about summary refs log tree commit diff
path: root/modules/services/akkoma/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/akkoma/default.nix')
-rw-r--r--modules/services/akkoma/default.nix17
1 files changed, 14 insertions, 3 deletions
diff --git a/modules/services/akkoma/default.nix b/modules/services/akkoma/default.nix
index 3671cb4..c2e9347 100644
--- a/modules/services/akkoma/default.nix
+++ b/modules/services/akkoma/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 
 with lib;
 let
@@ -12,6 +12,8 @@ in
 {
   options.modules.services.akkoma = {
     enable = mkEnableOption "Akkoma instance";
+    package = mkOption { type = types.package; default = pkgs.akkoma; };
+
     domain = mkOption { type = types.str; };
     realHost = mkOption { type = types.str; };
     instanceName = mkOption { type = types.str; default = "Akkoma on ${cfg.domain}"; };
@@ -25,7 +27,7 @@ in
 
     services.akkoma = {
       enable = true;
-      package = pkgs.akkoma.overrideAttrs (old: {
+      package = cfg.package.overrideAttrs (old: {
         # Akkoma doesn't include OAuth2 dependencies by default
         # This can be obtained by running `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`.
         # The server should also be launched with the same environment variable set.
@@ -56,6 +58,13 @@ in
               sha256 = "06r10w0azlpypjgggar1lf7h2yazn2dpyicy97zxkjyxgf9jfc60";
             };
 
+            # There must be a way to configure this using config.exs and patchPhase,
+            # But just applying a patch is easier since patching ueberauth and
+            # this package didn't do the trick.
+            patches = [
+              ./0001-fix-scope.patch
+            ];
+
             beamDeps = [ oauth2 oldMixDeps.ueberauth ];
           };
         };
@@ -76,6 +85,7 @@ in
         let inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap mkTuple;
         in {
           ":pleroma"."Pleroma.Web.Endpoint".url.host = cfg.realHost;
+          ":pleroma"."Pleroma.Web.Endpoint".extra_cookie_attrs = [ "SameSite=Lax" ];
           ":pleroma"."Pleroma.Web.WebFinger".domain = cfg.domain;
           ":pleroma".":media_proxy".enabled = false;
           ":pleroma".":instance" = {
@@ -86,6 +96,7 @@ in
             notify_email = poorObfuscation cfg.domain "postmaster";
 
             registrations_open = false;
+            account_approval_required = true;
             invites_enabled = true;
 
             limit = 5000;
@@ -95,7 +106,7 @@ in
               logo = "/static/logo.png";
               # FIXME: https://akkoma.dev/AkkomaGang/akkoma/pulls/668
               # TODO: enable on next release
-              # loginMethod = "token";
+              loginMethod = "token";
             };
           };
           ":pleroma".":mrf" = {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 07:30:38 +0000