nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-02 07:31:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #192285 from illdefined/akkoma

Browse Source 
akkoma: init at 3.5.0
This commit is contained in:
K900 2022-12-27 22:30:10 +03:00 committed by GitHub
commit e59753591b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 16391 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
View File

@ -23,6 +23,13 @@
<section xml:id="sec-release-23.05-new-services">
<title>New Services</title>
<itemizedlist>
<listitem>
<para>
<link xlink:href="https://akkoma.social">Akkoma</link>, an
ActivityPub microblogging server. Available as
<link xlink:href="options.html#opt-services.akkoma.enable">services.akkoma</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/akinomyoga/ble.sh">blesh</link>,

2
nixos/doc/manual/release-notes/rl-2305.section.md
View File

@ -14,6 +14,8 @@ In addition to numerous new and upgraded packages, this release has the followin
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
- [blesh](https://github.com/akinomyoga/ble.sh), a line editor written in pure bash. Available as [programs.bash.blesh](#opt-programs.bash.blesh.enable).
- [fzf](https://github.com/junegunn/fzf), a command line fuzzyfinder. Available as [programs.fzf](#opt-programs.fzf.fuzzyCompletion).

1
nixos/modules/module-list.nix
View File

@ -1102,6 +1102,7 @@
./services/video/rtsp-simple-server.nix
./services/video/unifi-video.nix
./services/wayland/cage.nix
./services/web-apps/akkoma.nix
./services/web-apps/alps.nix
./services/web-apps/atlassian/confluence.nix
./services/web-apps/atlassian/crowd.nix

