Merge pull request #192285 from illdefined/akkoma
akkoma: init at 3.5.0
This commit is contained in:
commit
e59753591b
@ -23,6 +23,13 @@
|
||||
<section xml:id="sec-release-23.05-new-services">
|
||||
<title>New Services</title>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://akkoma.social">Akkoma</link>, an
|
||||
ActivityPub microblogging server. Available as
|
||||
<link xlink:href="options.html#opt-services.akkoma.enable">services.akkoma</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<link xlink:href="https://github.com/akinomyoga/ble.sh">blesh</link>,
|
||||
|
@ -14,6 +14,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
||||
|
||||
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
|
||||
|
||||
- [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
|
||||
|
||||
- [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable).
|
||||
|
||||
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).
|
||||
|
@ -1102,6 +1102,7 @@
|
||||
./services/video/rtsp-simple-server.nix
|
||||
./services/video/unifi-video.nix
|
||||
./services/wayland/cage.nix
|
||||
./services/web-apps/akkoma.nix
|
||||
./services/web-apps/alps.nix
|
||||
./services/web-apps/atlassian/confluence.nix
|
||||
./services/web-apps/atlassian/crowd.nix
|
||||
|
332
nixos/modules/services/web-apps/akkoma.md
Normal file
332
nixos/modules/services/web-apps/akkoma.md
Normal file
@ -0,0 +1,332 @@
|
||||
# Akkoma {#module-services-akkoma}
|
||||
|
||||
[Akkoma](https://akkoma.dev/) is a lightweight ActivityPub microblogging server forked from Pleroma.
|
||||
|
||||
## Service configuration {#modules-services-akkoma-service-configuration}
|
||||
|
||||
The Elixir configuration file required by Akkoma is generated automatically from
|
||||
[{option}`services.akkoma.config`](options.html#opt-services.akkoma.config). Secrets must be
|
||||
included from external files outside of the Nix store by setting the configuration option to
|
||||
an attribute set containing the attribute {option}`_secret` – a string pointing to the file
|
||||
containing the actual value of the option.
|
||||
|
||||
For the mandatory configuration settings these secrets will be generated automatically if the
|
||||
referenced file does not exist during startup, unless disabled through
|
||||
[{option}`services.akkoma.initSecrets`](options.html#opt-services.akkoma.initSecrets).
|
||||
|
||||
The following configuration binds Akkoma to the Unix socket `/run/akkoma/socket`, expecting to
|
||||
be run behind a HTTP proxy on `fediverse.example.com`.
|
||||
|
||||
|
||||
```nix
|
||||
services.akkoma.enable = true;
|
||||
services.akkoma.config = {
|
||||
":pleroma" = {
|
||||
":instance" = {
|
||||
name = "My Akkoma instance";
|
||||
description = "More detailed description";
|
||||
email = "admin@example.com";
|
||||
registration_open = false;
|
||||
};
|
||||
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
url.host = "fediverse.example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
Please refer to the [configuration cheat sheet](https://docs.akkoma.dev/stable/configuration/cheatsheet/)
|
||||
for additional configuration options.
|
||||
|
||||
## User management {#modules-services-akkoma-user-management}
|
||||
|
||||
After the Akkoma service is running, the administration utility can be used to
|
||||
[manage users](https://docs.akkoma.dev/stable/administration/CLI_tasks/user/). In particular an
|
||||
administrative user can be created with
|
||||
|
||||
```ShellSession
|
||||
$ pleroma_ctl user new <nickname> <email> --admin --moderator --password <password>
|
||||
```
|
||||
|
||||
## Proxy configuration {#modules-services-akkoma-proxy-configuration}
|
||||
|
||||
Although it is possible to expose Akkoma directly, it is common practice to operate it behind an
|
||||
HTTP reverse proxy such as nginx.
|
||||
|
||||
```nix
|
||||
services.akkoma.nginx = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
clientMaxBodySize = "16m";
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
};
|
||||
```
|
||||
|
||||
Please refer to [](#module-security-acme) for details on how to provision an SSL/TLS certificate.
|
||||
|
||||
### Media proxy {#modules-services-akkoma-media-proxy}
|
||||
|
||||
Without the media proxy function, Akkoma does not store any remote media like pictures or video
|
||||
locally, and clients have to fetch them directly from the source server.
|
||||
|
||||
```nix
|
||||
# Enable nginx slice module distributed with Tengine
|
||||
services.nginx.package = pkgs.tengine;
|
||||
|
||||
# Enable media proxy
|
||||
services.akkoma.config.":pleroma".":media_proxy" = {
|
||||
enabled = true;
|
||||
proxy_opts.redirect_on_failure = true;
|
||||
};
|
||||
|
||||
# Adjust the persistent cache size as needed:
|
||||
# Assuming an average object size of 128 KiB, around 1 MiB
|
||||
# of memory is required for the key zone per GiB of cache.
|
||||
# Ensure that the cache directory exists and is writable by nginx.
|
||||
services.nginx.commonHttpConfig = ''
|
||||
proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
|
||||
levels= keys_zone=akkoma_media_cache:16m max_size=16g
|
||||
inactive=1y use_temp_path=off;
|
||||
'';
|
||||
|
||||
services.akkoma.nginx = {
|
||||
locations."/proxy" = {
|
||||
proxyPass = "http://unix:/run/akkoma/socket";
|
||||
|
||||
extraConfig = ''
|
||||
proxy_cache akkoma_media_cache;
|
||||
|
||||
# Cache objects in slices of 1 MiB
|
||||
slice 1m;
|
||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||
proxy_set_header Range $slice_range;
|
||||
|
||||
# Decouple proxy and upstream responses
|
||||
proxy_buffering on;
|
||||
proxy_cache_lock on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
# Default cache times for various responses
|
||||
proxy_cache_valid 200 1y;
|
||||
proxy_cache_valid 206 301 304 1h;
|
||||
|
||||
# Allow serving of stale items
|
||||
proxy_cache_use_stale error timeout invalid_header updating;
|
||||
'';
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
#### Prefetch remote media {#modules-services-akkoma-prefetch-remote-media}
|
||||
|
||||
The following example enables the `MediaProxyWarmingPolicy` MRF policy which automatically
|
||||
fetches all media associated with a post through the media proxy, as soon as the post is
|
||||
received by the instance.
|
||||
|
||||
```nix
|
||||
services.akkoma.config.":pleroma".":mrf".policies =
|
||||
map (pkgs.formats.elixirConf { }).lib.mkRaw [
|
||||
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
|
||||
];
|
||||
```
|
||||
|
||||
#### Media previews {#modules-services-akkoma-media-previews}
|
||||
|
||||
Akkoma can generate previews for media.
