1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
config,
inputs,
pkgs,
...
}: let
domain = "lothlorien.social";
akkomaPort = 4000;
conduitPort = 6167;
in {
sops.secrets.rootPwd.neededForUsers = true;
roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
networking.firewall.allowedTCPPorts = [akkomaPort conduitPort];
services.postgresql = {
package = pkgs.postgresql_16;
enable = true;
ensureDatabases = ["akkoma"];
ensureUsers = [
{
name = "akkoma";
ensureDBOwnership = true;
}
];
};
services.akkoma = {
enable = true;
user = "akkoma";
group = "akkoma";
config = {
":pleroma" = {
":instance" = {
description = "Personal instance";
email = "jonni@liljamo.com"; # FIXME: maybe abuse@lothlorien.social?
name = "Lothlórien";
registrations_open = false;
};
"Pleroma.Repo" = {
adapter = (pkgs.formats.elixirConf {}).lib.mkRaw "Ecto.Adapters.Postgres";
socket_dir = "/run/postgresql";
username = config.services.akkoma.user;
database = "akkoma";
};
# FIXME: different subdomain as recommended.
"Pleroma.Upload".base_url = "https://lothlorien.social/media/";
"Pleroma.Web.Endpoint".http.ip = "0.0.0.0";
"Pleroma.Web.Endpoint".http.port = akkomaPort;
"Pleroma.Web.Endpoint".url.host = domain;
"Pleroma.Web.Endpoint".url.port = 443;
};
};
};
services.matrix-conduit = {
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.conduwuit;
enable = true;
# https://github.com/girlbossceo/conduwuit/blob/main/conduwuit-example.toml
settings.global = {
address = "0.0.0.0";
allow_check_for_updates = true;
allow_encryption = true;
allow_federation = true;
allow_registration = false;
database_backend = "rocksdb";
max_request_size = 512000000;
new_user_displayname_suffix = "";
port = conduitPort;
server_name = domain;
trusted_servers = ["matrix.org"];
};
};
system.stateVersion = "24.05";
}