332
nixos/modules/services/web-apps/akkoma.md Normal file
View File

@ -0,0 +1,332 @@
# Akkoma {#module-services-akkoma}
[Akkoma](https://akkoma.dev/) is a lightweight ActivityPub microblogging server forked from Pleroma.
## Service configuration {#modules-services-akkoma-service-configuration}
The Elixir configuration file required by Akkoma is generated automatically from
[{option}`services.akkoma.config`](options.html#opt-services.akkoma.config). Secrets must be
included from external files outside of the Nix store by setting the configuration option to
an attribute set containing the attribute {option}`_secret` a string pointing to the file
containing the actual value of the option.
For the mandatory configuration settings these secrets will be generated automatically if the
referenced file does not exist during startup, unless disabled through
[{option}`services.akkoma.initSecrets`](options.html#opt-services.akkoma.initSecrets).
The following configuration binds Akkoma to the Unix socket `/run/akkoma/socket`, expecting to
be run behind a HTTP proxy on `fediverse.example.com`.
```nix
services.akkoma.enable = true;
services.akkoma.config = {
":pleroma" = {
":instance" = {
name = "My Akkoma instance";
description = "More detailed description";
email = "admin@example.com";
registration_open = false;
};
"Pleroma.Web.Endpoint" = {
url.host = "fediverse.example.com";
};
};
};
```
Please refer to the [configuration cheat sheet](https://docs.akkoma.dev/stable/configuration/cheatsheet/)
for additional configuration options.
## User management {#modules-services-akkoma-user-management}
After the Akkoma service is running, the administration utility can be used to
[manage users](https://docs.akkoma.dev/stable/administration/CLI_tasks/user/). In particular an
administrative user can be created with
```ShellSession
$ pleroma_ctl user new <nickname> <email> --admin --moderator --password <password>
```
## Proxy configuration {#modules-services-akkoma-proxy-configuration}
Although it is possible to expose Akkoma directly, it is common practice to operate it behind an
HTTP reverse proxy such as nginx.
```nix
services.akkoma.nginx = {
enableACME = true;
forceSSL = true;
};
services.nginx = {
enable = true;
clientMaxBodySize = "16m";
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
```
Please refer to [](#module-security-acme) for details on how to provision an SSL/TLS certificate.
### Media proxy {#modules-services-akkoma-media-proxy}
Without the media proxy function, Akkoma does not store any remote media like pictures or video
locally, and clients have to fetch them directly from the source server.
```nix
# Enable nginx slice module distributed with Tengine
services.nginx.package = pkgs.tengine;
# Enable media proxy
services.akkoma.config.":pleroma".":media_proxy" = {
enabled = true;
proxy_opts.redirect_on_failure = true;
};
# Adjust the persistent cache size as needed:
# Assuming an average object size of 128 KiB, around 1 MiB
# of memory is required for the key zone per GiB of cache.
# Ensure that the cache directory exists and is writable by nginx.
services.nginx.commonHttpConfig = ''
proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:16m max_size=16g
inactive=1y use_temp_path=off;
'';
services.akkoma.nginx = {
locations."/proxy" = {
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
proxy_cache akkoma_media_cache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
};
};
```
#### Prefetch remote media {#modules-services-akkoma-prefetch-remote-media}
The following example enables the `MediaProxyWarmingPolicy` MRF policy which automatically
fetches all media associated with a post through the media proxy, as soon as the post is
received by the instance.
```nix
services.akkoma.config.":pleroma".":mrf".policies =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy"
];
```
#### Media previews {#modules-services-akkoma-media-previews}
Akkoma can generate previews for media.
```nix
services.akkoma.config.":pleroma".":media_preview_proxy" = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
};
```
## Frontend management {#modules-services-akkoma-frontend-management}
Akkoma will be deployed with the `pleroma-fe` and `admin-fe` frontends by default. These can be
modified by setting
[{option}`services.akkoma.frontends`](options.html#opt-services.akkoma.frontends).
The following example overrides the primary frontends default configuration using a custom
derivation.
```nix
services.akkoma.frontends.primary.package = pkgs.runCommand "pleroma-fe" {
config = builtins.toJSON {
expertLevel = 1;
collapseMessageWithSubject = false;
stopGifs = false;
replyVisibility = "following";
webPushHideIfCW = true;
hideScopeNotice = true;
renderMisskeyMarkdown = false;
hideSiteFavicon = true;
postContentType = "text/markdown";
showNavShortcuts = false;
};
nativeBuildInputs = with pkgs; [ jq xorg.lndir ];
passAsFile = [ "config" ];
} ''
mkdir $out
lndir ${pkgs.akkoma-frontends.pleroma-fe} $out
rm $out/static/config.json
jq -s add ${pkgs.akkoma-frontends.pleroma-fe}/static/config.json ${config} \
>$out/static/config.json
'';
```
## Federation policies {#modules-services-akkoma-federation-policies}
Akkoma comes with a number of modules to police federation with other ActivityPub instances.
The most valuable for typical users is the
[`:mrf_simple`](https://docs.akkoma.dev/stable/configuration/cheatsheet/#mrf_simple) module
which allows limiting federation based on instance hostnames.
This configuration snippet provides an example on how these can be used. Choosing an adequate
federation policy is not trivial and entails finding a balance between connectivity to the rest
of the fediverse and providing a pleasant experience to the users of an instance.
```nix
services.akkoma.config.":pleroma" = with (pkgs.formats.elixirConf { }).lib; {
":mrf".policies = map mkRaw [
"Pleroma.Web.ActivityPub.MRF.SimplePolicy"
];
":mrf_simple" = {
# Tag all media as sensitive
media_nsfw = mkMap {
"nsfw.weird.kinky" = "Untagged NSFW content";
};
# Reject all activities except deletes
reject = mkMap {
"kiwifarms.cc" = "Persistent harassment of users, no moderation";
};
# Force posts to be visible by followers only
followers_only = mkMap {
"beta.birdsite.live" = "Avoid polluting timelines with Twitter posts";
};
};
};
```
## Upload filters {#modules-services-akkoma-upload-filters}
This example strips GPS and location metadata from uploads, deduplicates them and anonymises the
the file name.
```nix
services.akkoma.config.":pleroma"."Pleroma.Upload".filters =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
```
## Migration from Pleroma {#modules-services-akkoma-migration-pleroma}
Pleroma instances can be migrated to Akkoma either by copying the database and upload data or by
pointing Akkoma to the existing data. The necessary database migrations are run automatically
during startup of the service.
The configuration has to be copyedited manually.
Depending on the size of the database, the initial migration may take a long time and exceed the
startup timeout of the system manager. To work around this issue one may adjust the startup timeout
{option}`systemd.services.akkoma.serviceConfig.TimeoutStartSec` or simply run the migrations
manually:
```ShellSession
pleroma_ctl migrate
```
### Copying data {#modules-services-akkoma-migration-pleroma-copy}
Copying the Pleroma data instead of reusing it in place may permit easier reversion to Pleroma,
but allows the two data sets to diverge.
First disable Pleroma and then copy its database and upload data:
```ShellSession
# Create a copy of the database
nix-shell -p postgresql --run 'createdb -T pleroma akkoma'
# Copy upload data
mkdir /var/lib/akkoma
cp -R --reflink=auto /var/lib/pleroma/uploads /var/lib/akkoma/
```
After the data has been copied, enable the Akkoma service and verify that the migration has been
successful. If no longer required, the original data may then be deleted:
```ShellSession
# Delete original database
nix-shell -p postgresql --run 'dropdb pleroma'
# Delete original Pleroma state
rm -r /var/lib/pleroma
```
### Reusing data {#modules-services-akkoma-migration-pleroma-reuse}
To reuse the Pleroma data in place, disable Pleroma and enable Akkoma, pointing it to the
Pleroma database and upload directory.
```nix
# Adjust these settings according to the database name and upload directory path used by Pleroma
services.akkoma.config.":pleroma"."Pleroma.Repo".database = "pleroma";
services.akkoma.config.":pleroma".":instance".upload_dir = "/var/lib/pleroma/uploads";
```
Please keep in mind that after the Akkoma service has been started, any migrations applied by
Akkoma have to be rolled back before the database can be used again with Pleroma. This can be
achieved through `pleroma_ctl ecto.rollback`. Refer to the
[Ecto SQL documentation](https://hexdocs.pm/ecto_sql/Mix.Tasks.Ecto.Rollback.html) for
details.
## Advanced deployment options {#modules-services-akkoma-advanced-deployment}
### Confinement {#modules-services-akkoma-confinement}
The Akkoma systemd service may be confined to a chroot with
```nix
services.systemd.akkoma.confinement.enable = true;
```
Confinement of services is not generally supported in NixOS and therefore disabled by default.
Depending on the Akkoma configuration, the default confinement settings may be insufficient and
lead to subtle errors at run time, requiring adjustment:
Use
[{option}`services.systemd.akkoma.confinement.packages`](options.html#opt-systemd.services._name_.confinement.packages)
to make packages available in the chroot.
{option}`services.systemd.akkoma.serviceConfig.BindPaths` and
{option}`services.systemd.akkoma.serviceConfig.BindReadOnlyPaths` permit access to outside paths
through bind mounts. Refer to
[{manpage}`systemd.exec(5)`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths=)
for details.
### Distributed deployment {#modules-services-akkoma-distributed-deployment}
Being an Elixir application, Akkoma can be deployed in a distributed fashion.
This requires setting
[{option}`services.akkoma.dist.address`](options.html#opt-services.akkoma.dist.address) and
[{option}`services.akkoma.dist.cookie`](options.html#opt-services.akkoma.dist.cookie). The
specifics depend strongly on the deployment environment. For more information please check the
relevant [Erlang documentation](https://www.erlang.org/doc/reference_manual/distributed.html).

