nixos-config/config/services/akkoma/default.nix

280 lines
9.5 KiB
Nix
Raw Normal View History

2022-09-12 10:03:10 +00:00
{
pkgs,
nix-packages,
config,
2022-11-08 19:01:01 +00:00
lib,
2022-12-01 19:39:15 +00:00
system,
2022-09-12 10:03:10 +00:00
...
}: let
2022-11-29 10:48:39 +00:00
purge_url_script = pkgs.writeScript "purge-url" ''
access_key=$(cat ${config.sops.secrets."services/bunny-key".path})
for url in $@; do
url=$(echo $url | ${pkgs.python3}/bin/python3 -c "import sys; import urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip()))")
${pkgs.curl}/bin/curl -H "Authorization: Bearer $access_key" -X POST "https://api.bunny.net/purge?url=$url&async=false"
done
'';
2022-11-26 15:06:26 +00:00
emoji_set_names = ["volpeon-blobfox-flip" "volpeon-blobfox" "volpeon-bunhd-flip" "volpeon-bunhd" "volpeon-drgn" "volpeon-fox" "volpeon-raccoon" "volpeon-vlpn" "lotte" "caro"];
2022-11-08 19:01:01 +00:00
emoji_sets = builtins.listToAttrs (map (name: {
2022-11-08 20:20:43 +00:00
inherit name;
value = "${pkgs."emoji-${name}"}";
})
emoji_set_names);
2022-11-08 19:01:01 +00:00
copy_emoji_set = name: ''
mkdir -p $out/emoji/${name}
lndir ${emoji_sets.${name}} $out/emoji/${name}
'';
masto_fe = pkgs.fetchzip {
url = "https://akkoma-updates.s3-website.fr-par.scw.cloud/frontend/akkoma/masto-fe.zip";
sha256 = "sha256-8kAF7O3I93npX37XsncNuwQrTLX5Y9w16QV3+SDls+0=";
};
2022-09-12 10:03:10 +00:00
static_dir = pkgs.stdenvNoCC.mkDerivation {
name = "akkoma-static";
src = pkgs.emptyDirectory;
nativeBuildInputs = with pkgs; [xorg.lndir];
2022-09-30 15:46:21 +00:00
akkoma_fe = nix-packages.packages.${pkgs.system}.pleroma-fe;
akkoma_admin_fe = nix-packages.packages.${pkgs.system}.admin-fe;
inherit masto_fe;
2022-11-04 16:52:16 +00:00
tos = ./terms-of-service.html;
2022-09-12 10:03:10 +00:00
dontUnpack = false;
installPhase = ''
mkdir -p $out/frontends/pleroma-fe/stable
lndir $akkoma_fe $out/frontends/pleroma-fe/stable
mkdir -p $out/frontends/admin-fe/stable
lndir $akkoma_admin_fe $out/frontends/admin-fe/stable
mkdir -p $out/frontends/masto-fe/akkoma
lndir $masto_fe $out/frontends/masto-fe/akkoma
2022-11-08 19:01:01 +00:00
${toString (map copy_emoji_set emoji_set_names)}
mkdir $out/emoji/misc
2022-11-10 15:25:10 +00:00
ln -s ${./therian.png} $out/emoji/misc/therian.png
2022-11-04 16:52:16 +00:00
mkdir $out/static
cp $tos $out/static/terms-of-service.html
2022-09-12 10:03:10 +00:00
'';
};
2022-10-26 19:26:48 +00:00
ec = pkgs.formats.elixirConf {};
akkconfig = ec.generate "config.exs" (with ec.lib; {
":pleroma" = {
"Pleroma.Upload" = {
uploader = mkRaw "Pleroma.Uploaders.S3";
2022-12-01 21:31:09 +00:00
filters = map (v: mkRaw ("Pleroma.Upload.Filter." + v)) ["Mogrify" "Dedupe" "AnonymizeFilename"];
2022-10-26 19:26:48 +00:00
base_url = "https://mastodon-assets.chir.rs/";
};
"Pleroma.Uploaders.S3" = {
bucket = "mastodon-chir-rs";
truncated_namespace = "";
};
