summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--flake.nix4
-rw-r--r--flora/services/pleroma.nix171
2 files changed, 90 insertions, 85 deletions
diff --git a/flake.nix b/flake.nix
index f88ead0..9d6d552 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,11 +48,11 @@
outputs = { self, nixpkgs, deploy-rs, ... }@inputs:
let
mkConfig = imports: config:
- nixpkgs.lib.nixosSystem {
+ nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [ config ] ++ imports;
- specialArgs = { inherit inputs; };
+ specialArgs = { inherit inputs system; };
};
mkServer = mkConfig [ ./common/headless.nix ];
mkDesktop = mkConfig [ ./common/desktop.nix ];
diff --git a/flora/services/pleroma.nix b/flora/services/pleroma.nix
index 12f4511..dd75b43 100644
--- a/flora/services/pleroma.nix
+++ b/flora/services/pleroma.nix
@@ -1,8 +1,8 @@
-{config, pkgs, inputs, ...}:
+{config, pkgs, inputs, system, ...}:
let
- domain = "pleroma.stuebinm.eu";
+ unstable = import inputs.nixpkgs-unstable { inherit system; };
in
{
@@ -14,105 +14,111 @@ in
localAddress = "192.168.42.31";
hostAddress6 = "fd00::42:30";
localAddress6 = "fd00::42:31";
-
-
+
config = {pkgs, config, ...}: {
-
+
# generating the manual will fail when mixing nixos channels,
# so disable it here or this won't build at all.
documentation.enable = false;
-
- # pleroma has a cli tool for configuration
- environment.systemPackages = [ pkgs.dnsutils ];
- system.stateVersion = "20.09";
-
- services.pleroma = {
- enable = true;
+ imports = [
+ ("${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/akkoma.nix")
+ ];
+
+ system.stateVersion = "22.11";
+
+ services.akkoma = {
+ enable = true;
- # package = (import inputs.nixpkgs-unstable {}).pleroma;
-
# this is barely necessary at this point — all that's
# set in here is the default_signer for joken, and the
# secret_key_base and signing_salt for phoenix.
- secretConfigFile = "/var/lib/pleroma/secrets.exs";
-
- # for a list of available config options, see
- # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/
- #
- # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo)
- # are better documented in their respective libraries (in this
- # case, see the documentation for Ecto on Adapters).
- configs = [ ''
- import Config
-
- config :pleroma, Pleroma.Web.Endpoint,
- url: [host: "${domain}", scheme: "https", port: 443],
- http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000]
-
- config :pleroma, :instance,
- name: "Pleroma",
- limit: 5000,
- registrations_open: false,
- federating: true,
- healthcheck: true,
- allow_relay: true
-
- config :pleroma, :media_proxy,
- enabled: false,
- redirect_on_failure: true
-
- config :pleroma, Pleroma.Upload,
- filters: [
- Pleroma.Upload.Filter.Exiftool,
- Pleroma.Upload.Filter.AnonymizeFilename,
- Pleroma.Upload.Filter.Dedupe
- ]
-
- config :pleroma, Pleroma.Uploaders.Local,
- uploads: "/var/lib/pleroma/uploads"
-
- config :pleroma, Pleroma.Repo,
- adapter: Ecto.Adapters.Postgres,
- username: "pleroma",
- database: "pleroma",
- socket_dir: "/run/postgresql",
- pool_size: 10,
- prepare: :named,
- parameters: [
- plan_cache_mode: "force_custom_plan"
- ]
-
-
-
- config :pleroma, :database, rum_enabled: false
- config :pleroma, configurable_from_database: false
-
- config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
-
- '' ];
+ # secretConfigFile = "/var/lib/pleroma/secrets.exs";
+
+ package = unstable.akkoma;
+ frontends = {
+ primary = {
+ package = unstable.akkoma-frontends.pleroma-fe;
+ name = "pleroma-fe";
+ ref = "stable";
+ };
+ admin = {
+ package = unstable.akkoma-frontends.admin-fe;
+ name = "admin-fe";
+ ref = "stable";
+ };
+ };
+
+ config = {
+ ":pleroma"."Pleroma.Web.Endpoint" = {
+ "url" = { host = "pleroma.stuebinm.eu"; scheme = "https"; port = 443; };
+ "http" = {ip = "0.0.0.0"; port = 4000; };
+ secret_key_base._secret = "/secret/secret_key_base";
+ signing_salt._secret = "/secret/signing_salt";
+ };
+ ":joken".":default_signer"._secret = "/secret/joken_default_signer";
+
+ ":pleroma" = {
+ ":instance" = {
+ name = "Pleroma";
+ limit = 5000;
+ registrations_open = false;
+ federating = true;
+ healthcheck = true;
+ allow_relay = true;
+ description = "a test instance";
+ email = "dings@dings";
+ };
+ ":media_proxy" = {
+ enabled = false;
+ redirect_on_failure = true;
+ };
+ "Pleroma.Upload" = {
+ filters = [
+ "Pleroma.Upload.Filter.Exiftool"
+ "Pleroma.Upload.Filter.AnonymizeFilename"
+ "Pleroma.Upload.Filter.Dedupe"
+ ];
+ };
+ "Pleroma.Uploaders.Local".uploads = "/var/lib/pleroma/uploads";
+ "Pleroma.Repo" = {
+ adapter = "Ecto.Adapters.Postgres";
+ username = "pleroma";
+ database = "pleroma";
+ socket_dir = "/run/postgresql";
+ pool_size = 10;
+ # prepare = ":named";
+ show_sensitive_data_on_connection_error = true;
+ parameters = { plan_cache_mode = "force_custom_plan"; };
+ };
+ ":database".run_enabled = false;
+ ":configurable_from_database" = false;
+ # ":instance".static_dir = "/var/lib/pleroma/static";
+
+ };
+ };
};
# otherwise, the exiftool will fail to run
- systemd.services.pleroma.path = [ pkgs.exiftool ];
-
+ systemd.services.akkoma.path = [ pkgs.exiftool ];
+
services.postgresql = {
enable = true;
package = pkgs.postgresql_12;
-
+
ensureDatabases = [ "pleroma" ];
ensureUsers = [ {
name = "pleroma";
ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES";
} ];
-
+
# give pleroma access. must be done with lib.mkForce, for some reason
authentication = pkgs.lib.mkForce ''
# Generated file; do not edit!
local all all trust
- host pleroma pleroma ::1/128 trust
+ host pleroma akkoma ::1/128 trust
'';
-
+
# pleroma wants to do some initial config on startup, which it
# can't do by itself since those needs superuser access
#
@@ -131,7 +137,7 @@ in
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
'';
};
-
+
networking.firewall.allowedTCPPorts = [ 4000 10022 ];
services.coredns = {
@@ -144,7 +150,7 @@ in
};
};
};
-
+
# give the container access to the external internet (necessary for
# fetching content from other instances). Doesn't appear to work with
# IPv6, though ...
@@ -155,13 +161,13 @@ in
};
networking.firewall.allowedTCPPorts = [ 10022 ];
-
- services.nginx.virtualHosts."${domain}" = {
+
+ services.nginx.virtualHosts."pleroma.stuebinm.eu" = {
forceSSL = true;
enableACME = true;
-
+
locations."/" = {
- proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
+ proxyPass = "http://${config.containers.pleroma.localAddress}:4000";
proxyWebsockets = true;
# these headers are in the example config in the NixOS manual.
# take some time to figure out what they all do, and if these
@@ -185,4 +191,3 @@ in
};
};
}
-