nixos/modules/server/fedi/akkoma/default.nix

{ config, lib, pkgs, ... }:
with lib;
let
  cfg = config.void.server.fedi.akkoma;

  inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap;
in {
  options.void.server.fedi.akkoma = { enable = mkEnableOption false; };

  # :(
  config = mkIf cfg.enable {
    security.acme.certs = {
      "social.sako.lol" = {
        credentialsFile = "/srv/secrets/porkbun";
        dnsProvider = "porkbun";
        webroot = null;
      };
      "media.social.sako.lol" = {
        credentialsFile = "/srv/secrets/porkbun";
        dnsProvider = "porkbun";
        webroot = null;
      };
    };
    services = {
      akkoma = {
        enable = true;
        package = pkgs.akkoma;
        extraPackages =
          builtins.attrValues { inherit (pkgs) ffmpeg exiftool imagemagick; };
        frontends = {
          primary = {
            package = pkgs.akkoma-frontends.akkoma-fe;
            name = "akkoma-fe";
            ref = "stable";
          };
          admin = {
            package = pkgs.akkoma-frontends.admin-fe;
            name = "admin-fe";
            ref = "stable";
          };
        };

        nginx = {
          enableACME = true;
          forceSSL = true;
          # recommendedTlsSettings = true;
          # recommendedOptimisation = true;
          # recommendedGzipSettings = true;
        };

        config = {
          ":pleroma" = {
            ":instance" = {
              name = "v0id";
              description = "Good ass fediverse instance";
              email = "sako@sako.lol";
              registration_open = false;
              invites_enabled = true;
              account_activation_required = false;
              cleanup_attachments = true;
              allow_relay = true;
              # AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
              federating = true;
            };
            ":media_proxy" = {
              enabled = true;
              proxy_opts = { redirect_on_failure = true; };
              base_url = "https://media.social.sako.lol";
            };
            "Pleroma.Web.Endpoint" = { url.host = "social.sako.lol"; };
            "Pleroma.Upload" = {
              base_url = "https://media.social.sako.lol/media";
              filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
                "Pleroma.Upload.Filter.Exiftool.StripMetadata"
                "Pleroma.Upload.Filter.Dedupe"
                "Pleroma.Upload.Filter.AnonymizeFilename"
              ];
            };

            ":mrf".policies =
              map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];
            ":mrf_simple" = let blocklist = import ./blocklist.nix;
            in {
              # media_nsfw = mkMap blocklist.media_nsfw;
              reject = mkMap blocklist.reject;
              # followers_only = mkMap blocklist.followers_only;
            };
          };
        };
      };
      nginx.proxyCachePath."akkoma-media-cache" = {
        enable = true;
        levels = "1:2";
        inactive = "720m";
        maxSize = "10g";
        useTempPath = false;
        keysZoneName = "akkoma_media_cache";
        keysZoneSize = "10m";
      };
      nginx.virtualHosts = {
        "media.social.sako.lol" = {
          forceSSL = true;
          enableACME = true;
          locations = {
            "/media" = { proxyPass = "http://unix:/run/akkoma/socket"; };
            "/proxy" = {
              proxyPass = "http://unix:/run/akkoma/socket";
              extraConfig = ''
                proxy_cache akkoma_media_cache;
                 proxy_cache_lock on;
              '';
            };
          };
        };
      };
    };
  };
}
skill issue 2025-01-02 14:49:22 +04:00			`{ config, lib, pkgs, ... }:`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`with lib;`
asdfjio 2025-01-02 17:37:31 +04:00			`let`
			`cfg = config.void.server.fedi.akkoma;`

			`inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap;`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`in {`
			`options.void.server.fedi.akkoma = { enable = mkEnableOption false; };`

			`# :(`
			`config = mkIf cfg.enable {`
i guess this works 2025-01-02 14:47:50 +04:00			`security.acme.certs = {`
i hate acme. 2025-01-02 14:58:47 +04:00			`"social.sako.lol" = {`
			`credentialsFile = "/srv/secrets/porkbun";`
			`dnsProvider = "porkbun";`
			`webroot = null;`
			`};`
			`"media.social.sako.lol" = {`
			`credentialsFile = "/srv/secrets/porkbun";`
			`dnsProvider = "porkbun";`
			`webroot = null;`
			`};`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`services = {`
			`akkoma = {`
			`enable = true;`
			`package = pkgs.akkoma;`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`extraPackages =`
			`builtins.attrValues { inherit (pkgs) ffmpeg exiftool imagemagick; };`
i guess this works 2025-01-02 14:47:50 +04:00			`frontends = {`
			`primary = {`
			`package = pkgs.akkoma-frontends.akkoma-fe;`
			`name = "akkoma-fe";`
			`ref = "stable";`
			`};`
			`admin = {`
			`package = pkgs.akkoma-frontends.admin-fe;`
			`name = "admin-fe";`
			`ref = "stable";`
			`};`
			`};`

