nixos-configs/hosts/akko/akkoma.nix

104 lines
3.0 KiB
Nix

{ pkgs, lib, ... }:
let vhost = "akko.within.website";
in {
services.akkoma = {
enable = true;
config = let inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap;
in {
":pleroma"."Pleroma.Web.Endpoint".url.host = vhost;
":pleroma".":media_proxy".enabled = true;
":pleroma".":instance" = {
name = "Within's Bot Zone";
description =
"Within's akkoma server for testing and bot deployment, antifash edition";
email = "akko@xeserv.us";
notify_email = "akko@xeserv.us";
registrations_open = false;
invites_enabled = true;
limit = 69420;
remote_limit = 100000;
max_pinned_statuses = 10;
max_account_fields = 100;
limit_to_local_content = mkRaw ":unauthenticated";
healthcheck = true;
cleanup_attachments = true;
allow_relay = true;
};
":pleroma".":mrf".policies =
map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];
# To allow configuration from admin-fe
":pleroma".":configurable_from_database" = false;
":pleroma"."Pleroma.Captcha" = {
enabled = false;
};
# S3 setup
":pleroma"."Pleroma.Upload" = {
uploader = mkRaw "Pleroma.Uploaders.S3";
base_url = "https://f001.backblazeb2.com/file/";
strip_exif = false;
};
":pleroma"."Pleroma.Uploaders.S3".bucket = "xeserv-akko";
":ex_aws".":s3" = {
access_key_id._secret = "/var/lib/secrets/akkoma/b2_key_id";
secret_access_key._secret = "/var/lib/secrets/akkoma/b2_app_key";
host = "s3.us-west-001.backblazeb2.com";
};
# Automated moderation settings
# Borrowed from https://github.com/chaossocial/about/blob/master/blocked_instances.md
":pleroma".":mrf_simple" = let blocklist = import ./blocklist.nix;
in {
media_nsfw = mkMap blocklist.media_nsfw;
reject = mkMap blocklist.reject;
followers_only = mkMap blocklist.followers_only;
};
};
nginx = {
useACMEHost = "akko.within.website";
forceSSL = true;
};
};
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_15;
security.acme = {
defaults.email = "me@xeiaso.net";
certs."akko.within.website" = {
group = "nginx";
dnsProvider = "route53";
credentialsFile = "/run/keys/aws-within.website";
extraLegoFlags = [ "--dns.resolvers=8.8.8.8:53" ];
};
};
age.secrets = {
"aws-within.website" = {
file = ../../secret/aws-within.website.age;
path = "/run/keys/aws-within.website";
owner = "acme";
group = "nginx";
};
akko-keyid = {
file = ../../secret/akko-keyid.age;
path = "/var/lib/secrets/akkoma/b2_key_id";
owner = "akkoma";
group = "akkoma";
};
akko-applicationkey = {
file = ../../secret/akko-applicationkey.age;
path = "/var/lib/secrets/akkoma/b2_app_key";
owner = "akkoma";
group = "akkoma";
};
};
}