2022-09-12 10:03:10 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
nix-packages,
|
|
|
|
config,
|
2022-11-08 19:01:01 +00:00
|
|
|
lib,
|
2022-12-01 19:39:15 +00:00
|
|
|
system,
|
2022-09-12 10:03:10 +00:00
|
|
|
...
|
|
|
|
}: let
|
2022-11-29 10:48:39 +00:00
|
|
|
purge_url_script = pkgs.writeScript "purge-url" ''
|
|
|
|
access_key=$(cat ${config.sops.secrets."services/bunny-key".path})
|
|
|
|
for url in $@; do
|
|
|
|
url=$(echo $url | ${pkgs.python3}/bin/python3 -c "import sys; import urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip()))")
|
|
|
|
${pkgs.curl}/bin/curl -H "Authorization: Bearer $access_key" -X POST "https://api.bunny.net/purge?url=$url&async=false"
|
|
|
|
done
|
|
|
|
'';
|
2022-11-26 15:06:26 +00:00
|
|
|
emoji_set_names = ["volpeon-blobfox-flip" "volpeon-blobfox" "volpeon-bunhd-flip" "volpeon-bunhd" "volpeon-drgn" "volpeon-fox" "volpeon-raccoon" "volpeon-vlpn" "lotte" "caro"];
|
2022-11-08 19:01:01 +00:00
|
|
|
emoji_sets = builtins.listToAttrs (map (name: {
|
2022-11-08 20:20:43 +00:00
|
|
|
inherit name;
|
|
|
|
value = "${pkgs."emoji-${name}"}";
|
|
|
|
})
|
|
|
|
emoji_set_names);
|
2022-11-08 19:01:01 +00:00
|
|
|
copy_emoji_set = name: ''
|
|
|
|
mkdir -p $out/emoji/${name}
|
|
|
|
lndir ${emoji_sets.${name}} $out/emoji/${name}
|
|
|
|
'';
|
2022-12-16 09:01:43 +00:00
|
|
|
masto_fe = pkgs.fetchzip {
|
|
|
|
url = "https://akkoma-updates.s3-website.fr-par.scw.cloud/frontend/akkoma/masto-fe.zip";
|
|
|
|
sha256 = "sha256-8kAF7O3I93npX37XsncNuwQrTLX5Y9w16QV3+SDls+0=";
|
|
|
|
};
|
2022-09-12 10:03:10 +00:00
|
|
|
static_dir = pkgs.stdenvNoCC.mkDerivation {
|
|
|
|
name = "akkoma-static";
|
|
|
|
src = pkgs.emptyDirectory;
|
|
|
|
nativeBuildInputs = with pkgs; [xorg.lndir];
|
2022-09-30 15:46:21 +00:00
|
|
|
akkoma_fe = nix-packages.packages.${pkgs.system}.pleroma-fe;
|
|
|
|
akkoma_admin_fe = nix-packages.packages.${pkgs.system}.admin-fe;
|
2022-12-16 09:01:43 +00:00
|
|
|
inherit masto_fe;
|
2022-11-04 16:52:16 +00:00
|
|
|
tos = ./terms-of-service.html;
|
2022-09-12 10:03:10 +00:00
|
|
|
dontUnpack = false;
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out/frontends/pleroma-fe/stable
|
|
|
|
lndir $akkoma_fe $out/frontends/pleroma-fe/stable
|
|
|
|
mkdir -p $out/frontends/admin-fe/stable
|
|
|
|
lndir $akkoma_admin_fe $out/frontends/admin-fe/stable
|
2022-12-16 09:01:43 +00:00
|
|
|
mkdir -p $out/frontends/masto-fe/akkoma
|
|
|
|
lndir $masto_fe $out/frontends/masto-fe/akkoma
|
2022-11-08 19:01:01 +00:00
|
|
|
${toString (map copy_emoji_set emoji_set_names)}
|
2022-11-10 10:36:00 +00:00
|
|
|
mkdir $out/emoji/misc
|
2022-11-10 15:25:10 +00:00
|
|
|
ln -s ${./therian.png} $out/emoji/misc/therian.png
|
2022-11-04 16:52:16 +00:00
|
|
|
mkdir $out/static
|
|
|
|
cp $tos $out/static/terms-of-service.html
|
2022-09-12 10:03:10 +00:00
|
|
|
'';
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
ec = pkgs.formats.elixirConf {};
|
|
|
|
akkconfig = ec.generate "config.exs" (with ec.lib; {
|
|
|
|
":pleroma" = {
|
|
|
|
"Pleroma.Upload" = {
|
|
|
|
uploader = mkRaw "Pleroma.Uploaders.S3";
|
2022-12-01 21:31:09 +00:00
|
|
|