			`nginx = {`
			`enableACME = true;`
			`forceSSL = true;`
it didnt work 2025-01-02 14:48:49 +04:00			`# recommendedTlsSettings = true;`
			`# recommendedOptimisation = true;`
			`# recommendedGzipSettings = true;`
i guess this works 2025-01-02 14:47:50 +04:00			`};`

			`config = {`
			`":pleroma" = {`
			`":instance" = {`
			`name = "v0id";`
			`description = "Good ass fediverse instance";`
			`email = "sako@sako.lol";`
			`registration_open = false;`
			`invites_enabled = true;`
			`account_activation_required = false;`
			`cleanup_attachments = true;`
			`allow_relay = true;`
federatingc 2025-01-02 17:20:28 +04:00			`# AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH`
			`federating = true;`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
what 2025-01-02 15:34:20 +04:00			`":media_proxy" = {`
more shennanigans 2025-01-02 16:12:34 +04:00			`enabled = true;`
			`proxy_opts = { redirect_on_failure = true; };`
asdf 2025-01-02 17:49:25 +04:00			`base_url = "https://media.social.sako.lol";`
what 2025-01-02 15:34:20 +04:00			`};`
i guess this works 2025-01-02 14:47:50 +04:00			`"Pleroma.Web.Endpoint" = { url.host = "social.sako.lol"; };`
			`"Pleroma.Upload" = {`
what 2025-01-02 16:02:33 +04:00			`base_url = "https://media.social.sako.lol/media";`
i guess this works 2025-01-02 14:47:50 +04:00			`filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [`
deprecated akkoma config thing 2025-01-02 15:00:09 +04:00			`"Pleroma.Upload.Filter.Exiftool.StripMetadata"`
i guess this works 2025-01-02 14:47:50 +04:00			`"Pleroma.Upload.Filter.Dedupe"`
			`"Pleroma.Upload.Filter.AnonymizeFilename"`
			`];`
			`};`
attempt one 2025-01-02 17:43:11 +04:00
			`":mrf".policies =`
			`map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];`
SOCIETY 2025-01-02 17:35:33 +04:00			`":mrf_simple" = let blocklist = import ./blocklist.nix;`
			`in {`
			`# media_nsfw = mkMap blocklist.media_nsfw;`
asdfjio 2025-01-02 17:37:31 +04:00			`reject = mkMap blocklist.reject;`
SOCIETY 2025-01-02 17:35:33 +04:00			`# followers_only = mkMap blocklist.followers_only;`
			`};`
i guess this works 2025-01-02 14:47:50 +04:00			`};`
			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`};`
more shennanigans 2025-01-02 16:12:34 +04:00			`nginx.proxyCachePath."akkoma-media-cache" = {`
			`enable = true;`
			`levels = "1:2";`
			`inactive = "720m";`
			`maxSize = "10g";`
			`useTempPath = false;`
			`keysZoneName = "akkoma_media_cache";`
			`keysZoneSize = "10m";`
			`};`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`nginx.virtualHosts = {`
			`"media.social.sako.lol" = {`
			`forceSSL = true;`
			`enableACME = true;`
more shennanigans 2025-01-02 16:12:34 +04:00			`locations = {`
			`"/media" = { proxyPass = "http://unix:/run/akkoma/socket"; };`
this should do it 2025-01-02 16:32:53 +04:00			`"/proxy" = {`
			`proxyPass = "http://unix:/run/akkoma/socket";`
			`extraConfig = ''`
			`proxy_cache akkoma_media_cache;`
			`proxy_cache_lock on;`
			`'';`
			`};`
more shennanigans 2025-01-02 16:12:34 +04:00			`};`
im in hte thick of it 2025-01-02 15:53:53 +04:00			`};`
			`};`
todo finish akkoma module 2025-01-02 12:27:19 +04:00			`};`
			`};`
			`}`