"Pleroma.Upload.Filter.Mogrify" = {
2022-12-01 21:31:09 +00:00
args = ["auto-orient" "strip"];
2022-10-26 19:26:48 +00:00
};
":instance" = {
name = "Raccoon Noises";
email = "lotte@chir.rs";
description = "Single User Akkoma Instance";
limit = 58913;
description_limit = 58913;
upload_limit = 134217728;
2022-10-26 19:26:48 +00:00
languages = ["en" "tok"];
registrations_open = true;
2022-11-06 07:22:50 +00:00
invites_enabled = true;
account_activation_required = true;
account_approval_required = true;
2022-10-26 19:26:48 +00:00
static_dir = "${static_dir}";
max_pinned_statuses = 10;
attachment_links = true;
max_report_comment_size = 58913;
safe_dm_mentions = true;
healthcheck = true;
user_bio_length = 58913;
user_name_length = 621;
max_account_fields = 69;
max_remote_account_fields = 621;
account_field_name_length = 621;
account_field_value_length = 58913;
registration_reason_length = 621;
external_user_synchronization = true;
cleanup_attachments = true;
};
":markup" = {
allow_headings = true;
allow_tables = true;
allow_fonts = true;
};
":frontend_configurations" = {
pleroma_fe = mkMap {
webPushNotifications = true;
};
};
2022-11-05 16:50:31 +00:00
":activitypub" = {
unfollow_blocked = false;
outgoing_blocks = false;
blockers_visible = false;
deny_follow_blocked = true;
sign_object_fetches = true;
authorized_fetch_mode = true;
};
2022-10-26 19:26:48 +00:00
":mrf_simple" = let
2022-10-26 19:32:41 +00:00
processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m);
2022-10-26 19:26:48 +00:00
in {
reject = processMap {
"qoto.org" = "Freeze Peach; Admin harasses other server admins; sends unsolicited emails";
2022-10-26 19:26:48 +00:00
"poa.st" = "Hosting neonazis";
"kiwifarms.cc" = "Targeted Harassment";
"pmth.us" = "Harassment";
"nicecrew.digital" = "TERF Instance";
"freespeechextremist.com" = "Freeze Peach";
"ryona.agency" = "Freeze Peach";
"howlr.me" = "Run by verified kiwifarms user";
"rdrama.cc" = "smells like Kiwifarms shit";
2022-11-05 08:47:25 +00:00
"xhais.love" = "Zoophile instance";
2022-11-05 16:47:30 +00:00
"beefyboys.win" = "freeze peach; hosts neonazis";
"bae.st" = "freeze peach";
2022-12-20 11:10:03 +00:00
"moth.zone" = "racism/antiblackness; owner self-admitted pedophile";
"feral.cafe" = "Zoophilia";
"disqordia.space" = "No snooping!";
2022-12-21 20:34:53 +00:00
"mastodon.cloud" = "Corporate instance; Owner engaged in scams";
"mstdn.jp" = "Corporate instance; Owner engaged in scams";
"pawoo.net" = "Corporate instance; Owner engaged in scams";
2022-12-24 12:42:13 +00:00
"activitypub-proxy.cf" = "Block circumvention tool";
2022-12-21 20:34:53 +00:00
};
followers_only = processMap {
"vivaldi.net" = "Corporate instance; Registers nonconsensual accounts for Vivaldi Sync users";
2022-10-26 19:26:48 +00:00
};
federated_timeline_removal = processMap {
"mastodon.social" = "Too large to be moderated well";
"mastodon.online" = "Too large to be moderated well";