1086
nixos/modules/services/web-apps/akkoma.nix Normal file
View File

File diff suppressed because it is too large Load Diff

396
nixos/modules/services/web-apps/akkoma.xml Normal file
View File

@ -0,0 +1,396 @@
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-akkoma">
<title>Akkoma</title>
<para>
<link xlink:href="https://akkoma.dev/">Akkoma</link> is a
lightweight ActivityPub microblogging server forked from Pleroma.
</para>
<section xml:id="modules-services-akkoma-service-configuration">
<title>Service configuration</title>
<para>
The Elixir configuration file required by Akkoma is generated
automatically from
<link xlink:href="options.html#opt-services.akkoma.config"><option>services.akkoma.config</option></link>.
Secrets must be included from external files outside of the Nix
store by setting the configuration option to an attribute set
containing the attribute <option>_secret</option> a string
pointing to the file containing the actual value of the option.
</para>
<para>
For the mandatory configuration settings these secrets will be
generated automatically if the referenced file does not exist
during startup, unless disabled through
<link xlink:href="options.html#opt-services.akkoma.initSecrets"><option>services.akkoma.initSecrets</option></link>.
</para>
<para>
The following configuration binds Akkoma to the Unix socket
<literal>/run/akkoma/socket</literal>, expecting to be run behind
a HTTP proxy on <literal>fediverse.example.com</literal>.
</para>
<programlisting language="nix">
services.akkoma.enable = true;
services.akkoma.config = {
&quot;:pleroma&quot; = {
&quot;:instance&quot; = {
name = &quot;My Akkoma instance&quot;;
description = &quot;More detailed description&quot;;
email = &quot;admin@example.com&quot;;
registration_open = false;
};
&quot;Pleroma.Web.Endpoint&quot; = {
url.host = &quot;fediverse.example.com&quot;;
};
};
};
</programlisting>
<para>
Please refer to the
<link xlink:href="https://docs.akkoma.dev/stable/configuration/cheatsheet/">configuration
cheat sheet</link> for additional configuration options.
</para>
</section>
<section xml:id="modules-services-akkoma-user-management">
<title>User management</title>
<para>
After the Akkoma service is running, the administration utility
can be used to
<link xlink:href="https://docs.akkoma.dev/stable/administration/CLI_tasks/user/">manage
users</link>. In particular an administrative user can be created
with
</para>
<programlisting>
$ pleroma_ctl user new &lt;nickname&gt; &lt;email&gt; --admin --moderator --password &lt;password&gt;
</programlisting>
</section>
<section xml:id="modules-services-akkoma-proxy-configuration">
<title>Proxy configuration</title>
<para>
Although it is possible to expose Akkoma directly, it is common
practice to operate it behind an HTTP reverse proxy such as nginx.
</para>
<programlisting language="nix">
services.akkoma.nginx = {
enableACME = true;
forceSSL = true;
};
services.nginx = {
enable = true;
clientMaxBodySize = &quot;16m&quot;;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
</programlisting>
<para>
Please refer to <xref linkend="module-security-acme" /> for
details on how to provision an SSL/TLS certificate.
</para>
<section xml:id="modules-services-akkoma-media-proxy">
<title>Media proxy</title>
<para>
Without the media proxy function, Akkoma does not store any
remote media like pictures or video locally, and clients have to
fetch them directly from the source server.
</para>
<programlisting language="nix">
# Enable nginx slice module distributed with Tengine
services.nginx.package = pkgs.tengine;
# Enable media proxy
services.akkoma.config.&quot;:pleroma&quot;.&quot;:media_proxy&quot; = {
enabled = true;
proxy_opts.redirect_on_failure = true;
};
# Adjust the persistent cache size as needed:
# Assuming an average object size of 128 KiB, around 1 MiB
# of memory is required for the key zone per GiB of cache.
# Ensure that the cache directory exists and is writable by nginx.
services.nginx.commonHttpConfig = ''
proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:16m max_size=16g
inactive=1y use_temp_path=off;
'';
services.akkoma.nginx = {
locations.&quot;/proxy&quot; = {
proxyPass = &quot;http://unix:/run/akkoma/socket&quot;;
extraConfig = ''
proxy_cache akkoma_media_cache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
};
};
</programlisting>
<section xml:id="modules-services-akkoma-prefetch-remote-media">
<title>Prefetch remote media</title>
<para>
The following example enables the
<literal>MediaProxyWarmingPolicy</literal> MRF policy which
automatically fetches all media associated with a post through
the media proxy, as soon as the post is received by the
instance.
</para>
<programlisting language="nix">
services.akkoma.config.&quot;:pleroma&quot;.&quot;:mrf&quot;.policies =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
&quot;Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy&quot;
];
</programlisting>
</section>
<section xml:id="modules-services-akkoma-media-previews">
<title>Media previews</title>
<para>
Akkoma can generate previews for media.
</para>
<programlisting language="nix">
services.akkoma.config.&quot;:pleroma&quot;.&quot;:media_preview_proxy&quot; = {
enabled = true;
thumbnail_max_width = 1920;
thumbnail_max_height = 1080;
};
</programlisting>
</section>
</section>
</section>
<section xml:id="modules-services-akkoma-frontend-management">
<title>Frontend management</title>
<para>
Akkoma will be deployed with the <literal>pleroma-fe</literal> and
<literal>admin-fe</literal> frontends by default. These can be
modified by setting
<link xlink:href="options.html#opt-services.akkoma.frontends"><option>services.akkoma.frontends</option></link>.
</para>
<para>
The following example overrides the primary frontends default
configuration using a custom derivation.
</para>
<programlisting language="nix">
services.akkoma.frontends.primary.package = pkgs.runCommand &quot;pleroma-fe&quot; {
config = builtins.toJSON {
expertLevel = 1;
collapseMessageWithSubject = false;
stopGifs = false;
replyVisibility = &quot;following&quot;;
webPushHideIfCW = true;
hideScopeNotice = true;
renderMisskeyMarkdown = false;
hideSiteFavicon = true;
postContentType = &quot;text/markdown&quot;;
showNavShortcuts = false;
};
nativeBuildInputs = with pkgs; [ jq xorg.lndir ];
passAsFile = [ &quot;config&quot; ];
} ''
mkdir $out
lndir ${pkgs.akkoma-frontends.pleroma-fe} $out
rm $out/static/config.json
jq -s add ${pkgs.akkoma-frontends.pleroma-fe}/static/config.json ${config} \
&gt;$out/static/config.json
'';
</programlisting>
</section>
<section xml:id="modules-services-akkoma-federation-policies">
