mikael/nixfiles-emily
1
0
Fork 0
forked from emily/nixfiles
Code Pull requests Activity
nixfiles-emily/config/services/akkoma/default.nix
emily ff8630ece5
Thank you domi
2024-11-14 11:11:46 +01:00

309 lines
9.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, inputs, lib, pkgs, ... }: {
sops.secrets."services/akkoma/mailerPassword" = {
sopsFile = ../../../secrets/services/akkoma.yaml;
};
sops.secrets."services/akkoma/deepl" = {
sopsFile = ../../../secrets/services/akkoma.yaml;
};
services.akkoma = {
enable = true;
extraPackages = with pkgs; [ exiftool ffmpeg-headless imagemagick ];
extraStatic."emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
extraStatic."emoji/florp" = pkgs.runCommandNoCC "florp" {
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
} ''
mkdir $out
cp $src $out/florp.png
'';
extraStatic."static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
elly-mod = "/static/themes/elly-mod.json";
}
));
extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
extraStatic."static/custom.css" = pkgs.writeText "custom.css" ''
.tos-content img, .terms-of-service img {
max-width: 100%;
}
'';
extraStatic."static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default;
extraStatic."images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper;
extraStatic."images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner;
extraStatic."favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon;
frontends = {
primary = {
package = pkgs.akkoma-fe-domi;
name = "akkoma-fe";
ref = "5f0339ce00";
};
admin = {
package = pkgs.akkoma-frontends.admin-fe;
name = "admin-fe";
ref = "stable";
};
};
};
services.akkoma.config = let
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom mkTuple;
mapAttrsToListOfTuple = attr: lib.mapAttrsToList (name: value: mkTuple [ name value ]) attr;
mkMapOfPredefinedKeys = set: let
string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\"";
toElixir = value:
if value == null then "nil" else
if lib.isString value then string value else
if builtins.isBool value then lib.boolToString value else
if lib.isInt value || lib.isFloat value then toString value else
abort "Not a elixir value ${value}";
entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value:
"${toElixir name}: ${toElixir value}"
) attrs);
in mkRaw "%{${entries set}}";
in {
":pleroma" = {
":instance" = {
name = "florp.social";
email = "contact@florp.social";
notify_email = "noreply@florp.social";
description = "Likes are now florps. The timeline goes sideways.";
instance_thumbnail = "/instance/thumbnail.avif";
limit = 69420;
description_limit = 69420;
remote_limit = 131072;
upload_limit = 256 * 1024 * 1024;
avatar_upload_limit = 4 * 1024 * 1024;
background_upload_limit = 8 * 1024 * 1024;
banner_upload_limit = 8 * 1024 * 1024;
registrations_open = true;
registration_reason_length = 2048;
account_approval_required = true;
account_activation_required = true;
federating = true;
federation_incoming_replies_max_depth = 1024;
federation_reachability_timeout_days = 14;
allow_relay = true;
max_pinned_statuses = 10;
max_report_comment_size = 2048;
safe_dm_mentions = true;
remote_post_retention_days = 365;
user_bio_length = 8192;
user_name_length = 64;
cleanup_attachments = true;
local_bubble = [
"solitary.social"
"donotsta.re"
"chaos.social"
];
};
"Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha";
"Pleroma.Web.Endpoint".url.host = "florp.social";
"Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C";
"Pleroma.Emails.Mailer" = {
enabled = true;
adapter = mkRaw "Swoosh.Adapters.SMTP";
relay = "mail.kyouma.net";
username = "noreply@florp.social";
password._secret = config.sops.secrets."services/akkoma/mailerPassword".path;
port = 465;
ssl = true;
auth = mkRaw ":always";
};
":database".rum_enabled = true;
":media_proxy" = {
enabled = true;
base_url = "https://cache.florp.social";
proxy_opts.redirect_on_failure = true;
