From a52a51542cb5b5c0fb31ce94bf0f6edc9066f07b Mon Sep 17 00:00:00 2001
From: RGBCube <RGBCube@users.noreply.github.com>
Date: Wed, 10 Jan 2024 23:18:22 +0300
Subject: [PATCH] Start writing akkoma config part 2

---
 hosts/cube/akkoma.nix | 63 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 59 insertions(+), 4 deletions(-)

diff --git a/hosts/cube/akkoma.nix b/hosts/cube/akkoma.nix
index 7a1b75d..ccfff53 100644
--- a/hosts/cube/akkoma.nix
+++ b/hosts/cube/akkoma.nix
@@ -1,18 +1,73 @@
 { config, ulib, ... }: with ulib;
 
 systemConfiguration {
-  services.akkoma = { # enabled {
+  services.akkoma = let
+    inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkTuple;
+
+    port = 4778;
+  in { # enabled {
     nginx = {
       forceSSL   = true;
       enableACME = true;
+    };
 
-      locations."/".proxyPass = "http://localhost:${toString cfg.port}";
+    config.":pleroma" = {
+      ":rich_media".enabled                = true;
+      ":static_fe".enabled                 = true;
+      "Pleroma.Captcha".enabled            = false;
+      "Pleroma.Emails.Mailer".enabled      = false;
+      "Pleroma.Web.Plugs.RemoteIp".enabled = true;
+    };
+
+    config.":pleroma".":assets".mascots = [{
+      url       = "https://social.${config.networking.domain}/static/cube.gif"; # TODO
+      mime_type = "image/gif";
+    }];
+
+    config.":pleroma".":instance" = {
+      name        = "RGBCube's Akkoma Server";
+      description = "RGBCube's Akkoma server, facism edition.";
+
+      email        = "rgbsphere@gmail.com";
+      notify_email = "rgbsphere@gmail.com";
+
+      limit        = 100000;
+      remote_limit = 100000;
+
+      upload_limit = 100000000; # 100MiB
+      cleanup_attachments = true;
+
+      registrations_open = false;
+      invites_enabled    = true;
+
+      max_pinned_statuses = 10;
+
+      safe_dm_mention = true;
+      healthcheck = true;
+
+      limit_to_local_content       = mkRaw ":unauthenticated";
+      external_user_syncronization = true;
+    };
+
+    config.":pleroma".":ldap" = {
+      enabled = true;
+      host = "127.0.0.1";
+      # Continue...
+    };
+
+    config.":pleroma".":rate_limit" = let
+      ratelimit = unauth: auth: [(mkTuple [1000 unauth]) (mkTuple [1000 auth])];
+    in {
+      authentication = mkTuple [60000 3];
+      timeline       = ratelimit 3 5;
+      search         = ratelimit 3 10;
     };
 
     config.":pleroma"."Pleroma.Web.Endpoint" = {
-      http.ip = "::";
+      http.ip  = "::";
+      http.port = port;
       url.host = "social.${config.networking.domain}";
-      url.port = 4778;
+      url.port = 443;
     };
   };
 }