systems/x86_64-linux/marvin/services/iceshrimp.nix at ec64701c852fef17653bcc1034443dab720a0cd0 · pyrox.dev/nix

pyrox.dev / nix
My Nix Configuration
nix / systems / x86_64-linux / marvin / services / iceshrimp.nix
at ec64701c852fef17653bcc1034443dab720a0cd0 2.6 kB view raw
 1{
 2  config,
 3  inputs,
 4  pkgs,
 5  lib,
 6  ...
 7}:
 8let
 9
10  d = lib.py.data.services.iceshrimp;
11
12  package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs rec {
13    version = "2023.12.8-pyrox1";
14    src = pkgs.fetchgit {
15      url = "https://iceshrimp.dev/pyrox/iceshrimp";
16      hash = "sha256-hxZ3rVVAiAMFAYhZ2o+WhlMuhjbt5EyHKOl1VyyL5RA=";
17      rev = "v${version}";
18      fetchLFS = true;
19      deepClone = false;
20    };
21    patches = [ ];
22  };
23in
24{
25  services.iceshrimp = {
26    inherit package;
27    enable = false;
28    secretConfig = config.age.secrets.iceshrimp-secret-config.path;
29    dbPasswordFile = config.age.secrets.iceshrimp-db-password.path;
30    createDb = true;
31    configureNginx.enable = false;
32    settings = {
33      inherit (d) port;
34      url = "https://${d.extUrl}";
35      accountDomain = "pyrox.dev";
36      redis.port = 6997;
37      maxNoteLength = 16384;
38      maxCaptionLength = 8192;
39      clusterLimit = 4;
40      deliverJobConcurrency = 192;
41      inboxJobConcurrency = 32;
42      deliverJobPerSec = 256;
43      inboxJobPerSec = 32;
44      outgoingAddressFamily = "dual";
45      # See the withdrawal patches for obliterate info
46      enableObliterate = true;
47      obliterateJobPerSec = 16;
48      obliterateJobMaxAttempts = 3;
49      mediaCleanup = {
50        cron = true;
51        maxAgeDays = 30;
52        cleanAvatars = true;
53        cleanHeaders = true;
54      };
55      htmlCache = {
56        ttl = "6h";
57        prewarm = true;
58        dbFallback = true;
59      };
60      wordMuteCache.ttl = "24h";
61      isManagedHosting = true;
62      email = {
63        managed = true;
64        address = "social@pyrox.dev";
65        host = "mail.pyrox.dev";
66        port = 465;
67        user = "social@pyrox.dev";
68        useImplicitSslTls = true;
69      };
70      objectStorage = {
71        managed = true;
72        baseUrl = "https://pool.jortage.com/socialpyroxdev";
73        bucket = "socialpyroxdev";
74        prefix = "mkmedia";
75        endpoint = "pool-api.jortage.com";
76        region = "jort";
77        useSsl = true;
78        connnectOverProxy = false;
79        setPublicReadOnUpload = false;
80        s3ForcePathStyle = true;
81      };
82    };
83  };
84  age.secrets = lib.mkIf config.services.iceshrimp.enable {
85    iceshrimp-secret-config = {
86      inherit (config.services.iceshrimp) group;
87      file = ./secrets/iceshrimp-secret-config.age;
88      owner = config.services.iceshrimp.user;
89    };
90    iceshrimp-db-password = {
91      file = ./secrets/iceshrimp-db-password.age;
92      owner = "postgres";
93      group = "postgres";
94    };
95  };
96}