commit daed9604faecc65cb5cf96a77c37025dc63a90cd
parent 6cbf1e3aef5b38ea34da53a5abe64fe2a5c08928
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 20:31:45 +0100
parent 6cbf1e3aef5b38ea34da53a5abe64fe2a5c08928
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 20:31:45 +0100
machines/osterei/pleroma: move to machine `trabbi`
9 files changed, 256 insertions(+), 251 deletions(-)
D
|
192
-------------------------------------------------------------------------------
A
|
195
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -16,7 +16,6 @@ # communication ./matrix-synapse.nix - ./pleroma ./mail.nix # ./maddy.nix
diff --git a/machines/osterei/pleroma/config.exs b/machines/osterei/pleroma/config.exs @@ -1,192 +0,0 @@ -import Config - -config :pleroma, :dangerzone, override_repo_pool_size: true - -config :pleroma, Pleroma.Web.Endpoint, - url: [host: "pleroma.ctu.cx", scheme: "https", port: 443], - domain: "ctu.cx", - http: [ip: {127, 0, 0, 1}, port: 4000] - -config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - database: "pleroma", - socket_dir: "/run/postgresql", - pool_size: 20, - timeout: 20_000, - connect_timeout: 20_000 - -# Configure web push notifications -config :web_push_encryption, :vapid_details, subject: "mailto:pleroma@ctu.cx" - -config :pleroma, :database, rum_enabled: false -config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" -config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" - -config :pleroma, :static_fe, enabled: false - -config :pleroma, :frontend_configurations, - pleroma_fe: %{ - theme: "breezy-dark", - background: "/static/bg.png", - logo: "/static/logo.png", - nsfwCensorImage: "/static/nsfw.png", - logoLeft: true, - chatDisabled: true, - webPushNotifications: true, - showFeaturesPanel: false, - collapseMessageWithSubject: false, - hideUserStats: false - } - -config :pleroma, :instance, - name: "ctucx.pleroma", - email: "pleroma@ctu.cx", - limit: 5000, - registrations_open: false, - invites_enabled: true, - account_activation_required: false, - remote_post_retention_days: 3, - external_user_synchronization: true, - allowed_post_formats: [ - "text/plain", - "text/html", - "text/markdown" - ], - quarantined_instances: [ - "search.fedi.app", - "freespeechextremist.com", - "gleasonator.com", - "gab.com", - "gab.ai", - "spinster.xyz", - "clubcyberia.co", - "glowers.club", - "shitposter.club", - "social.urspringer.de", - "pleroma.soykaf.com", - "nnia.space", - "kiwifarms.cc", - "wintermute.fr.to", - "anitwitter.moe", - "brighteon.social", - "cawfee.club", - "freefedifollowers.ga", - "glindr.org", - "humblr.social", - "jaeger.website", - "libre.tube", - "newjack.city", - "pawoo.net", - "pieville.net", - "play.xmr.101010.pl", - "skippers-bin.com", - "sneak.berlin", - "yggdrasil.social", - "anime.website", - "collapsitarian.io", - "bajax.us", - "nicecrew.digital", - "shortstackran.ch", - "kys.moe", - "beefyboys.win", - "detroitriotcity.com" - ] - -config :pleroma, :media_proxy, - enabled: false, - redirect_on_failure: true, - base_url: "https://cache.domain.tld" - -config :pleroma, :fetch_initial_posts, - enabled: false, - pages: 1 - -config :pleroma, :shout, enabled: false - -config :pleroma, :mrf, - policies: [Pleroma.Web.ActivityPub.MRF.SimplePolicy] - -config :pleroma, :mrf_simple, - reject: [ - "search.fedi.app", - "freespeechextremist.com", - "gleasonator.com", - "gab.com", - "gab.ai", - "spinster.xyz", - "clubcyberia.co", - "glowers.club", - "shitposter.club", - "social.urspringer.de", - "pleroma.soykaf.com", - "nnia.space", - "kiwifarms.cc", - "wintermute.fr.to", - "anitwitter.moe", - "brighteon.social", - "cawfee.club", - "freefedifollowers.ga", - "glindr.org", - "humblr.social", - "jaeger.website", - "libre.tube", - "newjack.city", - "pawoo.net", - "pieville.net", - "play.xmr.101010.pl", - "skippers-bin.com", - "sneak.berlin", - "yggdrasil.social", - "anime.website", - "collapsitarian.io", - "bajax.us", - "nicecrew.digital", - "shortstackran.ch", - "kys.moe", - "beefyboys.win", - "detroitriotcity.com" - ] - -config :pleroma, :frontends, - primary: %{ - "name" => "pleroma", - "ref" => "stable" - }, - admin: %{ - "name" => "admin", - "ref" => "develop" - }, - fedife: %{ - "name" => "fedi-fe", - "ref" => "master" - }, - kenoma: %{ - "name" => "kenoma", - "ref" => "master" - } - -config :pleroma, :emoji, - shortcode_globs: ["/emoji/custom/**/*.png"], - groups: [ - "Anarchy": "/emoji/anarchy/*.png", - "Blobs": "/emoji/blob/*.png", - "Blobcat": "/emoji/blobcat/*.png", - "Catgirl": "/emoji/catgirl/*.png", - "Chaos": "/emoji/chaos/*.png", - "Comfy Blobcat": "/emoji/comfyblobcat/*.png", - 'etc': "/emoji/etc/*.png", - "Flags": "/emoji/flags/*.png", - "Flauschehorn": "/emoji/flauschehorn/*.png", - "Hacker ABC": "/emoji/hackerabc/*.png", - "Hearts": "/emoji/heart/*.png", - "Logos": "/emoji/logos/*.png", - "Menhera": "/emoji/menhera/*.png", - "Queer": "/emoji/queer/*.png", - "Signals": "/emoji/signals/*.png", - "Trains": "/emoji/trains/*.png" - ] - -config :pleroma, configurable_from_database: false - -config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.AnonymizeFilename, Pleroma.Upload.Filter.Dedupe]
diff --git a/machines/osterei/pleroma/default.nix b/machines/osterei/pleroma/default.nix @@ -1,57 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - age.secrets.restic-pleroma.file = ../../../secrets/osterei/restic/pleroma.age; - - restic-backups.pleroma = { - user = "pleroma"; - passwordFile = config.age.secrets.restic-pleroma.path; - paths = [ "/var/lib/pleroma" ]; - postgresDatabases = [ "pleroma" ]; - }; - - dns.zones."ctu.cx".subdomains.pleroma.CNAME = [ "${config.networking.fqdn}." ]; - - systemd.services.pleroma.path = [ pkgs.exiftool ]; - systemd.services.pleroma.onFailure = [ "email-notify@%i.service" ]; - - services = { - postgresql = { - enable = true; - ensureDatabases = [ "pleroma" ]; - ensureUsers = [ - { - name = "pleroma"; - ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; - } - ]; - }; - - pleroma = { - enable = true; - configs = [ (lib.fileContents ./config.exs) ]; - secretConfigFile = "/var/lib/pleroma/secret.exs"; - }; - - nginx = { - enable = true; - virtualHosts = { - "pleroma.ctu.cx" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4000/"; - proxyWebsockets = true; - }; - }; - "ctu.cx" = { - enableACME = true; - forceSSL = true; - locations."/.well-known/host-meta".extraConfig = "return 301 https://pleroma.ctu.cx$request_uri;"; - }; - }; - }; - }; - -}
diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix @@ -15,6 +15,9 @@ ../../configurations/linux/services/prometheus-node-exporter.nix ./prometheus.nix ./grafana + + # communication + ./pleroma ]; age.secrets.restic-server-lollo.file = ../../secrets/restic-server/lollo.age;
