx}
Title: Pleroma Service Activation, Secret Management, and Initial User Setup on NixOS
Summary
This chunk details the final steps for enabling the Pleroma service on NixOS, focusing on best practices for secret management. It illustrates how to move sensitive configurations like `secret_key_base`, `signing_salt`, database passwords, and web push notification keys into a separate `secrets.exs` file, distinct from the main NixOS configuration, and notes the importance of proper comma separation in these Elixir config files. After activating the service with `nixos-rebuild switch`, instructions are provided for local access via port forwarding and for creating an initial administrator user using the `pleroma_ctl user new` command.