filters = map (v: mkRaw ("Pleroma.Upload.Filter." + v)) ["Mogrify" "Dedupe" "AnonymizeFilename"];
|
2022-10-26 19:26:48 +00:00
|
|
|
base_url = "https://mastodon-assets.chir.rs/";
|
|
|
|
};
|
|
|
|
"Pleroma.Uploaders.S3" = {
|
|
|
|
bucket = "mastodon-chir-rs";
|
|
|
|
truncated_namespace = "";
|
|
|
|
};
|
|
|
|
"Pleroma.Upload.Filter.Mogrify" = {
|
2022-12-01 21:31:09 +00:00
|
|
|
args = ["auto-orient" "strip"];
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
|
|
|
":instance" = {
|
|
|
|
name = "Raccoon Noises";
|
|
|
|
email = "lotte@chir.rs";
|
|
|
|
description = "Single User Akkoma Instance";
|
|
|
|
limit = 58913;
|
|
|
|
description_limit = 58913;
|
2022-11-04 15:37:18 +00:00
|
|
|
upload_limit = 134217728;
|
2022-10-26 19:26:48 +00:00
|
|
|
languages = ["en" "tok"];
|
2022-12-16 09:01:43 +00:00
|
|
|
registrations_open = true;
|
2022-11-06 07:22:50 +00:00
|
|
|
invites_enabled = true;
|
2022-12-16 09:01:43 +00:00
|
|
|
account_activation_required = true;
|
|
|
|
account_approval_required = true;
|
2022-10-26 19:26:48 +00:00
|
|
|
static_dir = "${static_dir}";
|
|
|
|
max_pinned_statuses = 10;
|
|
|
|
attachment_links = true;
|
|
|
|
max_report_comment_size = 58913;
|
|
|
|
safe_dm_mentions = true;
|
|
|
|
healthcheck = true;
|
|
|
|
user_bio_length = 58913;
|
|
|
|
user_name_length = 621;
|
|
|
|
max_account_fields = 69;
|
|
|
|
max_remote_account_fields = 621;
|
|
|
|
account_field_name_length = 621;
|
|
|
|
account_field_value_length = 58913;
|
|
|
|
registration_reason_length = 621;
|
|
|
|
external_user_synchronization = true;
|
|
|
|
cleanup_attachments = true;
|
|
|
|
};
|
|
|
|
":markup" = {
|
|
|
|
allow_headings = true;
|
|
|
|
allow_tables = true;
|
|
|
|
allow_fonts = true;
|
|
|
|
};
|
|
|
|
":frontend_configurations" = {
|
|
|
|
pleroma_fe = mkMap {
|
|
|
|
webPushNotifications = true;
|
|
|
|
};
|
|
|
|
};
|
2022-11-05 16:50:31 +00:00
|
|
|
":activitypub" = {
|
|
|
|
unfollow_blocked = false;
|
|
|
|
outgoing_blocks = false;
|
|
|
|
blockers_visible = false;
|
|
|
|
deny_follow_blocked = true;
|
|
|
|
sign_object_fetches = true;
|
|
|
|
authorized_fetch_mode = true;
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
":mrf_simple" = let
|
2022-10-26 19:32:41 +00:00
|
|
|
processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m);
|
2022-10-26 19:26:48 +00:00
|
|
|
in {
|
|
|
|
reject = processMap {
|
2022-11-27 16:35:33 +00:00
|
|
|
"qoto.org" = "Freeze Peach; Admin harasses other server admins; sends unsolicited emails";
|
2022-10-26 19:26:48 +00:00
|
|
|
"poa.st" = "Hosting neonazis";
|
|
|
|
"kiwifarms.cc" = "Targeted Harassment";
|
|
|
|
"pmth.us" = "Harassment";
|
|
|
|
"nicecrew.digital" = "TERF Instance";
|
|
|
|
"freespeechextremist.com" = "Freeze Peach";
|
|
|
|
"ryona.agency" = "Freeze Peach";
|
|
|
|
"howlr.me" = "Run by verified kiwifarms user";
|
|
|
|
"rdrama.cc" = "smells like Kiwifarms shit";
|
2022-11-05 08:47:25 +00:00
|
|
|
"xhais.love" = "Zoophile instance";
|
2022-11-05 16:47:30 +00:00
|
|
|
"beefyboys.win" = "freeze peach; hosts neonazis";
|
|
|
|
"bae.st" = "freeze peach";
|
2022-12-20 11:10:03 +00:00
|
|
|
"moth.zone" = "racism/antiblackness; owner self-admitted pedophile";