|
||||
|
||||
```nix
|
||||
services.akkoma.config.":pleroma".":media_preview_proxy" = {
|
||||
enabled = true;
|
||||
thumbnail_max_width = 1920;
|
||||
thumbnail_max_height = 1080;
|
||||
};
|
||||
```
|
||||
|
||||
## Frontend management {#modules-services-akkoma-frontend-management}
|
||||
|
||||
Akkoma will be deployed with the `pleroma-fe` and `admin-fe` frontends by default. These can be
|
||||
modified by setting
|
||||
[{option}`services.akkoma.frontends`](options.html#opt-services.akkoma.frontends).
|
||||
|
||||
The following example overrides the primary frontend’s default configuration using a custom
|
||||
derivation.
|
||||
|
||||
```nix
|
||||
services.akkoma.frontends.primary.package = pkgs.runCommand "pleroma-fe" {
|
||||
config = builtins.toJSON {
|
||||
expertLevel = 1;
|
||||
collapseMessageWithSubject = false;
|
||||
stopGifs = false;
|
||||
replyVisibility = "following";
|
||||
webPushHideIfCW = true;
|
||||
hideScopeNotice = true;
|
||||
renderMisskeyMarkdown = false;
|
||||
hideSiteFavicon = true;
|
||||
postContentType = "text/markdown";
|
||||
showNavShortcuts = false;
|
||||
};
|
||||
nativeBuildInputs = with pkgs; [ jq xorg.lndir ];
|
||||
passAsFile = [ "config" ];
|
||||
} ''
|
||||
mkdir $out
|
||||
lndir ${pkgs.akkoma-frontends.pleroma-fe} $out
|
||||
|
||||
rm $out/static/config.json
|
||||
jq -s add ${pkgs.akkoma-frontends.pleroma-fe}/static/config.json ${config} \
|
||||
>$out/static/config.json
|
||||
'';
|
||||
```
|
||||
|
||||
## Federation policies {#modules-services-akkoma-federation-policies}
|
||||
|
||||
Akkoma comes with a number of modules to police federation with other ActivityPub instances.
|
||||
The most valuable for typical users is the
|
||||
[`:mrf_simple`](https://docs.akkoma.dev/stable/configuration/cheatsheet/#mrf_simple) module
|
||||
which allows limiting federation based on instance hostnames.
|
||||
|
||||
This configuration snippet provides an example on how these can be used. Choosing an adequate
|
||||
federation policy is not trivial and entails finding a balance between connectivity to the rest
|
||||
of the fediverse and providing a pleasant experience to the users of an instance.
|
||||
|
||||
|
||||
```nix
|
||||
services.akkoma.config.":pleroma" = with (pkgs.formats.elixirConf { }).lib; {
|
||||
":mrf".policies = map mkRaw [
|
||||
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
|
||||
];
|
||||
|
||||
":mrf_simple" = {
|
||||
# Tag all media as sensitive
|
||||
media_nsfw = mkMap {
|
||||
"nsfw.weird.kinky" = "Untagged NSFW content";
|
||||
};
|
||||
|
||||
# Reject all activities except deletes
|
||||
reject = mkMap {
|
||||
"kiwifarms.cc" = "Persistent harassment of users, no moderation";
|
||||
};
|
||||
|
||||
# Force posts to be visible by followers only
|
||||
followers_only = mkMap {
|
||||
"beta.birdsite.live" = "Avoid polluting timelines with Twitter posts";
|
||||
};
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
## Upload filters {#modules-services-akkoma-upload-filters}
|
||||
|
||||
This example strips GPS and location metadata from uploads, deduplicates them and anonymises the
|
||||
the file name.
|
||||
|
||||
```nix
|
||||
services.akkoma.config.":pleroma"."Pleroma.Upload".filters =
|
||||
map (pkgs.formats.elixirConf { }).lib.mkRaw [
|
||||
"Pleroma.Upload.Filter.Exiftool"
|
||||
"Pleroma.Upload.Filter.Dedupe"
|
||||
"Pleroma.Upload.Filter.AnonymizeFilename"
|
||||
];
|
||||
```
|
||||
|
||||
## Migration from Pleroma {#modules-services-akkoma-migration-pleroma}
|
||||
|
||||
Pleroma instances can be migrated to Akkoma either by copying the database and upload data or by
|
||||
pointing Akkoma to the existing data. The necessary database migrations are run automatically
|
||||
during startup of the service.
|
||||
|
||||
The configuration has to be copy‐edited manually.
|
||||
|
||||
Depending on the size of the database, the initial migration may take a long time and exceed the
|
||||
startup timeout of the system manager. To work around this issue one may adjust the startup timeout
|
||||
{option}`systemd.services.akkoma.serviceConfig.TimeoutStartSec` or simply run the migrations
|
||||
manually:
|
||||
|
||||
```ShellSession
|
||||
pleroma_ctl migrate
|
||||
```
|
||||
|
||||
### Copying data {#modules-services-akkoma-migration-pleroma-copy}
|
||||
|
||||
Copying the Pleroma data instead of re‐using it in place may permit easier reversion to Pleroma,
|
||||
but allows the two data sets to diverge.
|
||||
|
||||
First disable Pleroma and then copy its database and upload data:
|
||||
|
||||
```ShellSession
|
||||
# Create a copy of the database
|
||||
nix-shell -p postgresql --run 'createdb -T pleroma akkoma'
|
||||
|
||||
# Copy upload data
|
||||
mkdir /var/lib/akkoma
|
||||
cp -R --reflink=auto /var/lib/pleroma/uploads /var/lib/akkoma/
|
||||
```
|
||||
|
||||
After the data has been copied, enable the Akkoma service and verify that the migration has been
|
||||
successful. If no longer required, the original data may then be deleted:
|
||||
|
||||
```ShellSession
|
||||
# Delete original database
|
||||
nix-shell -p postgresql --run 'dropdb pleroma'
|
||||
|
||||
# Delete original Pleroma state
|
||||
rm -r /var/lib/pleroma
|
||||
```
|
||||
|
||||
### Re‐using data {#modules-services-akkoma-migration-pleroma-reuse}
|
||||
|
||||
To re‐use the Pleroma data in place, disable Pleroma and enable Akkoma, pointing it to the
|
||||
Pleroma database and upload directory.
|
||||
|
||||
```nix
|
||||
# Adjust these settings according to the database name and upload directory path used by Pleroma
|
||||
services.akkoma.config.":pleroma"."Pleroma.Repo".database = "pleroma";
|
||||
services.akkoma.config.":pleroma".":instance".upload_dir = "/var/lib/pleroma/uploads";
|
||||
```
|
||||
|
||||
Please keep in mind that after the Akkoma service has been started, any migrations applied by
|
||||
Akkoma have to be rolled back before the database can be used again with Pleroma. This can be
|
||||
achieved through `pleroma_ctl ecto.rollback`. Refer to the
|
||||
[Ecto SQL documentation](https://hexdocs.pm/ecto_sql/Mix.Tasks.Ecto.Rollback.html) for
|
||||
details.
|
||||
|
||||
## Advanced deployment options {#modules-services-akkoma-advanced-deployment}
|
||||
|
||||
### Confinement {#modules-services-akkoma-confinement}
|
||||
|
||||
The Akkoma systemd service may be confined to a chroot with
|
||||
|
||||
```nix
|
||||
services.systemd.akkoma.confinement.enable = true;
|
||||
```
|
||||
|
||||
Confinement of services is not generally supported in NixOS and therefore disabled by default.
|
||||
Depending on the Akkoma configuration, the default confinement settings may be insufficient and
|
||||
lead to subtle errors at run time, requiring adjustment:
|
||||
|
||||
Use
|
||||
[{option}`services.systemd.akkoma.confinement.packages`](options.html#opt-systemd.services._name_.confinement.packages)
|
||||
to make packages available in the chroot.
|
||||
|
||||
{option}`services.systemd.akkoma.serviceConfig.BindPaths` and
|
||||
{option}`services.systemd.akkoma.serviceConfig.BindReadOnlyPaths` permit access to outside paths
|
||||
through bind mounts. Refer to
|
||||
[{manpage}`systemd.exec(5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths=)
|
||||
for details.
|
||||
|
||||
### Distributed deployment {#modules-services-akkoma-distributed-deployment}
|
||||
|
||||
Being an Elixir application, Akkoma can be deployed in a distributed fashion.
|
||||
|
||||
This requires setting
|
||||
[{option}`services.akkoma.dist.address`](options.html#opt-services.akkoma.dist.address) and
|
||||
[{option}`services.akkoma.dist.cookie`](options.html#opt-services.akkoma.dist.cookie). The
|
||||
specifics depend strongly on the deployment environment. For more information please check the
|
||||
relevant [Erlang documentation](https://www.erlang.org/doc/reference_manual/distributed.html).
|
1086
nixos/modules/services/web-apps/akkoma.nix
Normal file
1086
nixos/modules/services/web-apps/akkoma.nix
Normal file
File diff suppressed because it is too large
Load Diff
396
nixos/modules/services/web-apps/akkoma.xml
Normal file
396
nixos/modules/services/web-apps/akkoma.xml
Normal file
@ -0,0 +1,396 @@
|
||||
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-akkoma">
|
||||
<title>Akkoma</title>
|
||||
<para>
|
||||
<link xlink:href="https://akkoma.dev/">Akkoma</link> is a
|
||||
lightweight ActivityPub microblogging server forked from Pleroma.
|
||||
</para>
|
||||
<section xml:id="modules-services-akkoma-service-configuration">
|
||||
<title>Service configuration</title>
|
||||
<para>
|
||||
The Elixir configuration file required by Akkoma is generated
|
||||
automatically from
|
||||
<link xlink:href="options.html#opt-services.akkoma.config"><option>services.akkoma.config</option></link>.
|
||||
Secrets must be included from external files outside of the Nix
|
||||
store by setting the configuration option to an attribute set
|
||||
containing the attribute <option>_secret</option> – a string
|
||||
pointing to the file containing the actual value of the option.
|
||||
</para>
|
||||
<para>
|
||||
For the mandatory configuration settings these secrets will be
|
||||
generated automatically if the referenced file does not exist
|
||||
during startup, unless disabled through
|
||||
<link xlink:href="options.html#opt-services.akkoma.initSecrets"><option>services.akkoma.initSecrets</option></link>.
|
||||
</para>
|
||||
<para>
|
||||
The following configuration binds Akkoma to the Unix socket
|
||||
<literal>/run/akkoma/socket</literal>, expecting to be run behind
|
||||
a HTTP proxy on <literal>fediverse.example.com</literal>.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.enable = true;
|
||||
services.akkoma.config = {
|
||||
":pleroma" = {
|
||||
":instance" = {
|
||||
name = "My Akkoma instance";
|
||||
description = "More detailed description";
|
||||
email = "admin@example.com";
|
||||
registration_open = false;
|
||||
};
|
||||
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
url.host = "fediverse.example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
<para>
|
||||
Please refer to the
|
||||
<link xlink:href="https://docs.akkoma.dev/stable/configuration/cheatsheet/">configuration
|
||||
cheat sheet</link> for additional configuration options.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-user-management">
|
||||
<title>User management</title>
|
||||
<para>
|
||||
After the Akkoma service is running, the administration utility
|
||||
can be used to
|
||||
<link xlink:href="https://docs.akkoma.dev/stable/administration/CLI_tasks/user/">manage
|
||||
users</link>. In particular an administrative user can be created
|
||||
with
|
||||
</para>
|
||||
<programlisting>
|
||||
$ pleroma_ctl user new <nickname> <email> --admin --moderator --password <password>
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-proxy-configuration">
|
||||
<title>Proxy configuration</title>
|
||||
<para>
|
||||
Although it is possible to expose Akkoma directly, it is common
|
||||
practice to operate it behind an HTTP reverse proxy such as nginx.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.nginx = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
clientMaxBodySize = "16m";
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
};
|
||||
</programlisting>
|
||||
<para>
|
||||
Please refer to <xref linkend="module-security-acme" /> for
|
||||
details on how to provision an SSL/TLS certificate.
|
||||
</para>
|
||||
<section xml:id="modules-services-akkoma-media-proxy">
|
||||
<title>Media proxy</title>
|
||||
<para>
|
||||
Without the media proxy function, Akkoma does not store any
|
||||
remote media like pictures or video locally, and clients have to
|
||||
fetch them directly from the source server.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
# Enable nginx slice module distributed with Tengine
|
||||
services.nginx.package = pkgs.tengine;
|
||||
|
||||
# Enable media proxy
|
||||
services.akkoma.config.":pleroma".":media_proxy" = {
|
||||
enabled = true;
|
||||
proxy_opts.redirect_on_failure = true;
|
||||
};
|
||||
|
||||
# Adjust the persistent cache size as needed:
|
||||
# Assuming an average object size of 128 KiB, around 1 MiB
|
||||
# of memory is required for the key zone per GiB of cache.
|
||||
# Ensure that the cache directory exists and is writable by nginx.
|
||||
services.nginx.commonHttpConfig = ''
|
||||
proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
|
||||
levels= keys_zone=akkoma_media_cache:16m max_size=16g
|
||||
inactive=1y use_temp_path=off;
|
||||
'';
|
||||
|
||||
services.akkoma.nginx = {
|
||||
locations."/proxy" = {
|
||||
proxyPass = "http://unix:/run/akkoma/socket";
|
||||
|
||||
extraConfig = ''
|
||||
proxy_cache akkoma_media_cache;
|
||||
|
||||
# Cache objects in slices of 1 MiB
|
||||
slice 1m;
|
||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||
proxy_set_header Range $slice_range;
|
||||
|
||||
# Decouple proxy and upstream responses
|
||||
proxy_buffering on;
|
||||
proxy_cache_lock on;
|
||||
proxy_ignore_client_abort on;
|
||||
|
||||
# Default cache times for various responses
|
||||
proxy_cache_valid 200 1y;
|
||||
proxy_cache_valid 206 301 304 1h;
|
||||
|
||||
# Allow serving of stale items
|
||||
proxy_cache_use_stale error timeout invalid_header updating;
|
||||
'';
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
<section xml:id="modules-services-akkoma-prefetch-remote-media">
|
||||
<title>Prefetch remote media</title>
|
||||
<para>
|
||||
The following example enables the
|
||||
<literal>MediaProxyWarmingPolicy</literal> MRF policy which
|
||||
automatically fetches all media associated with a post through
|
||||
the media proxy, as soon as the post is received by the
|
||||
instance.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.config.":pleroma".":mrf".policies =
|
||||
map (pkgs.formats.elixirConf { }).lib.mkRaw [
|
||||
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
|
||||
];
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-media-previews">
|
||||
<title>Media previews</title>
|
||||
<para>
|
||||
Akkoma can generate previews for media.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.config.":pleroma".":media_preview_proxy" = {
|
||||
enabled = true;
|
||||
thumbnail_max_width = 1920;
|
||||
thumbnail_max_height = 1080;
|
||||
};
|
||||
</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-frontend-management">
|
||||
<title>Frontend management</title>
|
||||
<para>
|
||||
Akkoma will be deployed with the <literal>pleroma-fe</literal> and
|
||||
<literal>admin-fe</literal> frontends by default. These can be
|
||||
modified by setting
|
||||
<link xlink:href="options.html#opt-services.akkoma.frontends"><option>services.akkoma.frontends</option></link>.
|
||||
</para>
|
||||
<para>
|
||||
The following example overrides the primary frontend’s default
|
||||
configuration using a custom derivation.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.frontends.primary.package = pkgs.runCommand "pleroma-fe" {
|
||||
config = builtins.toJSON {
|
||||
expertLevel = 1;
|
||||
collapseMessageWithSubject = false;
|
||||
stopGifs = false;
|
||||
replyVisibility = "following";
|
||||
webPushHideIfCW = true;
|
||||
hideScopeNotice = true;
|
||||
renderMisskeyMarkdown = false;
|
||||
hideSiteFavicon = true;
|
||||
postContentType = "text/markdown";
|
||||
showNavShortcuts = false;
|
||||
};
|
||||
nativeBuildInputs = with pkgs; [ jq xorg.lndir ];
|
||||
passAsFile = [ "config" ];
|
||||
} ''
|
||||
mkdir $out
|
||||
lndir ${pkgs.akkoma-frontends.pleroma-fe} $out
|
||||
|
||||
rm $out/static/config.json
|
||||
jq -s add ${pkgs.akkoma-frontends.pleroma-fe}/static/config.json ${config} \
|
||||
>$out/static/config.json
|
||||
'';
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-federation-policies">
|
||||
<title>Federation policies</title>
|
||||
<para>
|
||||
Akkoma comes with a number of modules to police federation with
|
||||
other ActivityPub instances. The most valuable for typical users
|
||||
is the
|
||||
<link xlink:href="https://docs.akkoma.dev/stable/configuration/cheatsheet/#mrf_simple"><literal>:mrf_simple</literal></link>
|
||||
module which allows limiting federation based on instance
|
||||
hostnames.
|
||||
</para>
|
||||
<para>
|
||||
This configuration snippet provides an example on how these can be
|
||||
used. Choosing an adequate federation policy is not trivial and
|
||||
entails finding a balance between connectivity to the rest of the
|
||||
fediverse and providing a pleasant experience to the users of an
|
||||
instance.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.config.":pleroma" = with (pkgs.formats.elixirConf { }).lib; {
|
||||
":mrf".policies = map mkRaw [
|
||||
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
|
||||
];
|
||||
|
||||
":mrf_simple" = {
|
||||
# Tag all media as sensitive
|
||||
media_nsfw = mkMap {
|
||||
"nsfw.weird.kinky" = "Untagged NSFW content";
|
||||
};
|
||||
|
||||
# Reject all activities except deletes
|
||||
reject = mkMap {
|
||||
"kiwifarms.cc" = "Persistent harassment of users, no moderation";
|
||||
};
|
||||
|
||||
# Force posts to be visible by followers only
|
||||
followers_only = mkMap {
|
||||
"beta.birdsite.live" = "Avoid polluting timelines with Twitter posts";
|
||||
};
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-upload-filters">
|
||||
<title>Upload filters</title>
|
||||
<para>
|
||||
This example strips GPS and location metadata from uploads,
|
||||
deduplicates them and anonymises the the file name.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.akkoma.config.":pleroma"."Pleroma.Upload".filters =
|
||||
map (pkgs.formats.elixirConf { }).lib.mkRaw [
|
||||
"Pleroma.Upload.Filter.Exiftool"
|
||||
"Pleroma.Upload.Filter.Dedupe"
|
||||
"Pleroma.Upload.Filter.AnonymizeFilename"
|
||||
];
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-migration-pleroma">
|
||||
<title>Migration from Pleroma</title>
|
||||
<para>
|
||||
Pleroma instances can be migrated to Akkoma either by copying the
|
||||
database and upload data or by pointing Akkoma to the existing
|
||||
data. The necessary database migrations are run automatically
|
||||
during startup of the service.
|
||||
</para>
|
||||
<para>
|
||||
The configuration has to be copy‐edited manually.
|
||||
</para>
|
||||
<para>
|
||||
Depending on the size of the database, the initial migration may
|
||||
take a long time and exceed the startup timeout of the system
|
||||
manager. To work around this issue one may adjust the startup
|
||||
timeout
|
||||
<option>systemd.services.akkoma.serviceConfig.TimeoutStartSec</option>
|
||||
or simply run the migrations manually:
|
||||
</para>
|
||||
<programlisting>
|
||||
pleroma_ctl migrate
|
||||
</programlisting>
|
||||
<section xml:id="modules-services-akkoma-migration-pleroma-copy">
|
||||
<title>Copying data</title>
|
||||
<para>
|
||||
Copying the Pleroma data instead of re‐using it in place may
|
||||
permit easier reversion to Pleroma, but allows the two data sets
|
||||
to diverge.
|
||||
</para>
|
||||
<para>
|
||||
First disable Pleroma and then copy its database and upload
|
||||
data:
|
||||
</para>
|
||||
<programlisting>
|
||||
# Create a copy of the database
|
||||
nix-shell -p postgresql --run 'createdb -T pleroma akkoma'
|
||||
|
||||
# Copy upload data
|
||||
mkdir /var/lib/akkoma
|
||||
cp -R --reflink=auto /var/lib/pleroma/uploads /var/lib/akkoma/
|
||||
</programlisting>
|
||||
<para>
|
||||
After the data has been copied, enable the Akkoma service and
|
||||
verify that the migration has been successful. If no longer
|
||||
required, the original data may then be deleted:
|
||||
</para>
|
||||
<programlisting>
|
||||
# Delete original database
|
||||
nix-shell -p postgresql --run 'dropdb pleroma'
|
||||
|
||||
# Delete original Pleroma state
|
||||
rm -r /var/lib/pleroma
|
||||
</programlisting>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-migration-pleroma-reuse">
|
||||
<title>Re‐using data</title>
|
||||
<para>
|
||||
To re‐use the Pleroma data in place, disable Pleroma and enable
|
||||
Akkoma, pointing it to the Pleroma database and upload
|
||||
directory.
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
# Adjust these settings according to the database name and upload directory path used by Pleroma
|
||||
services.akkoma.config.":pleroma"."Pleroma.Repo".database = "pleroma";
|
||||
services.akkoma.config.":pleroma".":instance".upload_dir = "/var/lib/pleroma/uploads";
|
||||
</programlisting>
|
||||
<para>
|
||||
Please keep in mind that after the Akkoma service has been
|
||||
started, any migrations applied by Akkoma have to be rolled back
|
||||
before the database can be used again with Pleroma. This can be
|
||||
achieved through <literal>pleroma_ctl ecto.rollback</literal>.
|
||||
Refer to the
|
||||
<link xlink:href="https://hexdocs.pm/ecto_sql/Mix.Tasks.Ecto.Rollback.html">Ecto
|
||||
SQL documentation</link> for details.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-advanced-deployment">
|
||||
<title>Advanced deployment options</title>
|
||||
<section xml:id="modules-services-akkoma-confinement">
|
||||
<title>Confinement</title>
|
||||
<para>
|
||||
The Akkoma systemd service may be confined to a chroot with
|
||||
</para>
|
||||
<programlisting language="nix">
|
||||
services.systemd.akkoma.confinement.enable = true;
|
||||
</programlisting>
|
||||
<para>
|
||||
Confinement of services is not generally supported in NixOS and
|
||||
therefore disabled by default. Depending on the Akkoma
|
||||
configuration, the default confinement settings may be
|
||||
insufficient and lead to subtle errors at run time, requiring
|
||||
adjustment:
|
||||
</para>
|
||||
<para>
|
||||
Use
|
||||
<link xlink:href="options.html#opt-systemd.services._name_.confinement.packages"><option>services.systemd.akkoma.confinement.packages</option></link>
|
||||
to make packages available in the chroot.
|
||||
</para>
|
||||
<para>
|
||||
<option>services.systemd.akkoma.serviceConfig.BindPaths</option>
|
||||
and
|
||||
<option>services.systemd.akkoma.serviceConfig.BindReadOnlyPaths</option>
|
||||
permit access to outside paths through bind mounts. Refer to
|
||||
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths="><link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html"><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></link></link>
|
||||
for details.
|
||||
</para>
|
||||
</section>
|
||||
<section xml:id="modules-services-akkoma-distributed-deployment">
|
||||
<title>Distributed deployment</title>
|
||||
<para>
|
||||
Being an Elixir application, Akkoma can be deployed in a
|
||||
distributed fashion.
|
||||
</para>
|
||||
<para>
|
||||
This requires setting
|
||||
<link xlink:href="options.html#opt-services.akkoma.dist.address"><option>services.akkoma.dist.address</option></link>
|
||||
and
|
||||
<link xlink:href="options.html#opt-services.akkoma.dist.cookie"><option>services.akkoma.dist.cookie</option></link>.
|
||||
The specifics depend strongly on the deployment environment. For
|
||||
more information please check the relevant
|
||||
<link xlink:href="https://www.erlang.org/doc/reference_manual/distributed.html">Erlang
|
||||
documentation</link>.
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
</chapter>
|
121
nixos/tests/akkoma.nix
Normal file
121
nixos/tests/akkoma.nix
Normal file
@ -0,0 +1,121 @@
|
||||
/*
|
||||
End-to-end test for Akkoma.
|
||||
|
||||
Based in part on nixos/tests/pleroma.
|
||||
|
||||
TODO: Test federation.
|
||||
*/
|
||||
import ./make-test-python.nix ({ pkgs, package ? pkgs.akkoma, confined ? false, ... }:
|
||||
let
|
||||
userPassword = "4LKOrGo8SgbPm1a6NclVU5Wb";
|
||||
|
||||
provisionUser = pkgs.writers.writeBashBin "provisionUser" ''
|
||||
set -eu -o errtrace -o pipefail
|
||||
|
||||
pleroma_ctl user new jamy jamy@nixos.test --password '${userPassword}' --moderator --admin -y
|
||||
'';
|
||||
|
||||
tlsCert = pkgs.runCommand "selfSignedCerts" {
|
||||
nativeBuildInputs = with pkgs; [ openssl ];
|
||||
} ''
|
||||
mkdir -p $out
|
||||
openssl req -x509 \
|
||||
-subj '/CN=akkoma.nixos.test/' -days 49710 \
|
||||
-addext 'subjectAltName = DNS:akkoma.nixos.test' \
|
||||
-keyout "$out/key.pem" -newkey ed25519 \
|
||||
-out "$out/cert.pem" -noenc
|
||||
'';
|
||||
|
||||
sendToot = pkgs.writers.writeBashBin "sendToot" ''
|
||||
set -eu -o errtrace -o pipefail
|
||||
|
||||
export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
|
||||
|
||||
echo '${userPassword}' | ${pkgs.toot}/bin/toot login_cli -i "akkoma.nixos.test" -e "jamy@nixos.test"
|
||||
echo "y" | ${pkgs.toot}/bin/toot post "hello world Jamy here"
|
||||
echo "y" | ${pkgs.toot}/bin/toot timeline | grep -F -q "hello world Jamy here"
|
||||
|
||||
# Test file upload
|
||||
echo "y" | ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) \
|
||||
| grep -F -q "https://akkoma.nixos.test/media"
|
||||
'';
|
||||
|
||||
checkFe = pkgs.writers.writeBashBin "checkFe" ''
|
||||
set -eu -o errtrace -o pipefail
|
||||
|
||||
paths=( / /static/{config,styles}.json /pleroma/admin/ )
|
||||
|
||||
for path in "''${paths[@]}"; do
|
||||
diff \
|
||||
<(${pkgs.curl}/bin/curl -f -S -s -o /dev/null -w '%{response_code}' "https://akkoma.nixos.test$path") \
|
||||
<(echo -n 200)
|
||||
done
|
||||
'';
|
||||
|
||||
hosts = nodes: ''
|
||||
${nodes.akkoma.networking.primaryIPAddress} akkoma.nixos.test
|
||||
${nodes.client.networking.primaryIPAddress} client.nixos.test
|
||||
'';
|
||||
in
|
||||
{
|
||||
name = "akkoma";
|
||||
nodes = {
|
||||
client = { nodes, pkgs, config, ... }: {
|
||||
security.pki.certificateFiles = [ "${tlsCert}/cert.pem" ];
|
||||
networking.extraHosts = hosts nodes;
|
||||
};
|
||||
|
||||
akkoma = { nodes, pkgs, config, ... }: {
|
||||
networking.extraHosts = hosts nodes;
|
||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||
environment.systemPackages = with pkgs; [ provisionUser ];
|
||||
systemd.services.akkoma.confinement.enable = confined;
|
||||
|
||||
services.akkoma = {
|
||||
enable = true;
|
||||
package = package;
|
||||
config = {
|
||||
":pleroma" = {
|
||||
":instance" = {
|
||||