diff --git a/machines/trabbi/pleroma/config.exs b/machines/trabbi/pleroma/config.exs @@ -0,0 +1,195 @@ +import Config + +config :pleroma, :dangerzone, override_repo_pool_size: true + +config :pleroma, Pleroma.Web.Endpoint, + url: [host: "pleroma.ctu.cx", scheme: "https", port: 443], + domain: "ctu.cx", + http: [ip: {127, 0, 0, 1}, port: 4000] + +config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + username: "pleroma", + database: "pleroma", + socket_dir: "/run/postgresql", + pool_size: 10, + queue_target: 5000, + timeout: 20_000, + connect_timeout: 20_000 + +config :pleroma, :database, rum_enabled: false + +# Configure web push notifications +config :web_push_encryption, :vapid_details, subject: "mailto:pleroma@ctu.cx" + +config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" +config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" + +config :pleroma, :static_fe, enabled: false + +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + theme: "breezy-dark", + background: "/static/bg.png", + logo: "/static/logo.png", + nsfwCensorImage: "/static/nsfw.png", + logoLeft: true, + chatDisabled: true, + webPushNotifications: true, + showFeaturesPanel: false, + collapseMessageWithSubject: false, + hideUserStats: false + } + +config :pleroma, :instance, + name: "ctucx.pleroma", + email: "pleroma@ctu.cx", + limit: 5000, + registrations_open: false, + public: false, + invites_enabled: false, + account_activation_required: false, + remote_post_retention_days: 1, + external_user_synchronization: false, + allowed_post_formats: [ + "text/plain", + "text/html", + "text/markdown" + ], + quarantined_instances: [ + "search.fedi.app", + "freespeechextremist.com", + "gleasonator.com", + "gab.com", + "gab.ai", + "spinster.xyz", + "clubcyberia.co", + "glowers.club", + "shitposter.club", + "social.urspringer.de", + "pleroma.soykaf.com", + "nnia.space", + "kiwifarms.cc", + "wintermute.fr.to", + "anitwitter.moe", + "brighteon.social", + "cawfee.club", + "freefedifollowers.ga", + "glindr.org", + "humblr.social", + "jaeger.website", + "libre.tube", + "newjack.city", + "pawoo.net", + "pieville.net", + "play.xmr.101010.pl", + "skippers-bin.com", + "sneak.berlin", + "yggdrasil.social", + "anime.website", + "collapsitarian.io", + "bajax.us", + "nicecrew.digital", + "shortstackran.ch", + "kys.moe", + "beefyboys.win", + "detroitriotcity.com" + ] + +config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true, + base_url: "https://cache.domain.tld" + +config :pleroma, :fetch_initial_posts, + enabled: false, + pages: 1 + +config :pleroma, :shout, enabled: false + +config :pleroma, :mrf, + policies: [Pleroma.Web.ActivityPub.MRF.SimplePolicy] + +config :pleroma, :mrf_simple, + reject: [ + "search.fedi.app", + "freespeechextremist.com", + "gleasonator.com", + "gab.com", + "gab.ai", + "spinster.xyz", + "clubcyberia.co", + "glowers.club", + "shitposter.club", + "social.urspringer.de", + "pleroma.soykaf.com", + "nnia.space", + "kiwifarms.cc", + "wintermute.fr.to", + "anitwitter.moe", + "brighteon.social", + "cawfee.club", + "freefedifollowers.ga", + "glindr.org", + "humblr.social", + "jaeger.website", + "libre.tube", + "newjack.city", + "pawoo.net", + "pieville.net", + "play.xmr.101010.pl", + "skippers-bin.com", + "sneak.berlin", + "yggdrasil.social", + "anime.website", + "collapsitarian.io", + "bajax.us", + "nicecrew.digital", + "shortstackran.ch", + "kys.moe", + "beefyboys.win", + "detroitriotcity.com" + ] + +config :pleroma, :frontends, + primary: %{ + "name" => "pleroma", + "ref" => "stable" + }, + admin: %{ + "name" => "admin", + "ref" => "develop" + }, + fedife: %{ + "name" => "fedi-fe", + "ref" => "master" + }, + kenoma: %{ + "name" => "kenoma", + "ref" => "master" + } + +config :pleroma, :emoji, + shortcode_globs: ["/emoji/custom/**/*.png"], + groups: [ + "Anarchy": "/emoji/anarchy/*.png", + "Blobs": "/emoji/blob/*.png", + "Blobcat": "/emoji/blobcat/*.png", + "Catgirl": "/emoji/catgirl/*.png", + "Chaos": "/emoji/chaos/*.png", + "Comfy Blobcat": "/emoji/comfyblobcat/*.png", + 'etc': "/emoji/etc/*.png", + "Flags": "/emoji/flags/*.png", + "Flauschehorn": "/emoji/flauschehorn/*.png", + "Hacker ABC": "/emoji/hackerabc/*.png", + "Hearts": "/emoji/heart/*.png", + "Logos": "/emoji/logos/*.png", + "Menhera": "/emoji/menhera/*.png", + "Queer": "/emoji/queer/*.png", + "Signals": "/emoji/signals/*.png", + "Trains": "/emoji/trains/*.png" + ] + +config :pleroma, configurable_from_database: false + +config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.AnonymizeFilename, Pleroma.Upload.Filter.Dedupe]
diff --git a/machines/trabbi/pleroma/default.nix b/machines/trabbi/pleroma/default.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, ... }: + +{ + + age.secrets.restic-pleroma.file = ../../../secrets/trabbi/restic/pleroma.age; + + restic-backups.pleroma = { + user = "pleroma"; + passwordFile = config.age.secrets.restic-pleroma.path; + paths = [ "/var/lib/pleroma" ]; + postgresDatabases = [ "pleroma" ]; + }; + + dns.zones."ctu.cx".subdomains.pleroma.CNAME = [ "${config.networking.fqdn}." ]; + + systemd.services.pleroma.path = [ pkgs.exiftool ]; + systemd.services.pleroma.onFailure = [ "email-notify@%i.service" ]; + + services = { + postgresql = { + enable = true; + ensureDatabases = [ "pleroma" ]; + ensureUsers = [ + { + name = "pleroma"; + ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; + } + ]; + }; + + pleroma = { + enable = true; + configs = [ (lib.fileContents ./config.exs) ]; + secretConfigFile = "/var/lib/pleroma/secret.exs"; + }; + + nginx = { + enable = true; + virtualHosts = { + "pleroma.ctu.cx" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4000/"; + proxyWebsockets = true; + }; + }; + "ctu.cx" = { + enableACME = true; + forceSSL = true; + locations."/.well-known/host-meta".extraConfig = "return 301 https://pleroma.ctu.cx$request_uri;"; + }; + }; + }; + }; + +}
diff --git a/secrets/osterei/restic/pleroma.age b/secrets/osterei/restic/pleroma.age Binary files differ.
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -61,7 +61,6 @@ in { "osterei/mail/password-leah-ctu.cx.age".publicKeys = [ leah osterei ]; "osterei/mail/password-mail-zug.network.age".publicKeys = [ leah osterei ]; - "osterei/restic/pleroma.age".publicKeys = [ leah osterei ]; "osterei/restic/matrix-synapse.age".publicKeys = [ leah osterei ]; "osterei/restic/maddy.age".publicKeys = [ leah osterei ]; "osterei/restic/mail.age".publicKeys = [ leah osterei ]; @@ -78,5 +77,6 @@ in { "trabbi/restic/gitolite.age".publicKeys = [ leah trabbi ]; + "trabbi/restic/pleroma.age".publicKeys = [ leah trabbi ]; }
diff --git a/secrets/trabbi/restic/pleroma.age b/secrets/trabbi/restic/pleroma.age Binary files differ.