proxy_opts.max_body_length = 64 * 1024 * 1024;
};
":media_preview_proxy" = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
min_content_length = 128 * 1024;
};
"Pleroma.Upload".base_url = "https://media.florp.social";
"Pleroma.Upload".filters = map mkRaw [
"Pleroma.Upload.Filter.Exiftool.ReadDescription"
"Pleroma.Upload.Filter.Exiftool.StripMetadata"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
":mrf".policies = map mkRaw [
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
"Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy"
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
];
":mrf_simple" = {
reject = mapAttrsToListOfTuple {
"bae.st" = "transphobia, queerphobia";
"brighteon.social" = "transphobia, rightwing extremism";
"detroitriotcity.com" = "transphobia, queerphobia";
"freeatlantis.com" = "harassment";
"freespeechextremist.com" = "N/A";
"gab.com" = "N/A";
"gleasonator.com" = "transphobia";
"kitsunemimi.club" = "transphobia";
"kiwifarms.*" = "harassment";
"poa.st" = "queerphobia, racism, rightwing extremism";
"seal.cafe" = "transphobia";
"social.quodverum.com" = "N/A";
"spinster.xyz" = "transphobia";
"truthsocial.co.in" = "N/A";
"varishangout.net" = "transphobia";
"activitypub-troll.cf" = "N/A";
"misskey-forkbomb.cf" = "security";
"repl.co" = "N/A";
"rape.pet" = "CSAM";
"childlove.space" = "CSAM";
"pedo.school" = "CSAM";
"loli.church" = "transphobia";
"usasa.ky" = "spam";
"tickler.cc" = "spam";
"shitposter.club" = "transphobia";
};
followers_only = mapAttrsToListOfTuple {
"bitcoinhackers.org" = "annoying";
};
};
":mrf_object_age".threshold = 180 * 24 * 3600;
":frontend_configurations" = {
pleroma_fe = mkMapOfPredefinedKeys {
background = "/images/sylvia-ritter-15012323.avif";
nsfwCensorImage = "/static/blurhash-overlay.png";
collapseMessageWithSubject = true;
streaming = true;
webPushNotifications = true;
useStreamingApi = true;
scopeCopy = true;
subjectLineBehavior = "masto";
alwaysShowSubjectInput = true;
postContentType = "text/markdown";
modalOnRepeat = true;
minimalScopesMode = true;
redirectRootNoLogin = "/about";
translationLanguage = "en";
theme = "elly-mod";
};
};
":restrict_unauthenticated" = {
timelines = mkMapOfPredefinedKeys {
local = false;
federated = false;
bubble = true;
};
};
":translator" = {
enabled = true;
module = mkRaw "Pleroma.Akkoma.Translators.DeepL";
};
":deepl" = {
tier = mkAtom ":free";
api_key._secret = config.sops.secrets."services/akkoma/deepl".path;
};
};
":web_push_encryption".":vapid_details" = {
subject = "mailto:contact@florp.social";
};
":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer";
};
services.postgresql.enable = true;
services.postgresql.extraPlugins = [
pkgs.postgresql16Packages.rum
];
services.nginx = {
clientMaxBodySize = "256m";
commonHttpConfig = ''
access_log off;
proxy_cache_path /var/cache/nginx/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:64m max_size=64g
inactive=1y use_temp_path=off;
'';
};
kyouma.nginx.virtualHosts = let
proxyCache = ''
proxy_cache akkoma_media_cache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
in {
"florp.social" = {
serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ];
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
proxyWebsockets = true;
};
locations."^/media(/.*)$".return = "308 https://media.florp.social$1";
locations."^/proxy(/.*)$".return = "308 https://cache.florp.social$1";
};
"media.florp.social" = {
useACMEHost = "florp.social";
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
rewrite ^(?!/media)(.*)$ /media$1;
'' + proxyCache;
};
};
"cache.florp.social" = {
useACMEHost = "florp.social";
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
rewrite ^(?!/proxy)(.*)$ /proxy$1;
'' + proxyCache;
};
};
};
security.acme.certs."florp.social".extraDomainNames = [
"cache.florp.social"
"media.florp.social"
] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ];
}
View git blame Copy permalink