nixos/modules/server/fedi/akkoma/default.nix

{ config, lib, pkgs, ... }:
with lib;
let
  cfg = config.void.server.fedi.akkoma;

  inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap;
in {
  options.void.server.fedi.akkoma = { enable = mkEnableOption false; };

  # :(
  config = mkIf cfg.enable {
    security.acme.certs = {
      "fedi.sako.lol" = {
        credentialsFile = "/srv/secrets/porkbun";
        dnsProvider = "porkbun";
        webroot = null;
      };
      "media.fedi.sako.lol" = {
        credentialsFile = "/srv/secrets/porkbun";
        dnsProvider = "porkbun";
        webroot = null;
      };
    };
    services = {
      akkoma = {
        enable = true;
        package = pkgs.akkoma;
        extraStatic = {
          "emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
          # TODO Change this lmao
          "static/favicon.png" = pkgs.fetchurl {
            url = "https://sako.lol/icon.png";
            hash = "sha256-G8qYTlRwQWn+x6b9t0gFBriIxm6LV2n1jI5OcTSg/jc=";
          };
          "static/terms-of-service.html" =
            pkgs.writeText "terms-of-service.html" ''
              <h1>Rules</h1>
              <ol>
                <li>No NSFW <b><i>at all</i></b></li>
                <li>try not to get this server blacklisted thanks :)</li>
              </ol>

              Instance is invite only because I don't know how many users this will handle, if you know any contact methods for the admin go ask him for an invite.
                  …
            '';
          #       "favicon.png" = let
          #         rev = "697a8211b0f427a921e7935a35d14bb3e32d0a2c";
          #       in pkgs.stdenvNoCC.mkDerivation {
          #         name = "favicon.png";

          #         src = pkgs.fetchurl {
          #           url = "https://raw.githubusercontent.com/TilCreator/NixOwO/${rev}/NixOwO_plain.svg";
          #           hash = "sha256-tWhHMfJ3Od58N9H5yOKPMfM56hYWSOnr/TGCBi8bo9E=";
          #         };

          #         nativeBuildInputs = with pkgs; [ librsvg ];

          #         dontUnpack = true;
          #         installPhase = ''
          #   rsvg-convert -o $out -w 96 -h 96 $src
          # '';
        };
        extraPackages =
          builtins.attrValues { inherit (pkgs) ffmpeg exiftool imagemagick; };
        frontends = {
          primary = {
            package = pkgs.akkoma-frontends.akkoma-fe;
            name = "akkoma-fe";
            ref = "stable";
          };
          admin = {
            package = pkgs.akkoma-frontends.admin-fe;
            name = "admin-fe";
            ref = "stable";
          };
        };

        nginx = {
          enableACME = true;
          forceSSL = true;
          # recommendedTlsSettings = true;
          # recommendedOptimisation = true;
          # recommendedGzipSettings = true;
        };

        config = {
          ":pleroma" = {
            ":instance" = {
              name = "v0id";
              description = "Good ass fediverse instance";
              email = "sako@sako.lol";
              registration_open = false;
              invites_enabled = true;
              account_activation_required = false;
              cleanup_attachments = true;
              allow_relay = true;
              # AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
              federating = true;
              # external_user_synchronization = true;
            };
            ":media_proxy" = {
              enabled = true;
              proxy_opts = { redirect_on_failure = true; };
              base_url = "https://media.fedi.sako.lol";
            };
            "Pleroma.Web.Endpoint" = { url.host = "fedi.sako.lol"; };
            "Pleroma.Upload" = {
              base_url = "https://media.fedi.sako.lol/media";
              filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
                "Pleroma.Upload.Filter.Exiftool.StripMetadata"
                "Pleroma.Upload.Filter.Dedupe"
                "Pleroma.Upload.Filter.AnonymizeFilename"
              ];
            };

            ":mrf".policies =
              map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];
            ":mrf_simple" = let blocklist = import ./blocklist.nix;
            in {
              # media_nsfw = mkMap blocklist.media_nsfw;
              reject = mkMap blocklist.reject;
              # followers_only = mkMap blocklist.followers_only;
            };
          };
        };
      };
      nginx.proxyCachePath."akkoma-media-cache" = {
        enable = true;
        levels = "1:2";
        inactive = "720m";
        maxSize = "10g";
        useTempPath = false;
        keysZoneName = "akkoma_media_cache";
        keysZoneSize = "10m";
      };
      nginx.virtualHosts = {
        "media.fedi.sako.lol" = {
          forceSSL = true;
          enableACME = true;
          locations = {
            "/" = { return = "301 https://fedi.sako.lol"; };
            "/media" = { proxyPass = "http://unix:/run/akkoma/socket"; };
            "/proxy" = {
              proxyPass = "http://unix:/run/akkoma/socket";
              extraConfig = ''
                proxy_cache akkoma_media_cache;
                 proxy_cache_lock on;
              '';
            };
          };
        };
      };
    };
    # can't have SHIT in detroit
    users = {
      users.fedifetcher = {
        home = "/var/lib/fedifetcher";
        createHome = true;
        isSystemUser = true;
        group = "fedifetcher";
      };
      groups.fedifetcher = { };
    };