"tumblr.com" = "Too large to be moderated well, corporate instance";
};
2022-10-26 19:26:48 +00:00
};
":mrf" = {
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "TagPolicy" "RequireImageDescription"];
transparency = true;
};
2022-11-05 13:05:45 +00:00
":http_security" = {
enabled = true;
sts = true;
referrer_policy = "no-referrer";
};
2022-10-26 19:26:48 +00:00
":frontends" = {
primary = mkMap {
name = "pleroma-fe";
ref = "stable";
};
admin = mkMap {
name = "admin-fe";
ref = "stable";
};
mastodon = mkMap {
name = "masto-fe";
ref = "akkoma";
};
2022-10-26 19:26:48 +00:00
};
2022-11-05 21:04:41 +00:00
":media_proxy" = {
enabled = true;
2022-11-29 10:48:39 +00:00
base_url = "https://mediaproxy.chir.rs";
2022-11-05 21:04:41 +00:00
proxy_opts = {
redirect_on_failure = true;
};
2022-11-29 10:48:39 +00:00
invalidation = {
enabled = true;
provider = mkRaw "Pleroma.Web.MediaProxy.Invalidation.Script";
};
};
"Pleroma.Web.MediaProxy.Invalidation.Script" = {
script_path = "${purge_url_script}";
2022-11-05 21:04:41 +00:00
};
2022-10-26 19:26:48 +00:00
"Pleroma.Repo" = {
adapter = mkRaw "Ecto.Adapters.Postgres";
database = "akkoma";
pool_size = 10;
socket_dir = "/run/postgresql";
2022-11-06 18:28:32 +00:00
prepare = mkAtom ":named";
parameters.plan_cache_mode = "force_custom_plan";
2022-10-26 19:26:48 +00:00
};
2022-11-05 13:05:45 +00:00
"Pleroma.Web.Endpoint" = {
url = {
host = "akko.chir.rs";
port = 443;
scheme = "https";
};
secure_cookie_flag = true;
2022-10-26 19:26:48 +00:00
};
2022-11-04 18:04:23 +00:00
"Pleroma.Emails.Mailer" = {
enabled = true;
adapter = mkRaw "Swoosh.Adapters.SMTP";
relay = "mail.chir.rs";
username = "akko@chir.rs";
port = "465";
ssl = true;
2022-11-05 09:03:42 +00:00
auth = mkAtom ":always";
2022-11-04 18:04:23 +00:00
};
"Pleroma.Emails.NewUsersDigestEmail" = {
enabled = true;
};
2022-11-06 18:49:46 +00:00
":database".rum_enabled = true;
":emoji" = {
shortcode_globs = ["/emoji/**/*.png"];
groups = {
2022-11-10 14:45:20 +00:00
"BlobfoxFlip" = "/emoji/volpeon-blobfox-flip/*.png";
"Blobfox" = "/emoji/volpeon-blobfox/*.png";
2022-11-10 14:45:20 +00:00
"BunhdFlip" = "/emoji/volpeon-bunhd-flip/*.png";
"Bunhd" = "/emoji/volpeon-bunhd/*.png";
"Drgn" = "/emoji/volpeon-drgn/*.png";
"Fox" = "/emoji/volpeon-fox/*.png";
"Raccoon" = "/emoji/volpeon-raccoon/*.png";
"Vlpn" = "/emoji/volpeon-vlpn/*.png";
"Lotte" = "/emoji/lotte/*.png";
2022-11-26 15:06:26 +00:00
"Caroline" = "/emoji/caro/*.png";
"Misc" = "/emoji/misc/*.png";
};
};
"Pleroma.Captcha" = {
enabled = true;
method = mkRaw "Pleroma.Captcha.Kocaptcha";
};
2022-10-26 19:26:48 +00:00
};
":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
});
2022-09-12 10:03:10 +00:00
in {
2022-11-05 20:26:45 +00:00
imports = [
./mediaproxy.nix
];
2022-09-09 17:59:43 +00:00
services.pleroma = {
enable = true;
package = nix-packages.packages.${pkgs.system}.akkoma;
2022-10-26 21:08:58 +00:00