|
2022-12-20 19:54:08 +00:00
|
|
|
"feral.cafe" = "Zoophilia";
|
2022-12-22 07:11:54 +00:00
|
|
|
"disqordia.space" = "No snooping!";
|
2022-12-21 20:34:53 +00:00
|
|
|
"mastodon.cloud" = "Corporate instance; Owner engaged in scams";
|
|
|
|
"mstdn.jp" = "Corporate instance; Owner engaged in scams";
|
|
|
|
"pawoo.net" = "Corporate instance; Owner engaged in scams";
|
2022-12-24 12:42:13 +00:00
|
|
|
"activitypub-proxy.cf" = "Block circumvention tool";
|
2022-12-21 20:34:53 +00:00
|
|
|
};
|
|
|
|
followers_only = processMap {
|
|
|
|
"vivaldi.net" = "Corporate instance; Registers nonconsensual accounts for Vivaldi Sync users";
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
2022-11-27 16:35:33 +00:00
|
|
|
federated_timeline_removal = processMap {
|
|
|
|
"mastodon.social" = "Too large to be moderated well";
|
|
|
|
"mastodon.online" = "Too large to be moderated well";
|
|
|
|
"tumblr.com" = "Too large to be moderated well, corporate instance";
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
|
|
|
":mrf" = {
|
|
|
|
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "TagPolicy" "RequireImageDescription"];
|
|
|
|
transparency = true;
|
|
|
|
};
|
2022-11-05 13:05:45 +00:00
|
|
|
":http_security" = {
|
|
|
|
enabled = true;
|
|
|
|
sts = true;
|
|
|
|
referrer_policy = "no-referrer";
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
":frontends" = {
|
|
|
|
primary = mkMap {
|
|
|
|
name = "pleroma-fe";
|
|
|
|
ref = "stable";
|
|
|
|
};
|
|
|
|
admin = mkMap {
|
|
|
|
name = "admin-fe";
|
|
|
|
ref = "stable";
|
|
|
|
};
|
2022-12-16 09:01:43 +00:00
|
|
|
mastodon = mkMap {
|
|
|
|
name = "masto-fe";
|
|
|
|
ref = "akkoma";
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
2022-11-05 21:04:41 +00:00
|
|
|
":media_proxy" = {
|
|
|
|
enabled = true;
|
2022-11-29 10:48:39 +00:00
|
|
|
base_url = "https://mediaproxy.chir.rs";
|
2022-11-05 21:04:41 +00:00
|
|
|
proxy_opts = {
|
|
|
|
redirect_on_failure = true;
|
|
|
|
};
|
2022-11-29 10:48:39 +00:00
|
|
|
invalidation = {
|
|
|
|
enabled = true;
|
|
|
|
provider = mkRaw "Pleroma.Web.MediaProxy.Invalidation.Script";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
"Pleroma.Web.MediaProxy.Invalidation.Script" = {
|
|
|
|
script_path = "${purge_url_script}";
|
2022-11-05 21:04:41 +00:00
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
"Pleroma.Repo" = {
|
|
|
|
adapter = mkRaw "Ecto.Adapters.Postgres";
|
|
|
|
database = "akkoma";
|
|
|
|
pool_size = 10;
|
|
|
|
socket_dir = "/run/postgresql";
|
2022-11-06 18:28:32 +00:00
|
|
|
prepare = mkAtom ":named";
|
|
|
|
parameters.plan_cache_mode = "force_custom_plan";
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
2022-11-05 13:05:45 +00:00
|
|
|
"Pleroma.Web.Endpoint" = {
|
|
|
|
url = {
|
|
|
|
host = "akko.chir.rs";
|
|
|
|
port = 443;
|
|
|
|
scheme = "https";
|
|
|
|
};
|
|
|
|
secure_cookie_flag = true;
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
2022-11-04 18:04:23 +00:00
|
|
|
"Pleroma.Emails.Mailer" = {
|
|
|
|
enabled = true;
|
|
|
|
adapter = mkRaw "Swoosh.Adapters.SMTP";
|
|
|
|
relay = "mail.chir.rs";
|
|
|
|
username = "akko@chir.rs";
|