    systemd = let
      configPath = "/srv/secrets/fedifetcher.json";
      state = "/var/lib/fedifetcher";
    in {
      timers.fedifetcher = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnUnitActiveSec = "1m";
          Unit = "fedifetcher.service";
        };
      };
      services.fedifetcher = {
        unitConfig = { ConditionPathExists = configPath; };
        serviceConfig = {
          WorkingDirectory = state;
          Type = "oneshot";
          ExecStart = "${pkgs.fedifetcher}/bin/fedifetcher"
            + " --config ${configPath}" + " --state-dir ${state}";
          User = "fedifetcher";
          Group = "fedifetcher";
        };
      };
    };
  };
}
skill issue 2025-01-02 14:49:22 +04:00			`{ config, lib, pkgs, ... }:`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`with lib;`
asdfjio 2025-01-02 17:37:31 +04:00			`let`
			`cfg = config.void.server.fedi.akkoma;`

			`inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap;`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`in {`
			`options.void.server.fedi.akkoma = { enable = mkEnableOption false; };`

			`# :(`
			`config = mkIf cfg.enable {`
i guess this works 2025-01-02 14:47:50 +04:00			`security.acme.certs = {`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`"fedi.sako.lol" = {`
i hate acme. 2025-01-02 14:58:47 +04:00			`credentialsFile = "/srv/secrets/porkbun";`
			`dnsProvider = "porkbun";`
			`webroot = null;`
			`};`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`"media.fedi.sako.lol" = {`
i hate acme. 2025-01-02 14:58:47 +04:00			`credentialsFile = "/srv/secrets/porkbun";`
			`dnsProvider = "porkbun";`
			`webroot = null;`
			`};`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`services = {`
			`akkoma = {`
			`enable = true;`
			`package = pkgs.akkoma;`
what 2025-01-02 20:44:06 +04:00			`extraStatic = {`
			`"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;`
favicon akkoma 2025-01-04 22:22:32 +04:00			`# TODO Change this lmao`
			`"static/favicon.png" = pkgs.fetchurl {`
			`url = "https://sako.lol/icon.png";`
			`hash = "sha256-G8qYTlRwQWn+x6b9t0gFBriIxm6LV2n1jI5OcTSg/jc=";`
			`};`
lmao 2025-01-02 20:46:30 +04:00			`"static/terms-of-service.html" =`
			`pkgs.writeText "terms-of-service.html" ''`
			`<h1>Rules</h1>`
			`<ol>`
			`<li>No NSFW <b><i>at all</i></b></li>`
			`<li>try not to get this server blacklisted thanks :)</li>`
			`</ol>`
what 2025-01-02 20:44:06 +04:00
lmao 2025-01-02 20:46:30 +04:00			`Instance is invite only because I don't know how many users this will handle, if you know any contact methods for the admin go ask him for an invite.`
			`…`
			`'';`
			`# "favicon.png" = let`
			`# rev = "697a8211b0f427a921e7935a35d14bb3e32d0a2c";`
			`# in pkgs.stdenvNoCC.mkDerivation {`
			`# name = "favicon.png";`
what 2025-01-02 20:44:06 +04:00
lmao 2025-01-02 20:46:30 +04:00			`# src = pkgs.fetchurl {`
			`# url = "https://raw.githubusercontent.com/TilCreator/NixOwO/${rev}/NixOwO_plain.svg";`
			`# hash = "sha256-tWhHMfJ3Od58N9H5yOKPMfM56hYWSOnr/TGCBi8bo9E=";`
			`# };`
what 2025-01-02 20:44:06 +04:00
lmao 2025-01-02 20:46:30 +04:00			`# nativeBuildInputs = with pkgs; [ librsvg ];`
what 2025-01-02 20:44:06 +04:00
lmao 2025-01-02 20:46:30 +04:00			`# dontUnpack = true;`
			`# installPhase = ''`
			`# rsvg-convert -o $out -w 96 -h 96 $src`
			`# '';`
			`};`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`extraPackages =`
			`builtins.attrValues { inherit (pkgs) ffmpeg exiftool imagemagick; };`
i guess this works 2025-01-02 14:47:50 +04:00			`frontends = {`
			`primary = {`
			`package = pkgs.akkoma-frontends.akkoma-fe;`
			`name = "akkoma-fe";`
			`ref = "stable";`
			`};`
			`admin = {`
			`package = pkgs.akkoma-frontends.admin-fe;`
			`name = "admin-fe";`
			`ref = "stable";`
			`};`
			`};`

			`nginx = {`
			`enableACME = true;`
			`forceSSL = true;`
it didnt work 2025-01-02 14:48:49 +04:00			`# recommendedTlsSettings = true;`
			`# recommendedOptimisation = true;`
			`# recommendedGzipSettings = true;`
i guess this works 2025-01-02 14:47:50 +04:00			`};`

