2023-01-19 16:55:34 +01:00

{ pkgs, ... }:
deployment.mem = 2048;
networking = {
hostName = "tmppleroma";
firewall.allowedTCPPorts = [
80 443
environment.systemPackages = with pkgs; [ pleroma-otp ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "tmppleroma.hq.c3d2.de", scheme: "https", port: 443],
http: [ip: {127, 0, 0, 1}, port: 4000],
secret_key_base: "lcOBbHZPbGMkpfifPgn5UwUNy0twrSnZplGYceWQ6JZtG7vaUu0QpKy/vGkBVi2o",
signing_salt: "Li+Voq8h"
config :pleroma, :instance,
name: "Temporary Pleroma Instance",
email: "astro@c3d2.de",
notify_email: "astro@c3d2.de",
limit: 5000,
registrations_open: true
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
#base_url: "https://cache.pleroma.social"
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "ZSfzzg93MGLmEBrkKY3H//k2nhWTJZq4IBi/mDaIU9HcGE2gXdLLfSnak+Y5mpyj",
database: "pleroma",
hostname: "localhost"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:astro@c3d2.de",
public_key: "BIRoExJLLKr8qu5CjOcbEvv55DsxvcQrVhCmWKtKoYVi6uZRp6dL7V4_9zdyouolg60wKERt1wFaLr8v3BuZckE",
private_key: "hch8xAe2KkkpvXKTC6ybwxGJqhfFUPMFNU1ags5dgWU"
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
# Enable Strict-Transport-Security once SSL is working:
# config :pleroma, :http_security,
# sts: true
# Configure S3 support if desired.
# The public S3 endpoint (base_url) is different depending on region and provider,
# consult your S3 provider's documentation for details on what to use.
# config :pleroma, Pleroma.Upload,
# uploader: Pleroma.Uploaders.S3,
# base_url: "https://s3.amazonaws.com"
# config :pleroma, Pleroma.Uploaders.S3,
# bucket: "some-bucket",
# bucket_namespace: "my-namespace",
# truncated_namespace: nil,
# streaming_enabled: true
# Configure S3 credentials:
# config :ex_aws, :s3,
# access_key_id: "xxxxxxxxxxxxx",
# secret_access_key: "yyyyyyyyyyyy",
# region: "us-east-1",
# scheme: "https://"
# For using third-party S3 clones like wasabi, also do:
# config :ex_aws, :s3,
# host: "s3.wasabisys.com"
config :joken, default_signer: "u3DwPUxgU1n2v5DQT6lBt1p1hzq1E1YfIFUoADArzY2ZGRMt1trctw5tfAa9HmNn"
config :pleroma, configurable_from_database: true
services.nginx = {
enable = true;
virtualHosts."tmppleroma.hq.c3d2.de" = {
default = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "";