hosts/marvin/services/iceshrimp.nix at dc503dfb275f70603f9d184eab6f231a54afcac6 · pyrox.dev/nix

pyrox.dev / nix
My Nix Configuration
nix / hosts / marvin / services / iceshrimp.nix
at dc503dfb275f70603f9d184eab6f231a54afcac6 2.6 kB view raw
 1{
 2  config,
 3  inputs,
 4  pkgs,
 5  lib,
 6  self,
 7  ...
 8}:
 9let
10
11  d = self.lib.data.services.iceshrimp;
12
13  package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec {
14    version = "2023.12.8-pyrox1";
15    src = pkgs.fetchgit {
16      url = "https://iceshrimp.dev/pyrox/iceshrimp";
17      hash = "sha256-hxZ3rVVAiAMFAYhZ2o+WhlMuhjbt5EyHKOl1VyyL5RA=";
18      rev = "v${version}";
19      fetchLFS = true;
20      deepClone = false;
21    };
22    patches = [ ];
23  };
24in
25{
26  services.iceshrimp = {
27    inherit package;
28    enable = false;
29    secretConfig = config.age.secrets.iceshrimp-secret-config.path;
30    dbPasswordFile = config.age.secrets.iceshrimp-db-password.path;
31    createDb = true;
32    configureNginx.enable = false;
33    settings = {
34      inherit (d) port;
35      url = "https://${d.extUrl}";
36      accountDomain = "pyrox.dev";
37      redis.port = 6997;
38      maxNoteLength = 16384;
39      maxCaptionLength = 8192;
40      clusterLimit = 4;
41      deliverJobConcurrency = 192;
42      inboxJobConcurrency = 32;
43      deliverJobPerSec = 256;
44      inboxJobPerSec = 32;
45      outgoingAddressFamily = "dual";
46      # See the withdrawal patches for obliterate info
47      enableObliterate = true;
48      obliterateJobPerSec = 16;
49      obliterateJobMaxAttempts = 3;
50      mediaCleanup = {
51        cron = true;
52        maxAgeDays = 30;
53        cleanAvatars = true;
54        cleanHeaders = true;
55      };
56      htmlCache = {
57        ttl = "6h";
58        prewarm = true;
59        dbFallback = true;
60      };
61      wordMuteCache.ttl = "24h";
62      isManagedHosting = true;
63      email = {
64        managed = true;
65        address = "social@pyrox.dev";
66        host = "mail.pyrox.dev";
67        port = 465;
68        user = "social@pyrox.dev";
69        useImplicitSslTls = true;
70      };
71      objectStorage = {
72        managed = true;
73        baseUrl = "https://pool.jortage.com/socialpyroxdev";
74        bucket = "socialpyroxdev";
75        prefix = "mkmedia";
76        endpoint = "pool-api.jortage.com";
77        region = "jort";
78        useSsl = true;
79        connnectOverProxy = false;
80        setPublicReadOnUpload = false;
81        s3ForcePathStyle = true;
82      };
83    };
84  };
85  age.secrets = lib.mkIf config.services.iceshrimp.enable {
86    iceshrimp-secret-config = {
87      inherit (config.services.iceshrimp) group;
88      file = ./secrets/iceshrimp-secret-config.age;
89      owner = config.services.iceshrimp.user;
90    };
91    iceshrimp-db-password = {
92      file = ./secrets/iceshrimp-db-password.age;
93      owner = "postgres";
94      group = "postgres";
95    };
96  };
97}