From 6f36cfe0071c72254945fd5ce12bc24209ed845f Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Sun, 17 Dec 2023 22:43:54 +0800
Subject: [PATCH] services.akkoma: init

---
 flake.nix                    |  1 +
 modules/services/akkoma.nix  | 51 ++++++++++++++++++++++++++++++++++++
 modules/services/default.nix |  1 +
 secrets/vps7/default.yaml    |  5 ++--
 4 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 modules/services/akkoma.nix

diff --git a/flake.nix b/flake.nix
index e6cf2a69..46c48f37 100644
--- a/flake.nix
+++ b/flake.nix
@@ -348,6 +348,7 @@
                   wireguardIp = "192.168.83.2";
                   externalIp = "95.111.228.40";
                 };
+                akkoma.enable = true;
               };
             };
             nas =
diff --git a/modules/services/akkoma.nix b/modules/services/akkoma.nix
new file mode 100644
index 00000000..64787351
--- /dev/null
+++ b/modules/services/akkoma.nix
@@ -0,0 +1,51 @@
+inputs:
+{
+  options.nixos.services.akkoma = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    hostname = mkOption { type = types.str; default = "akkoma.chn.moe"; };
+  };
+  config =
+    let
+      inherit (inputs.config.nixos.services) akkoma;
+      inherit (inputs.lib) mkIf;
+    in mkIf akkoma.enable
+    {
+      services.akkoma =
+      {
+        enable = true;
+        config.":pleroma" =
+        {
+          "Pleroma.Web.Endpoint".url.host = akkoma.hostname;
+          "Pleroma.Repo" =
+          {
+            adapter = (inputs.pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
+            hostname = "127.0.0.1";
+            username = "akkoma";
+            password._secret = inputs.config.sops.secrets."akkoma/db".path;
+            database = "akkoma";
+          };
+          ":instance" =
+          {
+            name = "艹";
+            email = "grass@grass.squre";
+            description = "艹艹艹艹艹";
+          };
+        };
+      };
+      nixos.services =
+      {
+        nginx =
+        {
+          enable = true;
+          https."${akkoma.hostname}" =
+          {
+            global.tlsCert = "/var/lib/akkoma";
+            location."/".proxy = { upstream = "http://127.0.0.1:4000"; websocket = true; };
+          };
+        };
+        postgresql.instances.akkoma = {};
+      };
+      sops.secrets."akkoma/db" = { owner = "akkoma"; key = "postgresql/akkoma"; };
+    };
+}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index c9453eed..b2e3b334 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -39,6 +39,7 @@ inputs:
     ./grafana.nix
     ./fail2ban.nix
     ./wireguard.nix
+    ./akkoma.nix
   ];
   options.nixos.services = let inherit (inputs.lib) mkOption types; in
   {
diff --git a/secrets/vps7/default.yaml b/secrets/vps7/default.yaml
index 046e8826..1a2f38a1 100644
--- a/secrets/vps7/default.yaml
+++ b/secrets/vps7/default.yaml
@@ -24,6 +24,7 @@ postgresql:
     mastodon: ENC[AES256_GCM,data:IQxoNjZILazu5cxkEzFAqqmGSsOffMQHoRB7AC2NqI/+CJSVsfdwiSVfxN+Jc9dmrqCjscUSxaWCMHnrZj/JyQ==,iv:d6tyj/w0uH2E3qHjEcopVhnmE/Pq0qN9PHthSArryyw=,tag:kfJsxqkErFcG11B0CmiIKw==,type:str]
     gitea: ENC[AES256_GCM,data:EAuFPlUFvtARh4wbevoIUwZ886nS+3O9Jy7q/SkaTDx7PkQKGhZcPPxY45AG0QQrjSaI3cGLzDBMutFMXP0BMA==,iv:0cLOsopAfyMLHJDowyZirVR5nqLrjSLHYtnPC8GXReE=,tag:BwG5UibGLS16rwJbH/0ZyQ==,type:str]
     grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
+    akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
 meilisearch:
     misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
 rsshub:
@@ -118,8 +119,8 @@ sops:
             SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
             HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-17T11:52:05Z"
-    mac: ENC[AES256_GCM,data:q+zaY8o4v/P+uAMCmQPKkkm9tPDUhWeVW1nyKHMMLDlBZ/8wI7plJkiBdZAUI4Vk62yxrrV1qVLZwMZba3fFW0EAyt0dRzNHJCT/lbNdiOfG4yIIyXxs6UvZgFXEliFUh+jmgMhFgaQOdZSReSyNByxEP9U8c1H354CbyMqUdEg=,iv:ZdOoa50Lw2fG2GrDj2qUKrjHRsQTKCBp3cJY9O4jb68=,tag:V5KmW9uKmqhHOz3jMFx/5A==,type:str]
+    lastmodified: "2023-12-17T14:39:51Z"
+    mac: ENC[AES256_GCM,data:W07NZGIKm0sx1g/DBB5IRZItomTKjj5m+AnWYT1lck11hwH20kjH21zm++VtNpS4j+ay/5Y3e9zkWSFpk3C8AFxvB/2r8gVhcNF5stCGCj4Exc2OTE+g2m6yp4ZMkgXZDidlc1by6pNah6nf7lk1W/sZ5ViMdlMonERCoOiOmf0=,iv:sFEs5FSKp29bXZQPBWoQ71ippu2XxLPl8b5hSzG0Gbk=,tag:/Jio9+sysSrpFKMYBVWGpw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1