feat: pds
This commit is contained in:
parent
2db7e26636
commit
0ab083a4f6
SSH Key Fingerprint:
SHA256:Abmvag+juovVufZTxyWY8KcVgrznxvBjQpJesv071Aw
975
flake.lock
generated
975
flake.lock
generated
File diff suppressed because it is too large
Load Diff
10
flake.nix
10
flake.nix
@ -29,8 +29,8 @@
|
||||
bernbot.url = "github:yusdacra/bernbot";
|
||||
bernbot.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
conduit.url = "gitlab:famedly/conduit/next";
|
||||
conduit.inputs.nixpkgs.follows = "nixpkgs";
|
||||
# conduit.url = "gitlab:famedly/conduit/next";
|
||||
# conduit.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# nil.url = "github:oxalica/nil";
|
||||
# nil.inputs.nixpkgs.follows = "nixpkgs";
|
||||
@ -47,10 +47,10 @@
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
musikquad.url = "git+https://git.gaze.systems/dusk/musikquadrupled.git";
|
||||
musikquad.inputs.nixpkgs.follows = "nixpkgs";
|
||||
# musikquad.url = "git+https://git.gaze.systems/dusk/musikquadrupled.git";
|
||||
# musikquad.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
musikspider.url = "git+https://git.gaze.systems/dusk/musikspider.git";
|
||||
# musikspider.url = "git+https://git.gaze.systems/dusk/musikspider.git";
|
||||
# musikspider.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
limbusart.url = "git+https://git.gaze.systems/dusk/limbusart.git";
|
||||
|
||||
@ -1,26 +1,35 @@
|
||||
{pkgs, ...}: let
|
||||
in {
|
||||
services.nginx.virtualHosts."gaze.systems" = let
|
||||
_wellKnownFile =
|
||||
pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";
|
||||
wellKnownFile = pkgs.runCommand "well-known" {} ''
|
||||
wellKnownDir = pkgs.runCommand "well-known" {} ''
|
||||
mkdir -p $out
|
||||
cp ${_wellKnownFile} $out/atproto-did
|
||||
'';
|
||||
in {
|
||||
services.nginx.virtualHosts."gaze.systems" = {
|
||||
in {
|
||||
locations."/.well-known/".extraConfig = ''
|
||||
add_header content-type text/plain;
|
||||
add_header access-control-allow-origin *;
|
||||
alias ${wellKnownFile}/;
|
||||
alias ${wellKnownDir}/;
|
||||
'';
|
||||
};
|
||||
# redirect any requests to my profile
|
||||
services.nginx.virtualHosts."bsky.gaze.systems" = {
|
||||
services.nginx.virtualHosts."dawn.gaze.systems" = let
|
||||
_atprotoDidFile =
|
||||
pkgs.writeText "server" "did:web:dawn.gaze.systems";
|
||||
_didFile = ../../../secrets/dawn.did;
|
||||
wellKnownDir = pkgs.runCommand "well-known" {} ''
|
||||
mkdir -p $out
|
||||
cp ${_didFile} $out/did.json
|
||||
cp ${_atprotoDidFile} $out/atproto-did
|
||||
'';
|
||||
in {
|
||||
useACMEHost = "gaze.systems";
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
location / {
|
||||
return 301 https://bsky.app/profile/gaze.systems$request_uri;
|
||||
}
|
||||
locations."/.well-known/".extraConfig = ''
|
||||
add_header content-type text/plain;
|
||||
add_header access-control-allow-origin *;
|
||||
alias ${wellKnownDir}/;
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
@ -16,13 +16,14 @@
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"git.gaze.systems"
|
||||
"ms.gaze.systems"
|
||||
"mq.gaze.systems"
|
||||
# "ms.gaze.systems"
|
||||
# "mq.gaze.systems"
|
||||
"couchdb.gaze.systems"
|
||||