<title>Federation policies</title>
<para>
Akkoma comes with a number of modules to police federation with
other ActivityPub instances. The most valuable for typical users
is the
<link xlink:href="https://docs.akkoma.dev/stable/configuration/cheatsheet/#mrf_simple"><literal>:mrf_simple</literal></link>
module which allows limiting federation based on instance
hostnames.
</para>
<para>
This configuration snippet provides an example on how these can be
used. Choosing an adequate federation policy is not trivial and
entails finding a balance between connectivity to the rest of the
fediverse and providing a pleasant experience to the users of an
instance.
</para>
<programlisting language="nix">
services.akkoma.config.&quot;:pleroma&quot; = with (pkgs.formats.elixirConf { }).lib; {
&quot;:mrf&quot;.policies = map mkRaw [
&quot;Pleroma.Web.ActivityPub.MRF.SimplePolicy&quot;
];
&quot;:mrf_simple&quot; = {
# Tag all media as sensitive
media_nsfw = mkMap {
&quot;nsfw.weird.kinky&quot; = &quot;Untagged NSFW content&quot;;
};
# Reject all activities except deletes
reject = mkMap {
&quot;kiwifarms.cc&quot; = &quot;Persistent harassment of users, no moderation&quot;;
};
# Force posts to be visible by followers only
followers_only = mkMap {
&quot;beta.birdsite.live&quot; = &quot;Avoid polluting timelines with Twitter posts&quot;;
};
};
};
</programlisting>
</section>
<section xml:id="modules-services-akkoma-upload-filters">
<title>Upload filters</title>
<para>
This example strips GPS and location metadata from uploads,
deduplicates them and anonymises the the file name.
</para>
<programlisting language="nix">
services.akkoma.config.&quot;:pleroma&quot;.&quot;Pleroma.Upload&quot;.filters =
map (pkgs.formats.elixirConf { }).lib.mkRaw [
&quot;Pleroma.Upload.Filter.Exiftool&quot;
&quot;Pleroma.Upload.Filter.Dedupe&quot;
&quot;Pleroma.Upload.Filter.AnonymizeFilename&quot;
];
</programlisting>
</section>
<section xml:id="modules-services-akkoma-migration-pleroma">
<title>Migration from Pleroma</title>
<para>
Pleroma instances can be migrated to Akkoma either by copying the
database and upload data or by pointing Akkoma to the existing
data. The necessary database migrations are run automatically
during startup of the service.
</para>
<para>
The configuration has to be copyedited manually.
</para>
<para>
Depending on the size of the database, the initial migration may
take a long time and exceed the startup timeout of the system
manager. To work around this issue one may adjust the startup
timeout
<option>systemd.services.akkoma.serviceConfig.TimeoutStartSec</option>
or simply run the migrations manually:
</para>
<programlisting>
pleroma_ctl migrate
</programlisting>
<section xml:id="modules-services-akkoma-migration-pleroma-copy">
<title>Copying data</title>
<para>
Copying the Pleroma data instead of reusing it in place may
permit easier reversion to Pleroma, but allows the two data sets
to diverge.
</para>
<para>
First disable Pleroma and then copy its database and upload
data:
</para>
<programlisting>
# Create a copy of the database
nix-shell -p postgresql --run 'createdb -T pleroma akkoma'
# Copy upload data
mkdir /var/lib/akkoma
cp -R --reflink=auto /var/lib/pleroma/uploads /var/lib/akkoma/
</programlisting>
<para>
After the data has been copied, enable the Akkoma service and
verify that the migration has been successful. If no longer
required, the original data may then be deleted:
</para>
<programlisting>
# Delete original database
nix-shell -p postgresql --run 'dropdb pleroma'
# Delete original Pleroma state
rm -r /var/lib/pleroma
</programlisting>
</section>
<section xml:id="modules-services-akkoma-migration-pleroma-reuse">
<title>Reusing data</title>
<para>
To reuse the Pleroma data in place, disable Pleroma and enable
Akkoma, pointing it to the Pleroma database and upload
directory.
</para>
<programlisting language="nix">
# Adjust these settings according to the database name and upload directory path used by Pleroma
services.akkoma.config.&quot;:pleroma&quot;.&quot;Pleroma.Repo&quot;.database = &quot;pleroma&quot;;
services.akkoma.config.&quot;:pleroma&quot;.&quot;:instance&quot;.upload_dir = &quot;/var/lib/pleroma/uploads&quot;;
</programlisting>
<para>
Please keep in mind that after the Akkoma service has been
started, any migrations applied by Akkoma have to be rolled back
before the database can be used again with Pleroma. This can be
achieved through <literal>pleroma_ctl ecto.rollback</literal>.
Refer to the
<link xlink:href="https://hexdocs.pm/ecto_sql/Mix.Tasks.Ecto.Rollback.html">Ecto
SQL documentation</link> for details.
</para>
</section>
</section>
<section xml:id="modules-services-akkoma-advanced-deployment">
<title>Advanced deployment options</title>
<section xml:id="modules-services-akkoma-confinement">
<title>Confinement</title>
<para>
The Akkoma systemd service may be confined to a chroot with
</para>
<programlisting language="nix">
services.systemd.akkoma.confinement.enable = true;
</programlisting>
<para>
Confinement of services is not generally supported in NixOS and
therefore disabled by default. Depending on the Akkoma
configuration, the default confinement settings may be
insufficient and lead to subtle errors at run time, requiring
adjustment:
</para>
<para>
Use
<link xlink:href="options.html#opt-systemd.services._name_.confinement.packages"><option>services.systemd.akkoma.confinement.packages</option></link>
to make packages available in the chroot.
</para>
<para>
<option>services.systemd.akkoma.serviceConfig.BindPaths</option>
and
<option>services.systemd.akkoma.serviceConfig.BindReadOnlyPaths</option>
permit access to outside paths through bind mounts. Refer to
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#BindPaths="><link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html"><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></link></link>
for details.
</para>
</section>
<section xml:id="modules-services-akkoma-distributed-deployment">
<title>Distributed deployment</title>
<para>
Being an Elixir application, Akkoma can be deployed in a
distributed fashion.
</para>
<para>
This requires setting
<link xlink:href="options.html#opt-services.akkoma.dist.address"><option>services.akkoma.dist.address</option></link>
and
<link xlink:href="options.html#opt-services.akkoma.dist.cookie"><option>services.akkoma.dist.cookie</option></link>.
The specifics depend strongly on the deployment environment. For
more information please check the relevant
<link xlink:href="https://www.erlang.org/doc/reference_manual/distributed.html">Erlang
documentation</link>.
</para>
</section>
</section>
</chapter>

