dusk/ark
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: pds

Browse Source
This commit is contained in:
dusk 2025-02-04 20:37:21 +09:00
parent 2db7e26636
commit 0ab083a4f6
Signed by: dusk
SSH Key Fingerprint: SHA256:Abmvag+juovVufZTxyWY8KcVgrznxvBjQpJesv071Aw
11 changed files with 304 additions and 826 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

975
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

10
flake.nix
View File

@ -29,8 +29,8 @@
bernbot.url = "github:yusdacra/bernbot"; bernbot.url = "github:yusdacra/bernbot";
bernbot.inputs.nixpkgs.follows = "nixpkgs"; bernbot.inputs.nixpkgs.follows = "nixpkgs";
conduit.url = "gitlab:famedly/conduit/next"; # conduit.url = "gitlab:famedly/conduit/next";
conduit.inputs.nixpkgs.follows = "nixpkgs"; # conduit.inputs.nixpkgs.follows = "nixpkgs";
# nil.url = "github:oxalica/nil"; # nil.url = "github:oxalica/nil";
# nil.inputs.nixpkgs.follows = "nixpkgs"; # nil.inputs.nixpkgs.follows = "nixpkgs";
@ -47,10 +47,10 @@
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
musikquad.url = "git+https://git.gaze.systems/dusk/musikquadrupled.git"; # musikquad.url = "git+https://git.gaze.systems/dusk/musikquadrupled.git";
musikquad.inputs.nixpkgs.follows = "nixpkgs"; # musikquad.inputs.nixpkgs.follows = "nixpkgs";
musikspider.url = "git+https://git.gaze.systems/dusk/musikspider.git"; # musikspider.url = "git+https://git.gaze.systems/dusk/musikspider.git";
# musikspider.inputs.nixpkgs.follows = "nixpkgs"; # musikspider.inputs.nixpkgs.follows = "nixpkgs";
limbusart.url = "git+https://git.gaze.systems/dusk/limbusart.git"; limbusart.url = "git+https://git.gaze.systems/dusk/limbusart.git";

27
hosts/wolumonde/modules/atproto.nix
View File

@ -1,26 +1,35 @@
{pkgs, ...}: let {pkgs, ...}: let
in {
services.nginx.virtualHosts."gaze.systems" = let
_wellKnownFile = _wellKnownFile =
pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";
wellKnownFile = pkgs.runCommand "well-known" {} '' wellKnownDir = pkgs.runCommand "well-known" {} ''
mkdir -p $out mkdir -p $out
cp ${_wellKnownFile} $out/atproto-did cp ${_wellKnownFile} $out/atproto-did
''; '';
in { in {
services.nginx.virtualHosts."gaze.systems" = {
locations."/.well-known/".extraConfig = '' locations."/.well-known/".extraConfig = ''
add_header content-type text/plain; add_header content-type text/plain;
add_header access-control-allow-origin *; add_header access-control-allow-origin *;
alias ${wellKnownFile}/; alias ${wellKnownDir}/;
''; '';
}; };
# redirect any requests to my profile services.nginx.virtualHosts."dawn.gaze.systems" = let
services.nginx.virtualHosts."bsky.gaze.systems" = { _atprotoDidFile =
pkgs.writeText "server" "did:web:dawn.gaze.systems";
_didFile = ../../../secrets/dawn.did;
wellKnownDir = pkgs.runCommand "well-known" {} ''
mkdir -p $out
cp ${_didFile} $out/did.json
cp ${_atprotoDidFile} $out/atproto-did
'';
in {
useACMEHost = "gaze.systems"; useACMEHost = "gaze.systems";
forceSSL = true; forceSSL = true;
extraConfig = '' locations."/.well-known/".extraConfig = ''
location / { add_header content-type text/plain;
return 301 https://bsky.app/profile/gaze.systems$request_uri; add_header access-control-allow-origin *;
} alias ${wellKnownDir}/;
''; '';
}; };
} }

0
hosts/wolumonde/modules/musikquadrupled.nix → hosts/wolumonde/modules/musikquadrupled.disabled
View File

0
hosts/wolumonde/modules/musikspider.nix → hosts/wolumonde/modules/musikspider.disabled
View File

