diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index 874f054..26e2fda 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -1,34 +1,21 @@ { config, inputs, lib, pkgs, ... }: { - sops.secrets."services/akkoma/mailerPassword" = { + sops.secrets."services/akkoma/mailerPassword" = { sopsFile = ../../../secrets/services/akkoma.yaml; }; sops.secrets."services/akkoma/deepl" = { sopsFile = ../../../secrets/services/akkoma.yaml; }; + services.akkoma = { enable = true; extraPackages = with pkgs; [ exiftool ffmpeg-headless imagemagick ]; extraStatic."emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg; - extraStatic."static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON { - pleroma-dark = "/static/themes/pleroma-dark.json"; - pleroma-light = "/static/themes/pleroma-light.json"; - pleroma-amoled = [ "Pleroma Dark AMOLED" "#000000" "#111111" "#b0b0b1" "#d8a070" "#aa0000" "#0fa00f" "#0095ff" "#d59500"]; - classic-dark = [ "Classic Dark" "#161c20" "#282e32" "#b9b9b9" "#baaa9c" "#d31014" "#0fa00f" "#0095ff" "#ffa500" ]; - bird = [ "Bird" "#f8fafd" "#e6ecf0" "#14171a" "#0084b8" "#e0245e" "#17bf63" "#1b95e0" "#fab81e"]; - ir-black = [ "Ir Black" "#000000" "#242422" "#b5b3aa" "#ff6c60" "#FF6C60" "#A8FF60" "#96CBFE" "#FFFFB6" ]; - monokai = [ "Monokai" "#272822" "#383830" "#f8f8f2" "#f92672" "#F92672" "#a6e22e" "#66d9ef" "#f4bf75" ]; - - redmond-xx = "/static/themes/redmond-xx.json"; - redmond-xx-se = "/static/themes/redmond-xx-se.json"; - redmond-xxi = "/static/themes/redmond-xxi.json"; - breezy-dark = "/static/themes/breezy-dark.json"; - breezy-light = "/static/themes/breezy-light.json"; - paper = "/static/themes/paper.json"; - thekanata = "/static/themes/thekanata.json"; - ihatebeingalive = "/static/themes/ihatebeingalive.json"; - elly-mod = "/static/themes/elly-mod.json"; - }); + extraStatic."static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON ( + builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // { + elly-mod = "/static/themes/elly-mod.json"; + } + )); extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json); @@ -54,8 +41,25 @@ }; }; services.akkoma.config = let - inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom mkMap mkTuple; + inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom mkTuple; + mapAttrsToListOfTuple = attr: lib.mapAttrsToList (name: value: mkTuple [ name value ]) attr; + + mkMapOfPredefinedKeys = set: let + string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\""; + + toElixir = value: + if value == null then "nil" else + if lib.isString value then string value else + if builtins.isBool value then lib.boolToString value else + if lib.isInt value || lib.isFloat value then toString value else + abort "Not a elixir value ${value}"; + + entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value: + "${toElixir name}: ${toElixir value}" + ) attrs); + in mkRaw "%{${entries set}}"; + in { ":pleroma" = { ":instance" = { @@ -75,14 +79,16 @@ registration_reason_length = 2048; account_approval_required = true; account_activation_required = true; - federation = false; + federating = false; federation_incoming_replies_max_depth = 1024; + federation_reachability_timeout_days = 14; + allow_relay = true; max_pinned_statuses = 10; + max_report_comment_size = 2048; safe_dm_mentions = true; remote_post_retention_days = 365; user_bio_length = 8192; user_name_length = 64; - max_account_fields = 8; cleanup_attachments = true; local_bubble = [ "solitary.social" @@ -95,6 +101,8 @@ "Pleroma.Web.Endpoint".url.host = "florp.social"; + "Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C"; + "Pleroma.Emails.Mailer" = { enabled = true; adapter = mkRaw "Swoosh.Adapters.SMTP"; @@ -134,27 +142,36 @@ ":mrf".policies = map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" "Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy" + "Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy" ]; ":mrf_simple" = { reject = mapAttrsToListOfTuple { - "bae.st" = "harassment"; - "brighteon.social" = "incompatible"; - "detroitriotcity.com" = "incompatible"; - "freeatlantis.com" = "incompatible"; - "freespeechextremist.com" = "incompatible"; - "gab.com" = "incompatible"; - "gleasonator.com" = "incompatible"; - "kitsunemimi.club" = "incompatible"; - "poa.st" = "incompatible"; - "seal.cafe" = "harassment"; - "social.quodverum.com" = "incompatible"; - "spinster.xyz" = "incompatible"; - "truthsocial.co.in" = "incompatible"; - "varishangout.net" = "incompatible"; - "activitypub-troll.cf" = "security"; - "misskey-forkbomb.cf" = "security"; - "repl.co" = "security"; + "bae.st" = "transphobia / queerphobia"; + "brighteon.social" = "transphobia, pro trump"; + "detroitriotcity.com" = "transphobia / queerphobia"; + "freeatlantis.com" = "harassment"; + "freespeechextremist.com" = "N/A"; + "gab.com" = "N/A"; + "gleasonator.com" = "transphobia"; + "kitsunemimi.club" = "transphobia"; + "kiwifarms.