121
nixos/tests/akkoma.nix Normal file
View File

@ -0,0 +1,121 @@
/*
End-to-end test for Akkoma.
Based in part on nixos/tests/pleroma.
TODO: Test federation.
*/
import ./make-test-python.nix ({ pkgs, package ? pkgs.akkoma, confined ? false, ... }:
let
userPassword = "4LKOrGo8SgbPm1a6NclVU5Wb";
provisionUser = pkgs.writers.writeBashBin "provisionUser" ''
set -eu -o errtrace -o pipefail
pleroma_ctl user new jamy jamy@nixos.test --password '${userPassword}' --moderator --admin -y
'';
tlsCert = pkgs.runCommand "selfSignedCerts" {
nativeBuildInputs = with pkgs; [ openssl ];
} ''
mkdir -p $out
openssl req -x509 \
-subj '/CN=akkoma.nixos.test/' -days 49710 \
-addext 'subjectAltName = DNS:akkoma.nixos.test' \
-keyout "$out/key.pem" -newkey ed25519 \
-out "$out/cert.pem" -noenc
'';
sendToot = pkgs.writers.writeBashBin "sendToot" ''
set -eu -o errtrace -o pipefail
export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
echo '${userPassword}' | ${pkgs.toot}/bin/toot login_cli -i "akkoma.nixos.test" -e "jamy@nixos.test"
echo "y" | ${pkgs.toot}/bin/toot post "hello world Jamy here"
echo "y" | ${pkgs.toot}/bin/toot timeline | grep -F -q "hello world Jamy here"
# Test file upload
echo "y" | ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) \
| grep -F -q "https://akkoma.nixos.test/media"
'';
checkFe = pkgs.writers.writeBashBin "checkFe" ''
set -eu -o errtrace -o pipefail
paths=( / /static/{config,styles}.json /pleroma/admin/ )
for path in "''${paths[@]}"; do
diff \
<(${pkgs.curl}/bin/curl -f -S -s -o /dev/null -w '%{response_code}' "https://akkoma.nixos.test$path") \
<(echo -n 200)
done
'';
hosts = nodes: ''
${nodes.akkoma.networking.primaryIPAddress} akkoma.nixos.test
${nodes.client.networking.primaryIPAddress} client.nixos.test
'';
in
{
name = "akkoma";
nodes = {
client = { nodes, pkgs, config, ... }: {
security.pki.certificateFiles = [ "${tlsCert}/cert.pem" ];
networking.extraHosts = hosts nodes;
};
akkoma = { nodes, pkgs, config, ... }: {
networking.extraHosts = hosts nodes;
networking.firewall.allowedTCPPorts = [ 443 ];
environment.systemPackages = with pkgs; [ provisionUser ];
systemd.services.akkoma.confinement.enable = confined;
services.akkoma = {
enable = true;
package = package;
config = {
":pleroma" = {
":instance" = {
name = "NixOS test Akkoma server";
description = "NixOS test Akkoma server";
email = "akkoma@nixos.test";
notify_email = "akkoma@nixos.test";
registration_open = true;
};
":media_proxy" = {
enabled = false;
};
"Pleroma.Web.Endpoint" = {
url.host = "akkoma.nixos.test";
};
};
};
nginx = {
addSSL = true;
sslCertificate = "${tlsCert}/cert.pem";
sslCertificateKey = "${tlsCert}/key.pem";
};
};
services.nginx.enable = true;
services.postgresql.enable = true;
};
};
testScript = { nodes, ... }: ''
start_all()
akkoma.wait_for_unit('akkoma-initdb.service')
akkoma.systemctl('restart akkoma-initdb.service') # test repeated initialisation
akkoma.wait_for_unit('akkoma.service')
akkoma.wait_for_file('/run/akkoma/socket');
akkoma.succeed('${provisionUser}/bin/provisionUser')
akkoma.wait_for_unit('nginx.service')
client.succeed('${sendToot}/bin/sendToot')
client.succeed('${checkFe}/bin/checkFe')
'';
})

