diff options
Diffstat (limited to '')
-rw-r--r-- | flake.nix | 4 | ||||
-rw-r--r-- | flora/services/pleroma.nix | 171 |
2 files changed, 90 insertions, 85 deletions
@@ -48,11 +48,11 @@ outputs = { self, nixpkgs, deploy-rs, ... }@inputs: let mkConfig = imports: config: - nixpkgs.lib.nixosSystem { + nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; modules = [ config ] ++ imports; - specialArgs = { inherit inputs; }; + specialArgs = { inherit inputs system; }; }; mkServer = mkConfig [ ./common/headless.nix ]; mkDesktop = mkConfig [ ./common/desktop.nix ]; diff --git a/flora/services/pleroma.nix b/flora/services/pleroma.nix index 12f4511..dd75b43 100644 --- a/flora/services/pleroma.nix +++ b/flora/services/pleroma.nix @@ -1,8 +1,8 @@ -{config, pkgs, inputs, ...}: +{config, pkgs, inputs, system, ...}: let - domain = "pleroma.stuebinm.eu"; + unstable = import inputs.nixpkgs-unstable { inherit system; }; in { @@ -14,105 +14,111 @@ in localAddress = "192.168.42.31"; hostAddress6 = "fd00::42:30"; localAddress6 = "fd00::42:31"; - - + config = {pkgs, config, ...}: { - + # generating the manual will fail when mixing nixos channels, # so disable it here or this won't build at all. documentation.enable = false; - - # pleroma has a cli tool for configuration - environment.systemPackages = [ pkgs.dnsutils ]; - system.stateVersion = "20.09"; - - services.pleroma = { - enable = true; + imports = [ + ("${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/akkoma.nix") + ]; + + system.stateVersion = "22.11"; + + services.akkoma = { + enable = true; - # package = (import inputs.nixpkgs-unstable {}).pleroma; - # this is barely necessary at this point — all that's # set in here is the default_signer for joken, and the # secret_key_base and signing_salt for phoenix. - secretConfigFile = "/var/lib/pleroma/secrets.exs"; - - # for a list of available config options, see - # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/ - # - # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo) - # are better documented in their respective libraries (in this - # case, see the documentation for Ecto on Adapters). - configs = [ '' - import Config - - config :pleroma, Pleroma.Web.Endpoint, - url: [host: "${domain}", scheme: "https", port: 443], - http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000] - - config :pleroma, :instance, - name: "Pleroma", - limit: 5000, - registrations_open: false, - federating: true, - healthcheck: true, - allow_relay: true - - config :pleroma, :media_proxy, - enabled: false, - redirect_on_failure: true - - config :pleroma, Pleroma.Upload, - filters: [ - Pleroma.Upload.Filter.Exiftool, - Pleroma.Upload.Filter.AnonymizeFilename, - Pleroma.Upload.Filter.Dedupe - ] - - config :pleroma, Pleroma.Uploaders.Local, - uploads: "/var/lib/pleroma/uploads" - - config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - database: "pleroma", - socket_dir: "/run/postgresql", - pool_size: 10, - prepare: :named, - parameters: [ - plan_cache_mode: "force_custom_plan" - ] - - - - config :pleroma, :database, rum_enabled: false - config :pleroma, configurable_from_database: false - - config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" - - '' ]; + # secretConfigFile = "/var/lib/pleroma/secrets.exs"; + + package = unstable.akkoma; + frontends = { + primary = { + package = unstable.akkoma-frontends.pleroma-fe; + name = "pleroma-fe"; + ref = "stable"; + }; + admin = { + package = unstable.akkoma-frontends.admin-fe; + name = "admin-fe"; + ref = "stable"; + }; + }; + + config = { + ":pleroma"."Pleroma.Web.Endpoint" = { + "url" = { host = "pleroma.stuebinm.eu"; scheme = "https"; port = 443; }; + "http" = {ip = "0.0.0.0"; port = 4000; }; + secret_key_base._secret = "/secret/secret_key_base"; + signing_salt._secret = "/secret/signing_salt"; + }; + ":joken".":default_signer"._secret = "/secret/joken_default_signer"; + + ":pleroma" = { + ":instance" = { + name = "Pleroma"; + limit = 5000; + registrations_open = false; + federating = true; + healthcheck = true; + allow_relay = true; + description = "a test instance"; + email = "dings@dings"; + }; + ":media_proxy" = { + enabled = false; + redirect_on_failure = true; + }; + "Pleroma.Upload" = { + filters = [ + "Pleroma.Upload.Filter.Exiftool" + "Pleroma.Upload.Filter.AnonymizeFilename" + "Pleroma.Upload.Filter.Dedupe" + ]; + }; + "Pleroma.Uploaders.Local".uploads = "/var/lib/pleroma/uploads"; + "Pleroma.Repo" = { + adapter = "Ecto.Adapters.Postgres"; + username = "pleroma"; + database = "pleroma"; + socket_dir = "/run/postgresql"; + pool_size = 10; + # prepare = ":named"; + show_sensitive_data_on_connection_error = true; + parameters = { plan_cache_mode = "force_custom_plan"; }; + }; + ":database".run_enabled = false; + ":configurable_from_database" = false; + # ":instance".static_dir = "/var/lib/pleroma/static"; + + }; + }; }; # otherwise, the exiftool will fail to run - systemd.services.pleroma.path = [ pkgs.exiftool ]; - + systemd.services.akkoma.path = [ pkgs.exiftool ]; + services.postgresql = { enable = true; package = pkgs.postgresql_12; - + ensureDatabases = [ "pleroma" ]; ensureUsers = [ { name = "pleroma"; ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; } ]; - + # give pleroma access. must be done with lib.mkForce, for some reason authentication = pkgs.lib.mkForce '' # Generated file; do not edit! local all all trust - host pleroma pleroma ::1/128 trust + host pleroma akkoma ::1/128 trust ''; - + # pleroma wants to do some initial config on startup, which it # can't do by itself since those needs superuser access # @@ -131,7 +137,7 @@ in CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; ''; }; - + networking.firewall.allowedTCPPorts = [ 4000 10022 ]; services.coredns = { @@ -144,7 +150,7 @@ in }; }; }; - + # give the container access to the external internet (necessary for # fetching content from other instances). Doesn't appear to work with # IPv6, though ... @@ -155,13 +161,13 @@ in }; networking.firewall.allowedTCPPorts = [ 10022 ]; - - services.nginx.virtualHosts."${domain}" = { + + services.nginx.virtualHosts."pleroma.stuebinm.eu" = { forceSSL = true; enableACME = true; - + locations."/" = { - proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000"; + proxyPass = "http://${config.containers.pleroma.localAddress}:4000"; proxyWebsockets = true; # these headers are in the example config in the NixOS manual. # take some time to figure out what they all do, and if these @@ -185,4 +191,3 @@ in }; }; } - |