*" = "N/A"; + "poa.st" = "queerphobia / racism / nazis"; + "seal.cafe" = "transphobia"; + "social.quodverum.com" = "N/A"; + "spinster.xyz" = "transphobia"; + "truthsocial.co.in" = "N/A"; + "varishangout.net" = "transphobia"; + "activitypub-troll.cf" = "N/A"; + "misskey-forkbomb.cf" = "N/A"; + "repl.co" = "N/A"; + "rape.pet" = "CP"; + "childlove.space" = "CP"; + "pedo.school" = "CP"; + "loli.church" = "transphobia"; + "usasa.ky" = "spam"; + "tickler.cc" = "spam"; + "shitposter.club" = "transphobia"; }; followers_only = mapAttrsToListOfTuple { @@ -165,7 +182,7 @@ ":mrf_object_age".threshold = 180 * 24 * 3600; ":frontend_configurations" = { - pleroma_fe = mkMap { + pleroma_fe = mkMapOfPredefinedKeys { background = "/images/sylvia-ritter-15012323.avif"; collapseMessageWithSubject = true; streaming = true; @@ -185,9 +202,10 @@ }; ":restrict_unauthenticated" = { - timelines = mkMap { + timelines = mkMapOfPredefinedKeys { local = false; - federated = true; + federated = false; + bubble = true; }; }; @@ -222,8 +240,30 @@ access_log off; ''; }; - kyouma.nginx.virtualHosts = { + kyouma.nginx.virtualHosts = let + proxyCache = '' + proxy_cache akkoma_media_cache; + + # Cache objects in slices of 1 MiB + slice 1m; + proxy_cache_key $host$uri$is_args$args$slice_range; + proxy_set_header Range $slice_range; + + # Decouple proxy and upstream responses + proxy_buffering on; + proxy_cache_lock on; + proxy_ignore_client_abort on; + + # Default cache times for various responses + proxy_cache_valid 200 1y; + proxy_cache_valid 206 301 304 1h; + + # Allow serving of stale items + proxy_cache_use_stale error timeout invalid_header updating; + ''; + in { "florp.social" = { + serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ]; locations."/" = { proxyPass = "http://unix:/run/akkoma/socket"; proxyWebsockets = true; @@ -236,7 +276,9 @@ useACMEHost = "florp.social"; locations."/" = { proxyPass = "http://unix:/run/akkoma/socket"; - extraConfig = "rewrite ^(?!/media)(.*)$ /media$1;"; + extraConfig = '' + rewrite ^(?!/media)(.*)$ /media$1; + '' + proxyCache; }; }; @@ -246,27 +288,12 @@ proxyPass = "http://unix:/run/akkoma/socket"; extraConfig = '' rewrite ^(?!/proxy)(.*)$ /proxy$1; - proxy_cache akkoma_media_cache; - - # Cache objects in slices of 1 MiB - slice 1m; - proxy_cache_key $host$uri$is_args$args$slice_range; - proxy_set_header Range $slice_range; - - # Decouple proxy and upstream responses - proxy_buffering on; - proxy_cache_lock on; - proxy_ignore_client_abort on; - - # Default cache times for various responses - proxy_cache_valid 200 1y; - proxy_cache_valid 206 301 304 1h; - - # Allow serving of stale items - proxy_cache_use_stale error timeout invalid_header updating; - ''; + '' + proxyCache; }; }; }; - security.acme.certs."florp.social".extraDomainNames = [ "cache.florp.social" "media.florp.social" ]; + security.acme.certs."florp.social".extraDomainNames = [ + "cache.florp.social" + "media.florp.social" + ] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ]; } diff --git a/flake.lock b/flake.lock index 4489d96..d8a21bd 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730257295, - "narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=", + "lastModified": 1730906442, + "narHash": "sha256-tBuyb8jWBSHHgcIrOfiyQJZGY1IviMzH2V74t7gWfgI=", "owner": "zhaofengli", "repo": "attic", - "rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c", + "rev": "d0b66cf897e4d55f03d341562c9821dc4e566e54", "type": "github" }, "original": { @@ -483,11 +483,11 @@ ] }, "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { @@ -593,16 +593,16 @@ ] }, "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "owner": "NuschtOS", "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.5", + "ref": "v0.0.6", "repo": "ixx", "type": "github" } @@ -693,11 +693,11 @@ ] }, "locked": { - "lastModified": 1730600078, - "narHash": "sha256-BoyFmE59HDF3uybBySsWVoyjNuHvz3Wv8row/mSb958=", + "lastModified": 1730779758, + "narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4652874d014b82cb746173ffc64f6a70044daa7e", + "rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb", "type": "github" }, "original": { @@ -795,11 +795,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730828750, - "narHash": "sha256-XrnZLkLiBYNlwV5gus/8DT7nncF1TS5la6Be7rdVOpI=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "2e78b1af8025108ecd6edaa3ab09695b8a4d3d55", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -957,11 +957,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1730792264, - "narHash": "sha256-Ue3iywjyaNOxXgw7esVSBX3bZzM2bSPubZamYsBKIG8=", + "lastModified": 1730877618, + "narHash": "sha256-HQTKujMb6SwnOqtWA+A7lR4MOCBZUW4vtrkK1E/QweU=", "owner": "nix-community", "repo": "nixvim", - "rev": "3d24cb72618738130e6af9c644c81fe42aa34ebc", + "rev": "898246c943ba545a79d585093e97476ceb31f872", "type": "github" }, "original": { @@ -980,11 +980,11 @@ ] }, "locked": { - "lastModified": 1730515563, - "narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=", + "lastModified": 1730760712, + "narHash": "sha256-F4H98tjNgySlSLItuOqHYo9LF85rFoS/Vr0uOrq7BM4=", "owner": "NuschtOS", "repo": "search", - "rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e", + "rev": "aa5214c81b904a19f7a54f7a8f288f7902586eee", "type": "github" }, "original": { @@ -1038,11 +1038,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1730883027, + "narHash": "sha256-pvXMOJIqRW0trsW+FzRMl6d5PbsM4rWfD5lcKCOrrwI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "c5ae1e214ff935f2d3593187a131becb289ea639", "type": "github" }, "original": { @@ -1072,11 +1072,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1729963473, - "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=", + "lastModified": 1730924223, + "narHash": "sha256-tGvmW0qih+dCAH9L4BEMYMiHcBoJVZtESbC9WH0EEuw=", "owner": "danth", "repo": "stylix", - "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b", + "rev": "762c07ee10b381bc8e085be5b6c2ec43139f13b0", "type": "github" }, "original": { diff --git a/pkgs/akkoma-fe-domi/default.nix b/pkgs/akkoma-fe-domi/default.nix index 1ffd048..2c791f9 100644 --- a/pkgs/akkoma-fe-domi/default.nix +++ b/pkgs/akkoma-fe-domi/default.nix @@ -23,6 +23,11 @@ in { # Build scripts assume to be used within a Git repository checkout substituteInPlace src/modules/instance.js \ --replace-fail "widenTimeline: true" 'widenTimeline: "50%"' + + substituteInPlace src/i18n/en.json \ + --replace-fail "meow" "florp" \ + --replace-fail "Meow" "Florp" + sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \ build/webpack.prod.conf.js ''; diff --git a/pkgs/update-nixfiles/update-nixfiles.sh b/pkgs/update-nixfiles/update-nixfiles.sh index dc7721f..22724b2 100644 --- a/pkgs/update-nixfiles/update-nixfiles.sh +++ b/pkgs/update-nixfiles/update-nixfiles.sh @@ -6,6 +6,7 @@ BRANCH="update-inputs-$(date +%Y-%m-%d-%H-%M)" HYDRA_URL="https://hydra.kyouma.net" JOBSET_URL="${HYDRA_URL}/jobset/nixfiles/update-inputs" ROOT="$(mktemp -d)" +START_TIME="$(date +%s)" gitin () { git -C "${ROOT}/nixfiles" "$@" @@ -21,20 +22,31 @@ merge_theirs () { } test_build () { + local last_error local build_jobs + build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")" for build in ${build_jobs}; do local build_status + while true; do local build_finished build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")" [[ ${build_finished} == 1 ]] && break sleep 5 done + build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")" - [[ $build_status != 0 ]] && echo "Build ${build} failed" && exit 1 + [[ $build_status != 0 ]] && + echo "Build ${build} failed" && + exit 1 echo "Build ${build} was successful" done + + last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")" + [[ $last_error -gt $START_TIME ]] && + echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="${last_error}")" && + exit 1 } wait_for_hydra () { @@ -42,9 +54,9 @@ wait_for_hydra () { local hydra_rev local counter counter=0 - git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)" + git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)" while true; do - hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")" + hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")" if [[ "${git_rev}" == "${hydra_rev}" ]]; then echo "Hydra got new commit" break @@ -87,7 +99,7 @@ gitin push origin update-inputs echo "Waiting for hydra to get new commit" export -f wait_for_hydra -timeout 4h bash -c wait_for_hydra +timeout 4h bash -c "wait_for_hydra ${ROOT} ${JOBSET_URL}" echo "Testing if all build jobs completed successfully" test_build