			`config = {`
			`":pleroma" = {`
			`":instance" = {`
			`name = "v0id";`
			`description = "Good ass fediverse instance";`
			`email = "sako@sako.lol";`
			`registration_open = false;`
			`invites_enabled = true;`
			`account_activation_required = false;`
			`cleanup_attachments = true;`
			`allow_relay = true;`
federatingc 2025-01-02 17:20:28 +04:00			`# AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH`
			`federating = true;`
i have a theory 2025-01-03 19:33:11 +04:00			`# external_user_synchronization = true;`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
what 2025-01-02 15:34:20 +04:00			`":media_proxy" = {`
more shennanigans 2025-01-02 16:12:34 +04:00			`enabled = true;`
			`proxy_opts = { redirect_on_failure = true; };`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`base_url = "https://media.fedi.sako.lol";`
what 2025-01-02 15:34:20 +04:00			`};`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`"Pleroma.Web.Endpoint" = { url.host = "fedi.sako.lol"; };`
i guess this works 2025-01-02 14:47:50 +04:00			`"Pleroma.Upload" = {`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`base_url = "https://media.fedi.sako.lol/media";`
i guess this works 2025-01-02 14:47:50 +04:00			`filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [`
deprecated akkoma config thing 2025-01-02 15:00:09 +04:00			`"Pleroma.Upload.Filter.Exiftool.StripMetadata"`
i guess this works 2025-01-02 14:47:50 +04:00			`"Pleroma.Upload.Filter.Dedupe"`
			`"Pleroma.Upload.Filter.AnonymizeFilename"`
			`];`
			`};`
attempt one 2025-01-02 17:43:11 +04:00
			`":mrf".policies =`
			`map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];`
SOCIETY 2025-01-02 17:35:33 +04:00			`":mrf_simple" = let blocklist = import ./blocklist.nix;`
			`in {`
			`# media_nsfw = mkMap blocklist.media_nsfw;`
asdfjio 2025-01-02 17:37:31 +04:00			`reject = mkMap blocklist.reject;`
SOCIETY 2025-01-02 17:35:33 +04:00			`# followers_only = mkMap blocklist.followers_only;`
			`};`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`};`
more shennanigans 2025-01-02 16:12:34 +04:00			`nginx.proxyCachePath."akkoma-media-cache" = {`
			`enable = true;`
			`levels = "1:2";`
			`inactive = "720m";`
			`maxSize = "10g";`
			`useTempPath = false;`
			`keysZoneName = "akkoma_media_cache";`
			`keysZoneSize = "10m";`
			`};`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`nginx.virtualHosts = {`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`"media.fedi.sako.lol" = {`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`forceSSL = true;`
			`enableACME = true;`
more shennanigans 2025-01-02 16:12:34 +04:00			`locations = {`
change subdomain for akkoma 2025-01-03 19:53:08 +04:00			`"/" = { return = "301 https://fedi.sako.lol"; };`
more shennanigans 2025-01-02 16:12:34 +04:00			`"/media" = { proxyPass = "http://unix:/run/akkoma/socket"; };`
this should do it 2025-01-02 16:32:53 +04:00			`"/proxy" = {`
			`proxyPass = "http://unix:/run/akkoma/socket";`
			`extraConfig = ''`
			`proxy_cache akkoma_media_cache;`
			`proxy_cache_lock on;`
			`'';`
			`};`
more shennanigans 2025-01-02 16:12:34 +04:00			`};`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`};`
			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`};`
whatever this is lmao 2025-01-03 21:01:02 +04:00			`# can't have SHIT in detroit`
			`users = {`
lmfao 2025-01-03 21:01:23 +04:00			`users.fedifetcher = {`
whatever this is lmao 2025-01-03 21:01:02 +04:00			`home = "/var/lib/fedifetcher";`
			`createHome = true;`
			`isSystemUser = true;`
			`group = "fedifetcher";`
			`};`
			`groups.fedifetcher = { };`
			`};`

			`systemd = let`
			`configPath = "/srv/secrets/fedifetcher.json";`
			`state = "/var/lib/fedifetcher";`
			`in {`
			`timers.fedifetcher = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnUnitActiveSec = "1m";`
			`Unit = "fedifetcher.service";`
			`};`
			`};`
			`services.fedifetcher = {`
			`unitConfig = { ConditionPathExists = configPath; };`
			`serviceConfig = {`
			`WorkingDirectory = state;`
			`Type = "oneshot";`
can't do syntax award 2025-01-03 21:03:10 +04:00			`ExecStart = "${pkgs.fedifetcher}/bin/fedifetcher"`
whatever this is lmao 2025-01-03 21:01:02 +04:00			`+ " --config ${configPath}" + " --state-dir ${state}";`
can't write systemd services award 2025-01-03 21:04:39 +04:00			`User = "fedifetcher";`
			`Group = "fedifetcher";`
whatever this is lmao 2025-01-03 21:01:02 +04:00			`};`
			`};`
			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`};`
			`}`