|
|
|
port = "465";
|
|
|
|
ssl = true;
|
2022-11-05 09:03:42 +00:00
|
|
|
auth = mkAtom ":always";
|
2022-11-04 18:04:23 +00:00
|
|
|
};
|
|
|
|
"Pleroma.Emails.NewUsersDigestEmail" = {
|
|
|
|
enabled = true;
|
|
|
|
};
|
2022-11-06 18:49:46 +00:00
|
|
|
":database".rum_enabled = true;
|
2022-11-10 10:36:00 +00:00
|
|
|
":emoji" = {
|
|
|
|
shortcode_globs = ["/emoji/**/*.png"];
|
|
|
|
groups = {
|
2022-11-10 14:45:20 +00:00
|
|
|
"BlobfoxFlip" = "/emoji/volpeon-blobfox-flip/*.png";
|
2022-11-10 10:36:00 +00:00
|
|
|
"Blobfox" = "/emoji/volpeon-blobfox/*.png";
|
2022-11-10 14:45:20 +00:00
|
|
|
"BunhdFlip" = "/emoji/volpeon-bunhd-flip/*.png";
|
2022-11-10 10:36:00 +00:00
|
|
|
"Bunhd" = "/emoji/volpeon-bunhd/*.png";
|
|
|
|
"Drgn" = "/emoji/volpeon-drgn/*.png";
|
|
|
|
"Fox" = "/emoji/volpeon-fox/*.png";
|
|
|
|
"Raccoon" = "/emoji/volpeon-raccoon/*.png";
|
|
|
|
"Vlpn" = "/emoji/volpeon-vlpn/*.png";
|
|
|
|
"Lotte" = "/emoji/lotte/*.png";
|
2022-11-26 15:06:26 +00:00
|
|
|
"Caroline" = "/emoji/caro/*.png";
|
2022-11-10 10:36:00 +00:00
|
|
|
"Misc" = "/emoji/misc/*.png";
|
|
|
|
};
|
|
|
|
};
|
2022-12-16 09:01:43 +00:00
|
|
|
"Pleroma.Captcha" = {
|
|
|
|
enabled = true;
|
|
|
|
method = mkRaw "Pleroma.Captcha.Kocaptcha";
|
|
|
|
};
|
2022-10-26 19:26:48 +00:00
|
|
|
};
|
|
|
|
":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
|
|
|
|
});
|
2022-09-12 10:03:10 +00:00
|
|
|
in {
|
2022-11-05 20:26:45 +00:00
|
|
|
imports = [
|
|
|
|
./mediaproxy.nix
|
|
|
|
];
|
2022-09-09 17:59:43 +00:00
|
|
|
services.pleroma = {
|
|
|
|
enable = true;
|
|
|
|
package = nix-packages.packages.${pkgs.system}.akkoma;
|
2022-10-26 21:08:58 +00:00
|
|
|
configs = [(builtins.readFile akkconfig)];
|
2022-09-09 17:59:43 +00:00
|
|
|
user = "akkoma";
|
|
|
|
group = "akkoma";
|
|
|
|
secretConfigFile = config.sops.secrets."services/akkoma.exs".path;
|
|
|
|
};
|
2022-12-20 08:18:36 +00:00
|
|
|
systemd.services.pleroma.path = with pkgs; [exiftool imagemagick ffmpeg];
|
2022-09-09 17:59:43 +00:00
|
|
|
services.postgresql.ensureDatabases = ["akkoma"];
|
|
|
|
services.postgresql.ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "akkoma";
|
|
|
|
ensurePermissions = {"DATABASE akkoma" = "ALL PRIVILEGES";};
|
|
|
|
}
|
|
|
|
];
|
2022-09-12 10:03:10 +00:00
|
|
|
sops.secrets."services/akkoma.exs" = {owner = "akkoma";};
|
2022-11-29 10:48:39 +00:00
|
|
|
sops.secrets."services/bunny-key".owner = "akkoma";
|
2022-09-09 17:59:43 +00:00
|
|
|
services.caddy.virtualHosts."akko.chir.rs" = {
|
|
|
|
useACMEHost = "chir.rs";
|
|
|
|
extraConfig = ''
|
|
|
|
import baseConfig
|
|
|
|
handle /media_attachments/* {
|
|
|
|
redir https://mastodon-assets.chir.rs{uri} permanent
|
|
|
|
}
|
2022-11-05 20:26:45 +00:00
|
|
|
handle /proxy/* {
|
|
|
|
reverse_proxy {
|
|
|
|
to http://127.0.0.1:24154
|
|
|
|
}
|
|
|
|
}
|
2022-09-09 17:59:43 +00:00
|
|
|
handle {
|
|
|
|
reverse_proxy {
|
|
|
|
to http://127.0.0.1:4000
|
|
|
|
}
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
2022-11-06 18:35:24 +00:00
|
|
|
|
|
|
|
services.postgresql.extraPlugins = with pkgs.postgresql_13.pkgs; [rum];
|
2022-09-09 17:59:43 +00:00
|
|
|
}
|