configs = [(builtins.readFile akkconfig)];
2022-09-09 17:59:43 +00:00
user = "akkoma";
group = "akkoma";
secretConfigFile = config.sops.secrets."services/akkoma.exs".path;
};
flake.lock: Update Flake lock file updates: • Updated input 'haskell-flake': 'github:srid/haskell-flake/4fc511d93a55fedf815c1647ad146c26d7a2054e' (2022-11-11) → 'github:srid/haskell-flake/54334cfae9bbb73732bbb1437260017044f68d0b' (2022-12-19) • Updated input 'home-manager': 'github:nix-community/home-manager/37713c6b04b963d41664e03576f73a18c9b0d224' (2022-12-18) → 'github:nix-community/home-manager/e7eba9cc46547ae86642ad3c6a9a4fb22c07bc26' (2022-12-19) • Updated input 'nix-packages': 'github:DarkKirb/nix-packages/6b944ce1d1b4ceca1bc71e3aa060922bd2040856' (2022-12-16) → 'github:DarkKirb/nix-packages/21a1e883fc8855d606601d0736573b36617d789e' (2022-12-20) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/e462a4baf75eeac639b4942481759de08a3bc94e' (2022-12-16) → 'github:NixOS/nixos-hardware/25010a042c23695ae457a97aad60e9b1d49f2ecc' (2022-12-19) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c4ae266de959fb5a48a210bfc7ee16030a558638' (2022-12-19) → 'github:NixOS/nixpkgs/3014c6792181eba45af6d6e282bb5819044c4367' (2022-12-20) • Updated input 'nur': 'github:nix-community/NUR/9d70eeafc6cc2f97c5b769058d12631d74a994e3' (2022-12-19) → 'github:nix-community/NUR/1c62de16ff1c1f4e10172af163a28a7430fe2d0e' (2022-12-20) • Updated input 'prismmc': 'github:PrismLauncher/PrismLauncher/11c8237d8bddbf1fe371f6bc6c2cbc9f07e66e51' (2022-12-18) → 'github:PrismLauncher/PrismLauncher/8c194cd245c7cf0431a7dfcba1aea5b4eee0304b' (2022-12-19) • Updated input 'prismmc/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17) • Removed input 'prismmc/tomlplusplus' • Updated input 'sops-nix': 'github:Mic92/sops-nix/da98a111623101c64474a14983d83dad8f09f93d' (2022-12-04) → 'github:Mic92/sops-nix/32840f16ffa0856cdf9503a8658f2dd42bf70342' (2022-12-19)
2022-12-20 08:18:36 +00:00
systemd.services.pleroma.path = with pkgs; [exiftool imagemagick ffmpeg];
2022-09-09 17:59:43 +00:00
services.postgresql.ensureDatabases = ["akkoma"];
services.postgresql.ensureUsers = [
{
name = "akkoma";
ensurePermissions = {"DATABASE akkoma" = "ALL PRIVILEGES";};
}
];
2022-09-12 10:03:10 +00:00
sops.secrets."services/akkoma.exs" = {owner = "akkoma";};
2022-11-29 10:48:39 +00:00
sops.secrets."services/bunny-key".owner = "akkoma";
2022-09-09 17:59:43 +00:00
services.caddy.virtualHosts."akko.chir.rs" = {
useACMEHost = "chir.rs";
extraConfig = ''
import baseConfig
handle /media_attachments/* {
redir https://mastodon-assets.chir.rs{uri} permanent
}
2022-11-05 20:26:45 +00:00
handle /proxy/* {
reverse_proxy {
to http://127.0.0.1:24154
}
}
2022-09-09 17:59:43 +00:00
handle {
reverse_proxy {
to http://127.0.0.1:4000
}
}
'';
};
2022-11-06 18:35:24 +00:00
services.postgresql.extraPlugins = with pkgs.postgresql_13.pkgs; [rum];
2022-09-09 17:59:43 +00:00
}