From 5bb62496b7607e29dd09bafa432f15016c569cf0 Mon Sep 17 00:00:00 2001 From: twoneis Date: Sun, 11 May 2025 21:09:57 +0200 Subject: [PATCH] still crashes but guh --- devices/ellaca/options.nix | 8 +- modules/fedi/iceshrimp/default.nix | 144 +++++++++++++++++++++++++-- modules/fedi/iceshrimp/iceshrimp.nix | 1 - options.nix | 10 ++ 4 files changed, 155 insertions(+), 8 deletions(-) diff --git a/devices/ellaca/options.nix b/devices/ellaca/options.nix index ee4f27d..7ad24fe 100644 --- a/devices/ellaca/options.nix +++ b/devices/ellaca/options.nix @@ -42,7 +42,13 @@ in { base = web-domain; }; email = "akkoma@${email-domain}"; - iceshrimp.enable = true; + iceshrimp = { + enable = true; + domain = { + full = "shrimp.${web-domain}"; + base = web-domain; + }; + }; }; matrix = { diff --git a/modules/fedi/iceshrimp/default.nix b/modules/fedi/iceshrimp/default.nix index 2ffe691..c456e5c 100644 --- a/modules/fedi/iceshrimp/default.nix +++ b/modules/fedi/iceshrimp/default.nix @@ -31,16 +31,149 @@ in { config = mkIf cfg.enable { environment.systemPackages = [iceshrimp]; + services.nginx.virtualHosts.${cfg.domain.full} = { + useACMEHost = cfg.domain.base; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; + }; + }; + + users = { + users.iceshrimp = { + description = "Iceshrimp user"; + group = "iceshrimp"; + isSystemUser = true; + }; + groups.iceshrimp = { + }; + }; + services.iceshrimp = { settings = { Instance = { ListenPort = 3000; - ListenHost = "localhost"; + ListenHost = "http://localhost"; WebDomain = cfg.domain.full; AccountDomain = cfg.domain.full; + + CharacterLimit = 8192; }; Security = { + AuthorizedFetch = true; + + Registrations = "Open"; + + FederationMode = "BlockList"; + + ExposeFederationList = "Public"; + ExposeBlockReason = "Public"; + + PublicPreview = "Public"; + }; + Performance = { + FederationRequestHandlerConcurrency = 0; + }; + "Performance:QueueConcurrency" = { + Inbox = 4; + Deliver = 20; + PreDeliver = 4; + BackgroundTask = 4; + Backfill = 10; + BackfillUser = 10; + }; + "Backfill:User" = { + Enabled = true; + MaxItems = 100; + RefreshAfter = "30d"; + }; + "Backfill:Replies" = { + Enabled = true; + FetchAsUser = true; + NewNoteDelay = "5m"; + RefreshAfter = "15m"; + }; + "Queue:JobRetention" = { + Completed = 10; + Failed = 100; + }; + Database = { + Host = "localhost"; + Port = 5432; + Database = "iceshrimp"; + Username = "iceshrimp"; + Password = "iceshrimp"; + + Multiplexing = true; + }; + Storage = { + Provider = "Local"; + MaxUploadSize = "10G"; + MaxCacheSize = "20M"; + MediaRetention = "30d"; + CleanAvatars = false; + CleanBanners = false; + ProxyRemoteMedia = true; + }; + "Storage:Local" = { + Path = "/var/lib/iceshrimp.net/files/media"; + }; + "Storage:MediaProcessing" = { + ImageProcessor = "ImageSharp"; + LocalOnly = false; + MaxFileSize = "10M"; + MaxResolutionMpx = 20; + FailIfImageExceedsMaxRes = true; + ImageProcessorConcurrency = 8; + }; + "Storage:MediaProcessing:ImagePipeline:Original:Local" = { + Format = "Keep"; + }; + + "Storage:MediaProcessing:ImagePipeline:Original:Remote" = { + Format = "Keep"; + }; + + "Storage:MediaProcessing:ImagePipeline:Thumbnail:Local" = { + Format = "Webp"; + TargetRes = 1000; + }; + + "Storage:MediaProcessing:ImagePipeline:Thumbnail:Remote" = { + Format = "Webp"; + TargetRes = 1000; + QualityFactorPngSource = 75; + }; + + "Storage:MediaProcessing:ImagePipeline:Public:Local" = { + Format = "Webp"; + TargetRes = 2048; + }; + + "Storage:MediaProcessing:ImagePipeline:Public:Remote" = { + Format = "None"; + }; + + "Logging:LogLevel" = { + Default = "Information"; + "Iceshrimp " = "Information"; + "Microsoft.AspNetCore" = "Warning"; + "Microsoft.EntityFrameworkCore" = "Warning"; + "Microsoft.EntityFrameworkCore.Update" = "Critical"; + "Microsoft.EntityFrameworkCore.Migrations" = "Information"; + "Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager" = "Critical"; + "Iceshrimp.Backend.SignalR.Authentication.HubAuthenticationHandler" = "Warning"; }; }; }; @@ -50,7 +183,7 @@ in { description = "Iceshrimp.NET daemon"; environment = { - ICESHRIMP_CONFIG_OVERRIDES = settings; + ICESHRIMP_CONFIG = settings; MALLOC_TRIM_TRESHOLD = "131072"; }; @@ -67,16 +200,15 @@ in { WorkingDirectory = "${iceshrimp}/usr/share"; SysLogIdentifier = "iceshrimp.net"; - ExecStart = "${iceshrimp}/usr/share/Iceshrimp.Backend --migrate-and-start"; + ExecStart = "${iceshrimp}/bin/iceshrimp --migrate-and-start"; ReadOnlyPaths = [ - "${iceshrimp}/usr/share" - "${iceshrimp}/etc/configuration.ini" + "${iceshrimp}" "${settings}" ]; ReadWritePaths = [ - "/var/lib/iceshrimp.net/files" + "/var/lib/iceshrimp.net/" "/var/lib/iceshrimp/iceshrimp.net.sock" ]; diff --git a/modules/fedi/iceshrimp/iceshrimp.nix b/modules/fedi/iceshrimp/iceshrimp.nix index 74a17aa..94f56f7 100644 --- a/modules/fedi/iceshrimp/iceshrimp.nix +++ b/modules/fedi/iceshrimp/iceshrimp.nix @@ -46,6 +46,5 @@ stdenv.mkDerivation { postFixup = '' makeWrapper $out/usr/share/Iceshrimp.Backend $out/bin/iceshrimp \ --set DOTNET_ROOT ${dotnetCorePackages.sdk_9_0}/share/dotnet/ \ - --set ICESHRIMP_CONFIG $out/etc/configuration.ini \ ''; } diff --git a/options.nix b/options.nix index 35f932c..fcc3b87 100644 --- a/options.nix +++ b/options.nix @@ -197,6 +197,16 @@ in { type = bool; default = false; }; + domain = { + full = mkOption { + type = nullOr str; + default = null; + }; + base = mkOption { + type = nullOr str; + default = null; + }; + }; }; domain = { full = mkOption {