diff --git a/devices/ellaca/options.nix b/devices/ellaca/options.nix
index ee4f27d..7ad24fe 100644
--- a/devices/ellaca/options.nix
+++ b/devices/ellaca/options.nix
@@ -42,7 +42,13 @@ in {
base = web-domain;
};
email = "akkoma@${email-domain}";
- iceshrimp.enable = true;
+ iceshrimp = {
+ enable = true;
+ domain = {
+ full = "shrimp.${web-domain}";
+ base = web-domain;
+ };
+ };
};
matrix = {
diff --git a/modules/fedi/iceshrimp/default.nix b/modules/fedi/iceshrimp/default.nix
index 2ffe691..c456e5c 100644
--- a/modules/fedi/iceshrimp/default.nix
+++ b/modules/fedi/iceshrimp/default.nix
@@ -31,16 +31,149 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [iceshrimp];
+ services.nginx.virtualHosts.${cfg.domain.full} = {
+ useACMEHost = cfg.domain.base;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://localhost:3000";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $connection_upgrade;
+ '';
+ };
+ };
+ };
+
+ users = {
+ users.iceshrimp = {
+ description = "Iceshrimp user";
+ group = "iceshrimp";
+ isSystemUser = true;
+ };
+ groups.iceshrimp = {
+ };
+ };
+
services.iceshrimp = {
settings = {
Instance = {
ListenPort = 3000;
- ListenHost = "localhost";
+ ListenHost = "http://localhost";
WebDomain = cfg.domain.full;
AccountDomain = cfg.domain.full;
+
+ CharacterLimit = 8192;
};
Security = {
+ AuthorizedFetch = true;
+
+ Registrations = "Open";
+
+ FederationMode = "BlockList";
+
+ ExposeFederationList = "Public";
+ ExposeBlockReason = "Public";
+
+ PublicPreview = "Public";
+ };
+ Performance = {
+ FederationRequestHandlerConcurrency = 0;
+ };
+ "Performance:QueueConcurrency" = {
+ Inbox = 4;
+ Deliver = 20;
+ PreDeliver = 4;
+ BackgroundTask = 4;
+ Backfill = 10;
+ BackfillUser = 10;
+ };
+ "Backfill:User" = {
+ Enabled = true;
+ MaxItems = 100;
+ RefreshAfter = "30d";
+ };
+ "Backfill:Replies" = {
+ Enabled = true;
+ FetchAsUser = true;
+ NewNoteDelay = "5m";
+ RefreshAfter = "15m";
+ };
+ "Queue:JobRetention" = {
+ Completed = 10;
+ Failed = 100;
+ };
+ Database = {
+ Host = "localhost";
+ Port = 5432;
+ Database = "iceshrimp";
+ Username = "iceshrimp";
+ Password = "iceshrimp";
+
+ Multiplexing = true;
+ };
+ Storage = {
+ Provider = "Local";
+ MaxUploadSize = "10G";
+ MaxCacheSize = "20M";
+ MediaRetention = "30d";
+ CleanAvatars = false;
+ CleanBanners = false;
+ ProxyRemoteMedia = true;
+ };
+ "Storage:Local" = {
+ Path = "/var/lib/iceshrimp.net/files/media";
+ };
+ "Storage:MediaProcessing" = {
+ ImageProcessor = "ImageSharp";
+ LocalOnly = false;
+ MaxFileSize = "10M";
+ MaxResolutionMpx = 20;
+ FailIfImageExceedsMaxRes = true;
+ ImageProcessorConcurrency = 8;
+ };
+ "Storage:MediaProcessing:ImagePipeline:Original:Local" = {
+ Format = "Keep";
+ };
+
+ "Storage:MediaProcessing:ImagePipeline:Original:Remote" = {
+ Format = "Keep";
+ };
+
+ "Storage:MediaProcessing:ImagePipeline:Thumbnail:Local" = {
+ Format = "Webp";
+ TargetRes = 1000;
+ };
+
+ "Storage:MediaProcessing:ImagePipeline:Thumbnail:Remote" = {
+ Format = "Webp";
+ TargetRes = 1000;
+ QualityFactorPngSource = 75;
+ };
+
+ "Storage:MediaProcessing:ImagePipeline:Public:Local" = {
+ Format = "Webp";
+ TargetRes = 2048;
+ };
+
+ "Storage:MediaProcessing:ImagePipeline:Public:Remote" = {
+ Format = "None";
+ };
+
+ "Logging:LogLevel" = {
+ Default = "Information";
+ "Iceshrimp " = "Information";
+ "Microsoft.AspNetCore" = "Warning";
+ "Microsoft.EntityFrameworkCore" = "Warning";
+ "Microsoft.EntityFrameworkCore.Update" = "Critical";
+ "Microsoft.EntityFrameworkCore.Migrations" = "Information";
+ "Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager" = "Critical";
+ "Iceshrimp.Backend.SignalR.Authentication.HubAuthenticationHandler" = "Warning";
};
};
};
@@ -50,7 +183,7 @@ in {
description = "Iceshrimp.NET daemon";
environment = {
- ICESHRIMP_CONFIG_OVERRIDES = settings;
+ ICESHRIMP_CONFIG = settings;
MALLOC_TRIM_TRESHOLD = "131072";
};
@@ -67,16 +200,15 @@ in {
WorkingDirectory = "${iceshrimp}/usr/share";
SysLogIdentifier = "iceshrimp.net";
- ExecStart = "${iceshrimp}/usr/share/Iceshrimp.Backend --migrate-and-start";
+ ExecStart = "${iceshrimp}/bin/iceshrimp --migrate-and-start";
ReadOnlyPaths = [
- "${iceshrimp}/usr/share"
- "${iceshrimp}/etc/configuration.ini"
+ "${iceshrimp}"
"${settings}"
];
ReadWritePaths = [
- "/var/lib/iceshrimp.net/files"
+ "/var/lib/iceshrimp.net/"
"/var/lib/iceshrimp/iceshrimp.net.sock"
];
diff --git a/modules/fedi/iceshrimp/iceshrimp.nix b/modules/fedi/iceshrimp/iceshrimp.nix
index 74a17aa..94f56f7 100644
--- a/modules/fedi/iceshrimp/iceshrimp.nix
+++ b/modules/fedi/iceshrimp/iceshrimp.nix
@@ -46,6 +46,5 @@ stdenv.mkDerivation {
postFixup = ''
makeWrapper $out/usr/share/Iceshrimp.Backend $out/bin/iceshrimp \
--set DOTNET_ROOT ${dotnetCorePackages.sdk_9_0}/share/dotnet/ \
- --set ICESHRIMP_CONFIG $out/etc/configuration.ini \
'';
}
diff --git a/options.nix b/options.nix
index 35f932c..fcc3b87 100644
--- a/options.nix
+++ b/options.nix
@@ -197,6 +197,16 @@ in {
type = bool;
default = false;
};
+ domain = {
+ full = mkOption {
+ type = nullOr str;
+ default = null;
+ };
+ base = mkOption {
+ type = nullOr str;
+ default = null;
+ };
+ };
};
domain = {
full = mkOption {