name = "NixOS test Akkoma server";
|
||||
description = "NixOS test Akkoma server";
|
||||
email = "akkoma@nixos.test";
|
||||
notify_email = "akkoma@nixos.test";
|
||||
registration_open = true;
|
||||
};
|
||||
|
||||
":media_proxy" = {
|
||||
enabled = false;
|
||||
};
|
||||
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
url.host = "akkoma.nixos.test";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
addSSL = true;
|
||||
sslCertificate = "${tlsCert}/cert.pem";
|
||||
sslCertificateKey = "${tlsCert}/key.pem";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
services.postgresql.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
start_all()
|
||||
akkoma.wait_for_unit('akkoma-initdb.service')
|
||||
akkoma.systemctl('restart akkoma-initdb.service') # test repeated initialisation
|
||||
akkoma.wait_for_unit('akkoma.service')
|
||||
akkoma.wait_for_file('/run/akkoma/socket');
|
||||
akkoma.succeed('${provisionUser}/bin/provisionUser')
|
||||
akkoma.wait_for_unit('nginx.service')
|
||||
client.succeed('${sendToot}/bin/sendToot')
|
||||
client.succeed('${checkFe}/bin/checkFe')
|
||||
'';
|
||||
})
|
||||
|
@ -73,6 +73,8 @@ in {
|
||||
agate = runTest ./web-servers/agate.nix;
|
||||
agda = handleTest ./agda.nix {};
|
||||
airsonic = handleTest ./airsonic.nix {};
|
||||
akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {};
|
||||
akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; };
|
||||
allTerminfo = handleTest ./all-terminfo.nix {};
|
||||
alps = handleTest ./alps.nix {};
|
||||
amazon-init-shell = handleTest ./amazon-init-shell.nix {};
|
||||
|
84
pkgs/servers/akkoma/admin-fe/default.nix
Normal file
84
pkgs/servers/akkoma/admin-fe/default.nix
Normal file
@ -0,0 +1,84 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitea, fetchYarnDeps
|
||||
, fixup_yarn_lock, yarn, nodejs
|
||||
, python3, pkg-config, libsass
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "admin-fe";
|
||||
version = "unstable-2022-09-10";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "admin-fe";
|
||||
rev = "e094e12c3ecb540df839fdf20c5a03d10454fcad";
|
||||
hash = "sha256-dqkW8p4x+5z1Hd8gp8V4+DsLm8EspVwPXDxtvlp1AIk=";
|
||||
};
|
||||
|
||||
patches = [ ./deps.patch ];
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = ./yarn.lock;
|
||||
hash = "sha256-h+QUBT2VwPWu2l05Zkcp+0vHN/x40uXxw2KYjq7l/Xk=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
fixup_yarn_lock
|
||||
yarn
|
||||
nodejs
|
||||
pkg-config
|
||||
python3
|
||||
libsass
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
cp ${./yarn.lock} yarn.lock
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
|
||||
export HOME="$(mktemp -d)"
|
||||
|
||||
yarn config --offline set yarn-offline-mirror ${lib.escapeShellArg offlineCache}
|
||||
fixup_yarn_lock yarn.lock
|
||||
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
patchShebangs node_modules/cross-env
|
||||
|
||||
mkdir -p "$HOME/.node-gyp/${nodejs.version}"
|
||||
echo 9 >"$HOME/.node-gyp/${nodejs.version}/installVersion"
|
||||
ln -sfv "${nodejs}/include" "$HOME/.node-gyp/${nodejs.version}"
|
||||
export npm_config_nodedir=${nodejs}
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
pushd node_modules/node-sass
|
||||
LIBSASS_EXT=auto yarn run build --offline
|
||||
popd
|
||||
|
||||
export NODE_OPTIONS="--openssl-legacy-provider"
|
||||
yarn run build:prod --offline
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
cp -R -v dist $out
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Admin interface for Akkoma";
|
||||
homepage = "https://akkoma.dev/AkkomaGang/akkoma-fe/";
|
||||
license = licenses.agpl3;
|
||||
maintainers = with maintainers; [ mvs ];
|
||||
};
|
||||
}
|
46
pkgs/servers/akkoma/admin-fe/deps.patch
Normal file
46
pkgs/servers/akkoma/admin-fe/deps.patch
Normal file
@ -0,0 +1,46 @@
|
||||
diff --git a/package.json b/package.json
|
||||
index f267be19..fb806527 100644
|
||||
--- a/package.json
|
||||
+++ b/package.json
|
||||
@@ -31,14 +31,12 @@
|
||||
"type": "git",
|
||||
"url": "git+https://akkoma.dev/AkkomaGang/admin-fe.git"
|
||||
},
|
||||
- "resolutions": {
|
||||
- "prosemirror-model": "1.9.1"
|
||||
- },
|
||||
"bugs": {
|
||||
"url": "https://akkoma.dev/AkkomaGang/admin-fe/-/issues"
|
||||
},
|
||||
"dependencies": {
|
||||
"@babel/runtime": "^7.3.4",
|
||||
+ "@toast-ui/editor": "^3.2.0",
|
||||
"axios": "0.18.0",
|
||||
"clipboard": "1.7.1",
|
||||
"codemirror": "5.39.2",
|
||||
@@ -65,7 +63,6 @@
|
||||
"sortablejs": "1.7.0",
|
||||
"tiptap": "^1.29.6",
|
||||
"tiptap-extensions": "^1.32.7",
|
||||
- "tui-editor": "1.2.7",
|
||||
"vue": "^2.6.8",
|
||||
"vue-count-to": "1.0.13",
|
||||
"vue-i18n": "^8.9.0",
|
||||
diff --git a/src/components/element-ui/MarkdownEditor/index.vue b/src/components/element-ui/MarkdownEditor/index.vue
|
||||
index 7ae9fd40..18114701 100644
|
||||
--- a/src/components/element-ui/MarkdownEditor/index.vue
|
||||
+++ b/src/components/element-ui/MarkdownEditor/index.vue
|
||||
@@ -5,10 +5,10 @@
|
||||
<script>
|
||||
// deps for editor
|
||||
import 'codemirror/lib/codemirror.css' // codemirror
|
||||
-import 'tui-editor/dist/tui-editor.css' // editor ui
|
||||
-import 'tui-editor/dist/tui-editor-contents.css' // editor content
|
||||
+import '@toast-ui/editor/dist/tui-editor.css' // editor ui
|
||||
+import '@toast-ui/editor/dist/tui-editor-contents.css' // editor content
|
||||
|
||||
-import Editor from 'tui-editor'
|
||||
+import Editor from '@toast-ui/editor'
|
||||
import defaultOptions from './defaultOptions'
|
||||
|
||||
export default {
|
12493
pkgs/servers/akkoma/admin-fe/yarn.lock
Normal file
12493
pkgs/servers/akkoma/admin-fe/yarn.lock
Normal file
File diff suppressed because it is too large
Load Diff
216
pkgs/servers/akkoma/default.nix
Normal file
216
pkgs/servers/akkoma/default.nix
Normal file
@ -0,0 +1,216 @@
|
||||
{ lib
|
||||
, beamPackages
|
||||
, fetchFromGitea, fetchFromGitHub, fetchFromGitLab
|
||||
, cmake, file, libxcrypt
|
||||
, writeText
|
||||
, nixosTests
|
||||
, ...
