noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixos/nixos/hosts/sapphic-engineer/akkoma.nix

219 lines
7.2 KiB
Nix
Raw Blame History

{ pkgs, inputs, config, lib, ... }: let
nameValuePair = name: value: { inherit name value; };
defaultSecret = {
sopsFile = ../../../secrets/sapphic-engineer/default.yaml;
};
secrets = keys: builtins.listToAttrs (map (name: nameValuePair name defaultSecret) keys);
secretRef = key: { _secret = config.sops.secrets.${key}.path; };
in {
# imports = [
# inputs.tachikoma-fe.nixosModules.default
# ];
sops.secrets = secrets [
"s3--access_key_id"
"s3--host"
"s3--secret_access_key"
"joken--default_signer"
"pleroma--secret_key_base"
"pleroma--signing_salt"
"pleroma--live_view--signing_salt"
"vapid--private_key"
"vapid--public_key"
];
services.akkoma = {
enable = true;
initSecrets = lib.mkForce false;
config = with (pkgs.formats.elixirConf { }).lib; {
":pleroma" = {
":instance" = {
name = "sapphic.engineer";
description = ''
Private instance for @noe@sapphic.engineer and friends.
gex!
'';
email = "admin@sapphic.engineer";
registrations_open = false;
account_approval_required = true;
upload_limit = 100000000;
avatar_upload_limit = 1000000;
banner_upload_limit = 3000000;
background_upload_limit = 10000000;
max_pinned_statuses = 10;
};
":media_proxy" = {
enabled = true;
proxy_opts.redirect_on_failure = true;
proxy_url = "";
};
":media_preview_proxy" = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
};
":mrf" = {
transparency = false;
policies =
map mkRaw [
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
"Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy"
];
};
":mrf_simple" = {
reject = mkMap {
};
media_nsfw = mkMap {
};
federated_timeline_removal = mkMap {
"mastodon.social" = "";
};
};
":mrf_object_age" = {
threshold = 60 * 60 * 24 * 90;
actions = map mkRaw [ ":reject" ];
};
"Pleroma.Web.Endpoint" = {
http = {
ip = "0.0.0.0";
};
url.host = "sapphic.engineer";
live_view.signing_salt = secretRef "pleroma--live_view--signing_salt";
signing_salt = secretRef "pleroma--signing_salt";
secret_key_base = secretRef "pleroma--secret_key_base";
};
"Pleroma.Upload" = {
filters =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.OnlyMedia"
"Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Mogrify"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
link_name = true;
uploader = mkRaw "Pleroma.Uploaders.S3";
base_url = "https://i.sapphic.engineer/";
};
"Pleroma.Upload.Filter.Mogrify" = {
args = [ "strip" "auto-orient" ];
};
"Pleroma.Uploaders.S3" = {
bucket = "sapphicengineer-akkoma-uploads";
truncated_namespace = "";
streaming_enabled = true;
};
};
":ex_aws".":s3" = {
access_key_id = secretRef "s3--access_key_id";
secret_access_key = secretRef "s3--secret_access_key";
host = secretRef "s3--host";
};
":joken".":default_signer" = secretRef "joken--default_signer";
":web_push_encryption".":vapid_details" = {
private_key = secretRef "vapid--private_key";
public_key = secretRef "vapid--public_key";
};
};
nginx = null;
extraPackages = with pkgs; [ exiftool imagemagick ffmpeg_5-full ];
extraStatic = {
"robots.txt" = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
"favicon.png" = pkgs.stdenvNoCC.mkDerivation {
name = "favicon.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/favicon.png";
sha256 = "sha256-6L+1P+qAXxksss8U9GUcbMQQk8C32LTe/rznNXaf72c=";
};
dontUnpack = true;
installPhase = ''
cp $src $out
'';
};
"static/logo.png" = pkgs.stdenvNoCC.mkDerivation {
name = "static/logo.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/foxxolay/foxxolay.com/main/akkoma/logo.png";
sha256 = "sha256-drYYZxeeRkTrRlp1weh4xRVm/6tdWAnF7KHmfYWQg6M=";
};
dontUnpack = true;
installPhase = ''
cp $src $out
'';
};
"static/logo.svg" = pkgs.stdenvNoCC.mkDerivation {
name = "static/logo.svg";
src = ./.;
dontUnpack = true;
installPhase = ''
touch $out
'';
};
# "static/logo.png" = pkgs.stdenvNoCC.mkDerivation {
# name = "files/static/logo.png";
# src = ./files;
# phases = [ "unpackPhase" "installPhase" ];
# installPhase = ''
# mkdir -p $out/static
# cp static/logo.png $out/static/logo.png
# '';
# };
# "emoji/foxes" = pkgs.stdenvNoCC.mkDerivation {
# name = "emoji/foxes";
# src = ./emotes;
# dontUnpack = true;
# installPhase = ''
# cp -r $src $out
# '';
# };
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
"static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
This is a private instance. Requests are not accepted.
<div>
<a href="https://noe.sh" target="_blank"><img src="https://noe.sh/yay/88x31.png" width="88" height="31" alt="noe" /></a>
<a href="https://noe.sh/pronouns/" target="_blank"><img src="https://noe.sh/yay/88x31-vp.png" width="88" height="31" alt="it/its" /></a>
<img src="https://noe.sh/yay/88x31-nap.png" width="88" height="31" alt="not a person" />
<a href="https://sapphic.engineer" target="_blank"><img src="https://noe.sh/yay/88x31-se.png" width="88" height="31" alt="sapphic.engineer" /></a>
</div>
'';
};
};
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_15;
# services.nginx = {
# enable = true;
# package = pkgs.tengine;
# clientMaxBodySize = "150m";
# recommendedTlsSettings = true;
# recommendedOptimisation = true;
# recommendedGzipSettings = true;
# recommendedZstdSettings = true;
# recommendedBrotliSettings = true;
# recommendedProxySettings = true;
# commonHttpConfig = ''
# proxy_request_buffering off;
# proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
# levels= keys_zone=akkoma_media_cache:16m max_size=16g
# inactive=1y use_temp_path=off;
# log_format combined2 "$server_name: $remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
# access_log /var/log/nginx/access.log combined2;
# '';
# };
}
Reference in a new issue View git blame Copy permalink