From 02c7dc192e9bc9a1246edc48ec23271ea07abd45 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Thu, 16 Feb 2023 19:36:01 +0100
Subject: flora: jump to akkoma @ nixpkgs-unstable

---
 flora/services/pleroma.nix | 171 +++++++++++++++++++++++----------------------
 1 file changed, 88 insertions(+), 83 deletions(-)

(limited to 'flora')

diff --git a/flora/services/pleroma.nix b/flora/services/pleroma.nix
index 12f4511..dd75b43 100644
--- a/flora/services/pleroma.nix
+++ b/flora/services/pleroma.nix
@@ -1,8 +1,8 @@
-{config, pkgs, inputs, ...}:
+{config, pkgs, inputs, system, ...}:
 
 
 let
-  domain = "pleroma.stuebinm.eu";
+  unstable = import inputs.nixpkgs-unstable { inherit system; };
 in
 {
 
@@ -14,105 +14,111 @@ in
     localAddress = "192.168.42.31";
     hostAddress6 = "fd00::42:30";
     localAddress6 = "fd00::42:31";
-    
-    
+
     config = {pkgs, config, ...}: {
-      
+
       # generating the manual will fail when mixing nixos channels,
       # so disable it here or this won't build at all.
       documentation.enable = false;
-      
-      # pleroma has a cli tool for configuration
-      environment.systemPackages = [ pkgs.dnsutils ];
-      system.stateVersion = "20.09";
-    
-      services.pleroma = {
-        enable = true;
 
+      imports = [
+        ("${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/akkoma.nix")
+      ];
+
+      system.stateVersion = "22.11";
+
+      services.akkoma = {
+        enable = true;
 
-        # package = (import inputs.nixpkgs-unstable {}).pleroma;
-        
         # this is barely necessary at this point — all that's
         # set in here is the default_signer for joken, and the
         # secret_key_base and signing_salt for phoenix.
-        secretConfigFile = "/var/lib/pleroma/secrets.exs";
-        
-        # for a list of available config options, see
-        # https://docs-develop.pleroma.social/backend/configuration/cheatsheet/
-        # 
-        # Additionally, some parts of pleroma's config (e.g. Pleroma.Repo)
-        # are better documented in their respective libraries (in this
-        # case, see the documentation for Ecto on Adapters).
-        configs = [ ''
-          import Config
-
-          config :pleroma, Pleroma.Web.Endpoint,
-            url: [host: "${domain}", scheme: "https", port: 443],
-            http: [ip: {0, 0, 0, 0, 0, 0, 0, 0}, port: 4000]
-
-          config :pleroma, :instance,
-            name: "Pleroma",
-            limit: 5000,
-            registrations_open: false,
-            federating: true,
-            healthcheck: true,
-            allow_relay: true
-
-          config :pleroma, :media_proxy,
-            enabled: false,
-            redirect_on_failure: true
-
-          config :pleroma, Pleroma.Upload,
-            filters: [
-                Pleroma.Upload.Filter.Exiftool,
-                Pleroma.Upload.Filter.AnonymizeFilename,
-                Pleroma.Upload.Filter.Dedupe
-            ]
-            
-          config :pleroma, Pleroma.Uploaders.Local,
-            uploads: "/var/lib/pleroma/uploads"
-
-          config :pleroma, Pleroma.Repo,
-            adapter: Ecto.Adapters.Postgres,
-            username: "pleroma",
-            database: "pleroma",
-            socket_dir: "/run/postgresql",
-            pool_size: 10,
-            prepare: :named,
-            parameters: [
-                plan_cache_mode: "force_custom_plan"
-            ]
-
-
-
-          config :pleroma, :database, rum_enabled: false
-          config :pleroma, configurable_from_database: false
-
-          config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
-          
-        '' ];
+        # secretConfigFile = "/var/lib/pleroma/secrets.exs";
+
+        package = unstable.akkoma;
+        frontends = {
+          primary = {
+            package = unstable.akkoma-frontends.pleroma-fe;
+            name = "pleroma-fe";
+            ref = "stable";
+          };
+          admin = {
+            package = unstable.akkoma-frontends.admin-fe;
+            name = "admin-fe";
+            ref = "stable";
+          };
+        };
+
+        config = {
+          ":pleroma"."Pleroma.Web.Endpoint" = {
+            "url" = { host = "pleroma.stuebinm.eu"; scheme = "https"; port = 443; };
+            "http" = {ip = "0.0.0.0"; port = 4000; };
+            secret_key_base._secret = "/secret/secret_key_base";
+            signing_salt._secret = "/secret/signing_salt";
+          };
+          ":joken".":default_signer"._secret = "/secret/joken_default_signer";
+
+          ":pleroma" = {
+            ":instance" = {
+              name = "Pleroma";
+              limit = 5000;
+              registrations_open = false;
+              federating = true;
+              healthcheck = true;
+              allow_relay = true;
+              description = "a test instance";
+              email = "dings@dings";
+            };
+            ":media_proxy" = {
+              enabled = false;
+              redirect_on_failure = true;
+            };
+            "Pleroma.Upload" = {
+              filters = [
+                "Pleroma.Upload.Filter.Exiftool"
+                "Pleroma.Upload.Filter.AnonymizeFilename"
+                "Pleroma.Upload.Filter.Dedupe"
+              ];
+            };
+            "Pleroma.Uploaders.Local".uploads = "/var/lib/pleroma/uploads";
+            "Pleroma.Repo" = {
+              adapter = "Ecto.Adapters.Postgres";
+              username = "pleroma";
+              database = "pleroma";
+              socket_dir = "/run/postgresql";
+              pool_size = 10;
+              # prepare = ":named";
+              show_sensitive_data_on_connection_error = true;
+              parameters = { plan_cache_mode = "force_custom_plan"; };
+            };
+            ":database".run_enabled = false;
+            ":configurable_from_database" = false;
+            # ":instance".static_dir = "/var/lib/pleroma/static";
+
+          };
+        };
       };
 
