Home Explore Blog CI



nixpkgs
2nd chunk of `nixos/modules/services/networking/pleroma.md`
7ddd6801a6fc1d8c73c69c202206deba61d3723d28fbccb700000001000008a1
      config :pleroma, :media_proxy,
        enabled: false,
        redirect_on_failure: true

      config :pleroma, Pleroma.Repo,
        adapter: Ecto.Adapters.Postgres,
        username: "pleroma",
        database: "pleroma",
        hostname: "localhost"

      # Configure web push notifications
      config :web_push_encryption, :vapid_details,
        subject: "mailto:admin@example.net"

      # ... TO CONTINUE ...
      ''
    ];
  };
}
```

Secrets must be moved into a file pointed by [](#opt-services.pleroma.secretConfigFile), in our case `/var/lib/pleroma/secrets.exs`. This file can be created copying the previously generated `config.exs` file and then removing all the settings, except the secrets. This is an example
```
# Pleroma instance passwords

import Config

config :pleroma, Pleroma.Web.Endpoint,
   secret_key_base: "<the secret generated by pleroma_ctl>",
   signing_salt: "<the secret generated by pleroma_ctl>"

config :pleroma, Pleroma.Repo,
  password: "<the secret generated by pleroma_ctl>"

# Configure web push notifications
config :web_push_encryption, :vapid_details,
  public_key: "<the secret generated by pleroma_ctl>",
  private_key: "<the secret generated by pleroma_ctl>"

# ... TO CONTINUE ...
```
Note that the lines of the same configuration group are comma separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly.

The service can be enabled with the usual
```ShellSession
$ nixos-rebuild switch
```

The service is accessible only from the local `127.0.0.1:4000` port. It can be tested using a port forwarding like this
```ShellSession
$ ssh -L 4000:localhost:4000 myuser@example.net
```
and then accessing <http://localhost:4000> from a web browser.

## Creating the admin user {#module-services-pleroma-admin-user}

After Pleroma service is running, all [Pleroma administration utilities](https://docs-develop.pleroma.social/) can be used. In particular an admin user can be created with
```ShellSession
$ pleroma_ctl user new <nickname> <email>  --admin --moderator --password <password>
```

## Configuring Nginx {#module-services-pleroma-nginx}
Title: Securing and Deploying the Pleroma Instance
Summary
This section continues the Pleroma setup by emphasizing the importance of securing sensitive information like passwords and secret keys. It details how to separate these secrets into a dedicated file (`secrets.exs`) referenced by the `secretConfigFile` option. It also provides an example of this secrets file. The section also outlines how to enable the service using `nixos-rebuild switch`, test it locally via port forwarding, create an administrator account using `pleroma_ctl`, and provides a brief intro to configuring Nginx.