2
nixos/tests/all-tests.nix
View File

@ -73,6 +73,8 @@ in {
agate = runTest ./web-servers/agate.nix;
agda = handleTest ./agda.nix {};
airsonic = handleTest ./airsonic.nix {};
akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {};
akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; };
allTerminfo = handleTest ./all-terminfo.nix {};
alps = handleTest ./alps.nix {};
amazon-init-shell = handleTest ./amazon-init-shell.nix {};

84
pkgs/servers/akkoma/admin-fe/default.nix Normal file
View File

@ -0,0 +1,84 @@
{ lib
, stdenv
, fetchFromGitea, fetchYarnDeps
, fixup_yarn_lock, yarn, nodejs
, python3, pkg-config, libsass
}:
stdenv.mkDerivation rec {
pname = "admin-fe";
version = "unstable-2022-09-10";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "admin-fe";
rev = "e094e12c3ecb540df839fdf20c5a03d10454fcad";
hash = "sha256-dqkW8p4x+5z1Hd8gp8V4+DsLm8EspVwPXDxtvlp1AIk=";
};
patches = [ ./deps.patch ];
offlineCache = fetchYarnDeps {
yarnLock = ./yarn.lock;
hash = "sha256-h+QUBT2VwPWu2l05Zkcp+0vHN/x40uXxw2KYjq7l/Xk=";
};
nativeBuildInputs = [
fixup_yarn_lock
yarn
nodejs
pkg-config
python3
libsass
];
postPatch = ''
cp ${./yarn.lock} yarn.lock
'';
configurePhase = ''
runHook preConfigure
export HOME="$(mktemp -d)"
yarn config --offline set yarn-offline-mirror ${lib.escapeShellArg offlineCache}
fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
patchShebangs node_modules/cross-env
mkdir -p "$HOME/.node-gyp/${nodejs.version}"
echo 9 >"$HOME/.node-gyp/${nodejs.version}/installVersion"
ln -sfv "${nodejs}/include" "$HOME/.node-gyp/${nodejs.version}"
export npm_config_nodedir=${nodejs}
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
pushd node_modules/node-sass
LIBSASS_EXT=auto yarn run build --offline
popd
export NODE_OPTIONS="--openssl-legacy-provider"
yarn run build:prod --offline
runHook postBuild
'';
installPhase = ''
runHook preInstall
cp -R -v dist $out
runHook postInstall
'';
meta = with lib; {
description = "Admin interface for Akkoma";
homepage = "https://akkoma.dev/AkkomaGang/akkoma-fe/";
license = licenses.agpl3;
maintainers = with maintainers; [ mvs ];
};
}

46
pkgs/servers/akkoma/admin-fe/deps.patch Normal file
View File

@ -0,0 +1,46 @@
diff --git a/package.json b/package.json
index f267be19..fb806527 100644
--- a/package.json
+++ b/package.json
@@ -31,14 +31,12 @@
"type": "git",
"url": "git+https://akkoma.dev/AkkomaGang/admin-fe.git"
},
- "resolutions": {
- "prosemirror-model": "1.9.1"
- },
"bugs": {
"url": "https://akkoma.dev/AkkomaGang/admin-fe/-/issues"
},
"dependencies": {
"@babel/runtime": "^7.3.4",
+ "@toast-ui/editor": "^3.2.0",
"axios": "0.18.0",
"clipboard": "1.7.1",
"codemirror": "5.39.2",
@@ -65,7 +63,6 @@
"sortablejs": "1.7.0",
"tiptap": "^1.29.6",
"tiptap-extensions": "^1.32.7",
- "tui-editor": "1.2.7",
"vue": "^2.6.8",
"vue-count-to": "1.0.13",
"vue-i18n": "^8.9.0",
diff --git a/src/components/element-ui/MarkdownEditor/index.vue b/src/components/element-ui/MarkdownEditor/index.vue
index 7ae9fd40..18114701 100644
--- a/src/components/element-ui/MarkdownEditor/index.vue
+++ b/src/components/element-ui/MarkdownEditor/index.vue
@@ -5,10 +5,10 @@
<script>
// deps for editor
import 'codemirror/lib/codemirror.css' // codemirror
-import 'tui-editor/dist/tui-editor.css' // editor ui
-import 'tui-editor/dist/tui-editor-contents.css' // editor content
+import '@toast-ui/editor/dist/tui-editor.css' // editor ui
+import '@toast-ui/editor/dist/tui-editor-contents.css' // editor content
-import Editor from 'tui-editor'
+import Editor from '@toast-ui/editor'
import defaultOptions from './defaultOptions'
export default {

