{ config, pkgs, ... }: let inherit (config.services) akkoma; inherit (config.sops) secrets; inherit ((pkgs.formats.elixirConf { }).lib) mkRaw; in { services = { akkoma = { enable = true; config = { ":pleroma" = { ":instance" = { name = "walkah.social"; email = "walkah@walkah.net"; notify_email = "walkah@walkah.net"; description = "James Walker's personal Akkoma instance"; registrations_open = false; invites_enabled = true; federating = true; federation_incoming_replies_max_depth = null; allow_relay = true; safe_dm_mentions = true; external_user_synchronization = true; cleanup_attachments = true; }; ":media_proxy" = { enabled = false; redirect_on_failure = true; }; "Pleroma.Repo" = { adapter = mkRaw "Ecto.Adapters.Postgres"; socket_dir = "/run/postgresql"; username = config.services.akkoma.user; database = "akkoma"; prepare = mkRaw ":named"; parameters.plan_cache_mode = "force_custom_plan"; }; "Pleroma.Web.Endpoint" = { secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; }; signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; url = { host = "walkah.social"; scheme = "https"; port = 443; }; http = { ip = "127.0.0.1"; port = 4000; }; }; }; ":web_push_encryption" = { ":vapid_details" = { private_key = { _secret = secrets.akkoma-vapid-private-key.path; }; public_key = { _secret = secrets.akkoma-vapid-public-key.path; }; }; }; ":joken" = { ":default_signer" = { _secret = secrets.akkoma-joken-signer.path; }; }; }; nginx = null; # doing this manually }; postgresql = { enable = true; }; postgresqlBackup = { enable = true; databases = [ "akkoma" ]; }; }; sops.secrets.akkoma-secret-key-base = { owner = akkoma.user; }; sops.secrets.akkoma-signing-salt = { owner = akkoma.user; }; sops.secrets.akkoma-vapid-private-key = { owner = akkoma.user; }; sops.secrets.akkoma-vapid-public-key = { owner = akkoma.user; }; sops.secrets.akkoma-joken-signer = { owner = akkoma.user; }; }