7
hosts/wolumonde/modules/nginx.nix
View File

@ -16,13 +16,14 @@
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [ extraDomainNames = [
"git.gaze.systems" "git.gaze.systems"
"ms.gaze.systems" # "ms.gaze.systems"
"mq.gaze.systems" # "mq.gaze.systems"
"couchdb.gaze.systems" "couchdb.gaze.systems"
"doc.gaze.systems" "doc.gaze.systems"
"pmart.gaze.systems" "pmart.gaze.systems"
"limbus.gaze.systems" "limbus.gaze.systems"
"bsky.gaze.systems" # "bsky.gaze.systems"
"dawn.gaze.systems"
]; ];
}; };
}; };

73
hosts/wolumonde/modules/pds.nix Normal file
View File

@ -0,0 +1,73 @@
{ config, ... }: {
services.nginx.virtualHosts.${config.services.pds.settings.PDS_HOSTNAME} = {
useACMEHost = "gaze.systems";
forceSSL = true;
# we only need to proxy /xrpc for pds to work
# silly but i want root domain >:3
locations."/xrpc" = {
proxyPass = "http://localhost:${toString config.services.pds.settings.PDS_PORT}";
# pass ws headers so we can actually proxy the ws
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
# higher prio just to make sure
priority = 100;
};
};
# setup pds stuff
services.pds = {
enable = true;
settings = {
PDS_HOSTNAME = "gaze.systems";
PDS_PORT = 1334;
PDS_SERVICE_NAME = ''"gazing at the sky"'';
PDS_LOGO_URL = "https://gaze.systems/icons/gaze.png";
PDS_RATE_LIMITS_ENABLED = "true";
PDS_INVITE_REQUIRED = "true";
PDS_DID_PLC_URL="https://plc.directory";
PDS_BSKY_APP_VIEW_URL="https://api.bsky.app";
PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app";
PDS_REPORT_SERVICE_URL="https://mod.bsky.app";
PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac";
PDS_CRAWLERS="https://bsky.network";
};
environmentFiles = [config.age.secrets.pdsConfig.path];
};
# virtualisation = {
# podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
# oci-containers.containers = {
# pds = {
# image = "ghcr.io/bluesky-social/pds:0.4";
# autoStart = true;
# environmentFiles = [ ./pds.env config.age.secrets.pdsConfig.path ];
# ports = [ "1334:1334" ];
# volumes = [
# "/var/lib/pds:/pds"
# ];
# extraOptions = [
# #"--network=host"
# "--label=io.containers.autoupdate=registry"
# ];
# };
# };
# };
# # This is the podman auto-update systemd timer.
# # If I start to rely on podman auto-update more, I should move this out of the PDS definition.
# systemd.timers."podman-auto-update" = {
# enable = true;
# timerConfig = {
# OnCalendar = "*-*-* 4:00:00";
# Persistent = true;
# };
# wantedBy = [ "timers.target" ];
# };
}

1
hosts/wolumonde/modules/secrets.nix
View File

@ -17,4 +17,5 @@
# owner = "xray"; # owner = "xray";
# group = "xray"; # group = "xray";
}; };
age.secrets.pdsConfig.file = ../../../secrets/pdsConfig.age;
} }

26
secrets/dawn.did Normal file
View File

@ -0,0 +1,26 @@
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/multikey/v1",
"https://w3id.org/security/suites/secp256k1-2019/v1"
],
"id": "did:web:dawn.gaze.systems",
"alsoKnownAs": [
"at://dawn.gaze.systems"
],
"verificationMethod": [
{
"id": "did:web:dawn.gaze.systems#atproto",
"type": "Multikey",
"controller": "did:web:dawn.gaze.systems",
"publicKeyMultibase": "zQ3shgM1xUBo5aLVavTm5v5id9isstiiSvxYnsoetTNbwz5fZ"
}
],
"service": [
{
"id": "#atproto_pds",
"type": "AtprotoPersonalDataServer",
"serviceEndpoint": "https://gaze.systems"
}
]
}

BIN
secrets/pdsConfig.age Normal file
View File

Binary file not shown.

1
secrets/secrets.nix
View File

@ -12,4 +12,5 @@ in {
"websiteConfig.age".publicKeys = [yusdacra wolumonde]; "websiteConfig.age".publicKeys = [yusdacra wolumonde];
"giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde]; "giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde];
"xrayConfig.age".publicKeys = [yusdacra wolumonde]; "xrayConfig.age".publicKeys = [yusdacra wolumonde];
"pdsConfig.age".publicKeys = [yusdacra wolumonde];
} }