12493
pkgs/servers/akkoma/admin-fe/yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff

216
pkgs/servers/akkoma/default.nix Normal file
View File

@ -0,0 +1,216 @@
{ lib
, beamPackages
, fetchFromGitea, fetchFromGitHub, fetchFromGitLab
, cmake, file, libxcrypt
, writeText
, nixosTests
, ...
}:
beamPackages.mixRelease rec {
pname = "pleroma";
version = "3.5.0";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "akkoma";
rev = "v${version}";
hash = "sha256-Apt+6nI4zOCyRb5msPt5UF9vyaendyaOjrYBMl0DqRY=";
};
postPatch = ''
# Remove dependency on OS_Mon
sed -E -i 's/(^|\s):os_mon,//' \
mix.exs
'';
postBuild = ''
# Digest and compress static files
rm -f priv/static/READ_THIS_BEFORE_TOUCHING_FILES_HERE
mix phx.digest --no-deps-check
'';
# cf. https://github.com/whitfin/cachex/issues/205
stripDebug = false;
mixNixDeps = import ./mix.nix {
inherit beamPackages lib;
overrides = (final: prev: {
# mix2nix does not support git dependencies yet,
# so we need to add them manually
captcha = beamPackages.buildMix rec {
name = "captcha";
version = "0.1.0";
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
repo = "elixir-captcha";
rev = "e0f16822d578866e186a0974d65ad58cddc1e2ab";
sha256 = "0qbf86l59kmpf1nd82v4141ba9ba75xwmnqzpgbm23fa1hh8pi9c";
};
};
crypt = beamPackages.buildRebar3 rec {
name = "crypt";
version = "0.4.3";
src = fetchFromGitHub {
owner = "msantos";
repo = "crypt";
rev = "f75cd55325e33cbea198fb41fe41871392f8fb76";
sha256 = "sha256-ZYhZTe7cTITkl8DZ4z2IOlxTX5gnbJImu/lVJ2ZjR1o=";
};
buildInputs = [ libxcrypt ];
postInstall = ''
mv $out/lib/erlang/lib/crypt-${version}/priv/{source,crypt}.so
'';
beamDeps = with final; [ elixir_make ];
};
elasticsearch = beamPackages.buildMix rec {
name = "elasticsearch";
version = "1.0.1";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "elasticsearch-elixir";
rev = "6cd946f75f6ab9042521a009d1d32d29a90113ca";
hash = "sha256-CtmQHVl+VTpemne+nxbkYGcErrgCo+t3ZBPbkFSpyF0=";
};
};
gettext = beamPackages.buildMix {
name = "gettext";
version = "0.19.1";
src = fetchFromGitHub {
owner = "tusooa";
repo = "gettext";
rev = "72fb2496b6c5280ed911bdc3756890e7f38a4808";
hash = "sha256-V0qmE+LcAbVoWsJmWE4fwrduYFIZ5BzK/sGzgLY3eH0=";
};
};
linkify = beamPackages.buildMix rec {
name = "linkify";
version = "0.5.2";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "linkify";
rev = "2567e2c1073fa371fd26fd66dfa5bc77b6919c16";
hash = "sha256-e3wzlbRuyw/UB5Tb7IozX/WR1T+sIBf9C/o5Thki9vg=";
};
};
mfm_parser = beamPackages.buildMix rec {
name = "mfm_parser";
version = "0.1.1";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "mfm-parser";
rev = "912fba81152d4d572e457fd5427f9875b2bc3dbe";
hash = "sha256-n3WmERxKK8VM8jFIBAPS6GkbT7/zjqi3AjjWbjOdMzs=";
};
beamDeps = with final; [ phoenix_view temple ];
};
remote_ip = beamPackages.buildMix rec {
name = "remote_ip";
version = "0.1.5";
src = fetchFromGitLab {
domain = "git.pleroma.social";
group = "pleroma";
owner = "elixir-libraries";
repo = "remote_ip";
rev = "b647d0deecaa3acb140854fe4bda5b7e1dc6d1c8";
sha256 = "0c7vmakcxlcs3j040018i7bfd6z0yq6fjfig02g5fgakx398s0x6";
};
beamDeps = with final; [ combine plug inet_cidr ];
};
search_parser = beamPackages.buildMix rec {
name = "search_parser";
version = "0.1.0";
src = fetchFromGitHub {
owner = "FloatingGhost";
repo = "pleroma-contrib-search-parser";
rev = "08971a81e68686f9ac465cfb6661d51c5e4e1e7f";
hash = "sha256-sbo9Kcp2oT05o2GAF+IgziLPYmCkWgBfFMBCytmqg3Y=";
};
beamDeps = with final; [ nimble_parsec ];
};
temple = beamPackages.buildMix rec {
name = "temple";
version = "0.9.0-rc.0";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "temple";
rev = "066a699ade472d8fa42a9d730b29a61af9bc8b59";
hash = "sha256-qA0z8WTMjO2OixcZBARn/LbuV3s3LGtwZ9nSjj/tWBc=";
};
mixEnv = "dev";
beamDeps = with final; [ earmark_parser ex_doc makeup makeup_elixir makeup_erlang nimble_parsec ];
};
# Some additional build inputs and build fixes
fast_html = prev.fast_html.override {
nativeBuildInputs = [ cmake ];
dontUseCmakeConfigure = true;
};
http_signatures = prev.http_signatures.override {
patchPhase = ''
substituteInPlace mix.exs --replace ":logger" ":logger, :public_key"
'';
};
majic = prev.majic.override {
buildInputs = [ file ];
};
syslog = prev.syslog.override {
buildPlugins = with beamPackages; [ pc ];
};
mime = prev.mime.override {
patchPhase = let
cfgFile = writeText "config.exs" ''
use Mix.Config
config :mime, :types, %{
"application/activity+json" => ["activity+json"],
"application/jrd+json" => ["jrd+json"],
"application/ld+json" => ["activity+json"],
"application/xml" => ["xml"],
"application/xrd+xml" => ["xrd+xml"]
}
'';
in ''
mkdir config
cp ${cfgFile} config/config.exs
'';
};
});
};
passthru = {
tests = with nixosTests; { inherit akkoma akkoma-confined; };
inherit mixNixDeps;
};
meta = with lib; {
description = "ActivityPub microblogging server";
homepage = "https://akkoma.social";
license = licenses.agpl3;
maintainers = with maintainers; [ mvs ];
platforms = platforms.unix;
};
}