       # otherwise, the exiftool will fail to run
-      systemd.services.pleroma.path = [ pkgs.exiftool ];
-          
+      systemd.services.akkoma.path = [ pkgs.exiftool ];
+
       services.postgresql = {
         enable = true;
         package = pkgs.postgresql_12;
-        
+
         ensureDatabases = [ "pleroma" ];
         ensureUsers = [ {
           name = "pleroma";
           ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES";
         } ];
-        
+
         # give pleroma access. must be done with lib.mkForce, for some reason
         authentication = pkgs.lib.mkForce ''
           # Generated file; do not edit!
           local all all              trust
-          host  pleroma pleroma ::1/128      trust
+          host  pleroma akkoma ::1/128      trust
         '';
-        
+
         # pleroma wants to do some initial config on startup, which it
         # can't do by itself since those needs superuser access
         #
@@ -131,7 +137,7 @@ in
           CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
         '';
       };
-        
+
       networking.firewall.allowedTCPPorts = [ 4000 10022 ];
 
       services.coredns = {
@@ -144,7 +150,7 @@ in
       };
     };
   };
-  
+
   # give the container access to the external internet (necessary for
   # fetching content from other instances). Doesn't appear to work with
   # IPv6, though ...
@@ -155,13 +161,13 @@ in
     
   };
   networking.firewall.allowedTCPPorts = [ 10022 ];
-  
-  services.nginx.virtualHosts."${domain}" = {
+
+  services.nginx.virtualHosts."pleroma.stuebinm.eu" = {
     forceSSL = true;
     enableACME = true;
-    
+
     locations."/" = {
-      proxyPass = "http://[${config.containers.pleroma.localAddress6}]:4000";
+      proxyPass = "http://${config.containers.pleroma.localAddress}:4000";
       proxyWebsockets = true;
       # these headers are in the example config in the NixOS manual.
       # take some time to figure out what they all do, and if these
@@ -185,4 +191,3 @@ in
     };
   };
 }
-
-- 
cgit v1.2.3