|
||||
}:
|
||||
|
||||
beamPackages.mixRelease rec {
|
||||
pname = "pleroma";
|
||||
version = "3.5.0";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "akkoma";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Apt+6nI4zOCyRb5msPt5UF9vyaendyaOjrYBMl0DqRY=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
# Remove dependency on OS_Mon
|
||||
sed -E -i 's/(^|\s):os_mon,//' \
|
||||
mix.exs
|
||||
'';
|
||||
|
||||
postBuild = ''
|
||||
# Digest and compress static files
|
||||
rm -f priv/static/READ_THIS_BEFORE_TOUCHING_FILES_HERE
|
||||
mix phx.digest --no-deps-check
|
||||
'';
|
||||
|
||||
# cf. https://github.com/whitfin/cachex/issues/205
|
||||
stripDebug = false;
|
||||
|
||||
mixNixDeps = import ./mix.nix {
|
||||
inherit beamPackages lib;
|
||||
overrides = (final: prev: {
|
||||
# mix2nix does not support git dependencies yet,
|
||||
# so we need to add them manually
|
||||
captcha = beamPackages.buildMix rec {
|
||||
name = "captcha";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "git.pleroma.social";
|
||||
group = "pleroma";
|
||||
owner = "elixir-libraries";
|
||||
repo = "elixir-captcha";
|
||||
rev = "e0f16822d578866e186a0974d65ad58cddc1e2ab";
|
||||
sha256 = "0qbf86l59kmpf1nd82v4141ba9ba75xwmnqzpgbm23fa1hh8pi9c";
|
||||
};
|
||||
};
|
||||
crypt = beamPackages.buildRebar3 rec {
|
||||
name = "crypt";
|
||||
version = "0.4.3";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "msantos";
|
||||
repo = "crypt";
|
||||
rev = "f75cd55325e33cbea198fb41fe41871392f8fb76";
|
||||
sha256 = "sha256-ZYhZTe7cTITkl8DZ4z2IOlxTX5gnbJImu/lVJ2ZjR1o=";
|
||||
};
|
||||
|
||||
buildInputs = [ libxcrypt ];
|
||||
|
||||
postInstall = ''
|
||||
mv $out/lib/erlang/lib/crypt-${version}/priv/{source,crypt}.so
|
||||
'';
|
||||
|
||||
beamDeps = with final; [ elixir_make ];
|
||||
};
|
||||
elasticsearch = beamPackages.buildMix rec {
|
||||
name = "elasticsearch";
|
||||
version = "1.0.1";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "elasticsearch-elixir";
|
||||
rev = "6cd946f75f6ab9042521a009d1d32d29a90113ca";
|
||||
hash = "sha256-CtmQHVl+VTpemne+nxbkYGcErrgCo+t3ZBPbkFSpyF0=";
|
||||
};
|
||||
};
|
||||
gettext = beamPackages.buildMix {
|
||||
name = "gettext";
|
||||
version = "0.19.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "tusooa";
|
||||
repo = "gettext";
|
||||
rev = "72fb2496b6c5280ed911bdc3756890e7f38a4808";
|
||||
hash = "sha256-V0qmE+LcAbVoWsJmWE4fwrduYFIZ5BzK/sGzgLY3eH0=";
|
||||
};
|
||||
};
|
||||
linkify = beamPackages.buildMix rec {
|
||||
name = "linkify";
|
||||
version = "0.5.2";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "linkify";
|
||||
rev = "2567e2c1073fa371fd26fd66dfa5bc77b6919c16";
|
||||
hash = "sha256-e3wzlbRuyw/UB5Tb7IozX/WR1T+sIBf9C/o5Thki9vg=";
|
||||
};
|
||||
};
|
||||
mfm_parser = beamPackages.buildMix rec {
|
||||
name = "mfm_parser";
|
||||
version = "0.1.1";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "mfm-parser";
|
||||
rev = "912fba81152d4d572e457fd5427f9875b2bc3dbe";
|
||||
hash = "sha256-n3WmERxKK8VM8jFIBAPS6GkbT7/zjqi3AjjWbjOdMzs=";
|
||||
};
|
||||
|
||||
beamDeps = with final; [ phoenix_view temple ];
|
||||
};
|
||||
remote_ip = beamPackages.buildMix rec {
|
||||
name = "remote_ip";
|
||||
version = "0.1.5";
|
||||
|
||||
src = fetchFromGitLab {
|
||||
domain = "git.pleroma.social";
|
||||
group = "pleroma";
|
||||
owner = "elixir-libraries";
|
||||
repo = "remote_ip";
|
||||
rev = "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8";
|
||||
sha256 = "0c7vmakcxlcs3j040018i7bfd6z0yq6fjfig02g5fgakx398s0x6";
|
||||
};
|
||||
beamDeps = with final; [ combine plug inet_cidr ];
|
||||
};
|
||||
search_parser = beamPackages.buildMix rec {
|
||||
name = "search_parser";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "FloatingGhost";
|
||||
repo = "pleroma-contrib-search-parser";
|
||||
rev = "08971a81e68686f9ac465cfb6661d51c5e4e1e7f";
|
||||
hash = "sha256-sbo9Kcp2oT05o2GAF+IgziLPYmCkWgBfFMBCytmqg3Y=";
|
||||
};
|
||||
|
||||
beamDeps = with final; [ nimble_parsec ];
|
||||
};
|
||||
temple = beamPackages.buildMix rec {
|
||||
name = "temple";
|
||||
version = "0.9.0-rc.0";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "temple";
|
||||
rev = "066a699ade472d8fa42a9d730b29a61af9bc8b59";
|
||||
hash = "sha256-qA0z8WTMjO2OixcZBARn/LbuV3s3LGtwZ9nSjj/tWBc=";
|
||||
};
|
||||
|
||||
mixEnv = "dev";
|
||||
beamDeps = with final; [ earmark_parser ex_doc makeup makeup_elixir makeup_erlang nimble_parsec ];
|
||||
};
|
||||
|
||||
|
||||
# Some additional build inputs and build fixes
|
||||
fast_html = prev.fast_html.override {
|
||||
nativeBuildInputs = [ cmake ];
|
||||
dontUseCmakeConfigure = true;
|
||||
};
|
||||
http_signatures = prev.http_signatures.override {
|
||||
patchPhase = ''
|
||||
substituteInPlace mix.exs --replace ":logger" ":logger, :public_key"
|
||||
'';
|
||||
};
|
||||
majic = prev.majic.override {
|
||||
buildInputs = [ file ];
|
||||
};
|
||||
syslog = prev.syslog.override {
|
||||
buildPlugins = with beamPackages; [ pc ];
|
||||
};
|
||||
|
||||
mime = prev.mime.override {
|
||||
patchPhase = let
|
||||
cfgFile = writeText "config.exs" ''
|
||||
use Mix.Config
|
||||
config :mime, :types, %{
|
||||
"application/activity+json" => ["activity+json"],
|
||||
"application/jrd+json" => ["jrd+json"],
|
||||
"application/ld+json" => ["activity+json"],
|
||||
"application/xml" => ["xml"],
|
||||
"application/xrd+xml" => ["xrd+xml"]
|
||||
}
|
||||
'';
|
||||
in ''
|
||||
mkdir config
|
||||
cp ${cfgFile} config/config.exs
|
||||
'';
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
passthru = {
|
||||
tests = with nixosTests; { inherit akkoma akkoma-confined; };
|
||||
inherit mixNixDeps;
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "ActivityPub microblogging server";
|
||||
homepage = "https://akkoma.social";
|
||||
license = licenses.agpl3;
|
||||
maintainers = with maintainers; [ mvs ];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
20
pkgs/servers/akkoma/emoji/blobs_gg.nix
Normal file
20
pkgs/servers/akkoma/emoji/blobs_gg.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ lib, fetchzip }:
|
||||
|
||||
let
|
||||
rev = "e764ba00b9c34524e3ff3ffd19a44fa2a5c296a5";
|
||||
in fetchzip {
|
||||
pname = "blobs.gg";
|
||||
version = "unstable-2019-07-24";
|
||||
|
||||
url = "https://git.pleroma.social/pleroma/emoji-index/-/raw/${rev}/packs/blobs_gg.zip";
|
||||
hash = "sha256-dnOwW93xTyJKRnYgvPgsqZHNWod4y80aNhBSVKNk6do=";
|
||||
|
||||
stripRoot = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Blob emoji from blobs.gg repacked as APNG";
|
||||
homepage = "https://blobs.gg";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ mvs ];
|
||||
};
|
||||
}
|
1494
pkgs/servers/akkoma/mix.nix
Normal file
1494
pkgs/servers/akkoma/mix.nix
Normal file
File diff suppressed because it is too large
Load Diff
82
pkgs/servers/akkoma/pleroma-fe/default.nix
Normal file
82
pkgs/servers/akkoma/pleroma-fe/default.nix
Normal file
@ -0,0 +1,82 @@
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchFromGitea, fetchYarnDeps
|
||||
, fixup_yarn_lock, yarn, nodejs
|
||||
, jpegoptim, oxipng, nodePackages
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "pleroma-fe";
|
||||
version = "unstable-2022-12-10";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "akkoma.dev";
|
||||
owner = "AkkomaGang";
|
||||
repo = "pleroma-fe";
|
||||
rev = "9c9b4cc07c018a21c8261dd7680a97aa3a670756";
|
||||
hash = "sha256-jYJcG2Q5kxOH29G5WV/6Cx7a+b7FuFROEn/8ruh7cDc=";
|
||||
};
|
||||
|
||||
offlineCache = fetchYarnDeps {
|
||||
yarnLock = src + "/yarn.lock";
|
||||
hash = "sha256-pz6NHBYZRi+Rwx6H74895vFWGLSivI7Ul8XV6wMbgJg=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
fixup_yarn_lock
|
||||
yarn
|
||||
nodejs
|
||||
jpegoptim
|
||||
oxipng
|
||||
nodePackages.svgo
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
# Build scripts assume to be used within a Git repository checkout
|
||||
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
|
||||
build/webpack.prod.conf.js
|
||||
'';
|
||||
|
||||
configurePhase = ''
|
||||
runHook preConfigure
|
||||
|
||||
export HOME="$(mktemp -d)"
|
||||
|
||||
yarn config --offline set yarn-offline-mirror ${lib.escapeShellArg offlineCache}
|
||||
fixup_yarn_lock yarn.lock
|
||||
|
||||
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
|
||||
|
||||
runHook postConfigure
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
export NODE_ENV="production"
|
||||
export NODE_OPTIONS="--openssl-legacy-provider"
|
||||
yarn run build --offline
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
# (Losslessly) optimise compression of image artifacts
|
||||
find dist -type f -name '*.jpg' -execdir ${jpegoptim}/bin/jpegoptim -w$NIX_BUILD_CORES {} \;
|
||||
find dist -type f -name '*.png' -execdir ${oxipng}/bin/oxipng -o max -t $NIX_BUILD_CORES {} \;
|
||||
find dist -type f -name '*.svg' -execdir ${nodePackages.svgo}/bin/svgo {} \;
|
||||
|
||||
cp -R -v dist $out
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Frontend for Akkoma and Pleroma";
|
||||
homepage = "https://akkoma.dev/AkkomaGang/pleroma-fe/";
|
||||
license = licenses.agpl3;
|
||||
maintainers = with maintainers; [ mvs ];
|
||||
};
|
||||
}
|
@ -1194,6 +1194,15 @@ with pkgs;
|
||||
|
||||
adminer = callPackage ../servers/adminer { };
|
||||
|
||||
akkoma = callPackage ../servers/akkoma { };
|
||||
akkoma-frontends = recurseIntoAttrs {
|
||||
pleroma-fe = callPackage ../servers/akkoma/pleroma-fe { };
|
||||
admin-fe = callPackage ../servers/akkoma/admin-fe { };
|
||||
};
|
||||
akkoma-emoji = recurseIntoAttrs {
|
||||
blobs_gg = callPackage ../servers/akkoma/emoji/blobs_gg.nix { };
|
||||
};
|
||||
|
||||
advancecomp = callPackage ../tools/compression/advancecomp {};
|
||||
|
||||
aefs = callPackage ../tools/filesystems/aefs { };
|
||||
|
Loading…
Reference in New Issue
Block a user