20
pkgs/servers/akkoma/emoji/blobs_gg.nix Normal file
View File

@ -0,0 +1,20 @@
{ lib, fetchzip }:
let
rev = "e764ba00b9c34524e3ff3ffd19a44fa2a5c296a5";
in fetchzip {
pname = "blobs.gg";
version = "unstable-2019-07-24";
url = "https://git.pleroma.social/pleroma/emoji-index/-/raw/${rev}/packs/blobs_gg.zip";
hash = "sha256-dnOwW93xTyJKRnYgvPgsqZHNWod4y80aNhBSVKNk6do=";
stripRoot = false;
meta = with lib; {
description = "Blob emoji from blobs.gg repacked as APNG";
homepage = "https://blobs.gg";
license = licenses.asl20;
maintainers = with maintainers; [ mvs ];
};
}

1494
pkgs/servers/akkoma/mix.nix Normal file
View File

File diff suppressed because it is too large Load Diff

82
pkgs/servers/akkoma/pleroma-fe/default.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib
, stdenv
, fetchFromGitea, fetchYarnDeps
, fixup_yarn_lock, yarn, nodejs
, jpegoptim, oxipng, nodePackages
}:
stdenv.mkDerivation rec {
pname = "pleroma-fe";
version = "unstable-2022-12-10";
src = fetchFromGitea {
domain = "akkoma.dev";
owner = "AkkomaGang";
repo = "pleroma-fe";
rev = "9c9b4cc07c018a21c8261dd7680a97aa3a670756";
hash = "sha256-jYJcG2Q5kxOH29G5WV/6Cx7a+b7FuFROEn/8ruh7cDc=";
};
offlineCache = fetchYarnDeps {
yarnLock = src + "/yarn.lock";
hash = "sha256-pz6NHBYZRi+Rwx6H74895vFWGLSivI7Ul8XV6wMbgJg=";
};
nativeBuildInputs = [
fixup_yarn_lock
yarn
nodejs
jpegoptim
oxipng
nodePackages.svgo
];
postPatch = ''
# Build scripts assume to be used within a Git repository checkout
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
build/webpack.prod.conf.js
'';
configurePhase = ''
runHook preConfigure
export HOME="$(mktemp -d)"
yarn config --offline set yarn-offline-mirror ${lib.escapeShellArg offlineCache}
fixup_yarn_lock yarn.lock
yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
export NODE_ENV="production"
export NODE_OPTIONS="--openssl-legacy-provider"
yarn run build --offline
runHook postBuild
'';
installPhase = ''
runHook preInstall
# (Losslessly) optimise compression of image artifacts
find dist -type f -name '*.jpg' -execdir ${jpegoptim}/bin/jpegoptim -w$NIX_BUILD_CORES {} \;
find dist -type f -name '*.png' -execdir ${oxipng}/bin/oxipng -o max -t $NIX_BUILD_CORES {} \;
find dist -type f -name '*.svg' -execdir ${nodePackages.svgo}/bin/svgo {} \;
cp -R -v dist $out
runHook postInstall
'';
meta = with lib; {
description = "Frontend for Akkoma and Pleroma";
homepage = "https://akkoma.dev/AkkomaGang/pleroma-fe/";
license = licenses.agpl3;
maintainers = with maintainers; [ mvs ];
};
}

9
pkgs/top-level/all-packages.nix
View File

@ -1194,6 +1194,15 @@ with pkgs;
adminer = callPackage ../servers/adminer { };
akkoma = callPackage ../servers/akkoma { };
akkoma-frontends = recurseIntoAttrs {
pleroma-fe = callPackage ../servers/akkoma/pleroma-fe { };
admin-fe = callPackage ../servers/akkoma/admin-fe { };
};
akkoma-emoji = recurseIntoAttrs {
blobs_gg = callPackage ../servers/akkoma/emoji/blobs_gg.nix { };
};
advancecomp = callPackage ../tools/compression/advancecomp {};
aefs = callPackage ../tools/filesystems/aefs { };