♻️ consolidate nix configs

2024-09-02 10:47:02 -04:00
parent 49884d40e5
commit 06ddc96680
49 changed files with 26 additions and 26 deletions
--- a/nix/modules/akkoma/default.nix
+++ b/nix/modules/akkoma/default.nix
@ -0,0 +1,99 @@
+{ config, pkgs, ... }:
+
+let
+  inherit (config.services) akkoma;
+  inherit (config.sops) secrets;
+  inherit ((pkgs.formats.elixirConf { }).lib) mkRaw;
+in
+{
+  services = {
+    akkoma = {
+      enable = true;
+      config = {
+        ":pleroma" = {
+          ":instance" = {
+            name = "walkah.social";
+            email = "walkah@walkah.net";
+            notify_email = "walkah@walkah.net";
+            description = "James Walker's personal Akkoma instance";
+            registrations_open = false;
+            invites_enabled = true;
+            federating = true;
+            federation_incoming_replies_max_depth = null;
+            allow_relay = true;
+            safe_dm_mentions = true;
+            external_user_synchronization = true;
+            cleanup_attachments = true;
+          };
+          ":media_proxy" = {
+            enabled = false;
+            redirect_on_failure = true;
+          };
+
+          "Pleroma.Repo" = {
+            adapter = mkRaw "Ecto.Adapters.Postgres";
+            socket_dir = "/run/postgresql";
+            username = config.services.akkoma.user;
+            database = "akkoma";
+
+            prepare = mkRaw ":named";
+            parameters.plan_cache_mode = "force_custom_plan";
+          };
+
+          "Pleroma.Web.Endpoint" = {
+            secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; };
+            signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
+            live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; };
+            url = {
+              host = "walkah.social";
+              scheme = "https";
+              port = 443;
+            };
+            http = {
+              ip = "127.0.0.1";
+              port = 4000;
+            };
+          };
+        };
+        ":web_push_encryption" = {
+          ":vapid_details" = {
+            private_key = { _secret = secrets.akkoma-vapid-private-key.path; };
+            public_key = { _secret = secrets.akkoma-vapid-public-key.path; };
+          };
+        };
+        ":joken" = {
+          ":default_signer" = { _secret = secrets.akkoma-joken-signer.path; };
+        };
+      };
+      nginx = null; # doing this manually
+    };
+
+    postgresql = {
+      enable = true;
+    };
+
+    postgresqlBackup = {
+      enable = true;
+      databases = [ "akkoma" ];
+    };
+  };
+  sops = {
+    secrets = {
+      akkoma-secret-key-base = {
+        owner = akkoma.user;
+      };
+      akkoma-signing-salt = {
+        owner = akkoma.user;
+      };
+      akkoma-vapid-private-key = {
+        owner = akkoma.user;
+      };
+      akkoma-vapid-public-key = {
+        owner = akkoma.user;
+      };
+      akkoma-joken-signer = {
+        owner = akkoma.user;
+      };
+    };
+  };
+}
--- a/nix/modules/akkoma/nginx.nix
+++ b/nix/modules/akkoma/nginx.nix
@ -0,0 +1,16 @@
+_:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "walkah.social" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:4000";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}