"doc.gaze.systems"
|
||||
"pmart.gaze.systems"
|
||||
"limbus.gaze.systems"
|
||||
"bsky.gaze.systems"
|
||||
# "bsky.gaze.systems"
|
||||
"dawn.gaze.systems"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
73
hosts/wolumonde/modules/pds.nix
Normal file
73
hosts/wolumonde/modules/pds.nix
Normal file
@ -0,0 +1,73 @@
|
||||
{ config, ... }: {
|
||||
services.nginx.virtualHosts.${config.services.pds.settings.PDS_HOSTNAME} = {
|
||||
useACMEHost = "gaze.systems";
|
||||
forceSSL = true;
|
||||
# we only need to proxy /xrpc for pds to work
|
||||
# silly but i want root domain >:3
|
||||
locations."/xrpc" = {
|
||||
proxyPass = "http://localhost:${toString config.services.pds.settings.PDS_PORT}";
|
||||
# pass ws headers so we can actually proxy the ws
|
||||
extraConfig = ''
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
# higher prio just to make sure
|
||||
priority = 100;
|
||||
};
|
||||
};
|
||||
# setup pds stuff
|
||||
services.pds = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PDS_HOSTNAME = "gaze.systems";
|
||||
PDS_PORT = 1334;
|
||||
|
||||
PDS_SERVICE_NAME = ''"gazing at the sky"'';
|
||||
PDS_LOGO_URL = "https://gaze.systems/icons/gaze.png";
|
||||
|
||||
PDS_RATE_LIMITS_ENABLED = "true";
|
||||
PDS_INVITE_REQUIRED = "true";
|
||||
|
||||
PDS_DID_PLC_URL="https://plc.directory";
|
||||
PDS_BSKY_APP_VIEW_URL="https://api.bsky.app";
|
||||
PDS_BSKY_APP_VIEW_DID="did:web:api.bsky.app";
|
||||
PDS_REPORT_SERVICE_URL="https://mod.bsky.app";
|
||||
PDS_REPORT_SERVICE_DID="did:plc:ar7c4by46qjdydhdevvrndac";
|
||||
PDS_CRAWLERS="https://bsky.network";
|
||||
};
|
||||
environmentFiles = [config.age.secrets.pdsConfig.path];
|
||||
};
|
||||
|
||||
# virtualisation = {
|
||||
# podman = {
|
||||
# enable = true;
|
||||
# dockerCompat = true;
|
||||
# defaultNetwork.settings.dns_enabled = true;
|
||||
# };
|
||||
# oci-containers.containers = {
|
||||
# pds = {
|
||||
# image = "ghcr.io/bluesky-social/pds:0.4";
|
||||
# autoStart = true;
|
||||
# environmentFiles = [ ./pds.env config.age.secrets.pdsConfig.path ];
|
||||
# ports = [ "1334:1334" ];
|
||||
# volumes = [
|
||||
# "/var/lib/pds:/pds"
|
||||
# ];
|
||||
# extraOptions = [
|
||||
# #"--network=host"
|
||||
# "--label=io.containers.autoupdate=registry"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# # This is the podman auto-update systemd timer.
|
||||
# # If I start to rely on podman auto-update more, I should move this out of the PDS definition.
|
||||
# systemd.timers."podman-auto-update" = {
|
||||
# enable = true;
|
||||
# timerConfig = {
|
||||
# OnCalendar = "*-*-* 4:00:00";
|
||||
# Persistent = true;
|
||||
# };
|
||||
# wantedBy = [ "timers.target" ];
|
||||
# };
|
||||
}
|
||||
@ -17,4 +17,5 @@
|
||||
# owner = "xray";
|
||||
# group = "xray";
|
||||
};
|
||||
age.secrets.pdsConfig.file = ../../../secrets/pdsConfig.age;
|
||||
}
|
||||
|
||||
26
secrets/dawn.did
Normal file
26
secrets/dawn.did
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"@context": [
|
||||
"https://www.w3.org/ns/did/v1",
|
||||
"https://w3id.org/security/multikey/v1",
|
||||
"https://w3id.org/security/suites/secp256k1-2019/v1"
|
||||
],
|
||||
"id": "did:web:dawn.gaze.systems",
|
||||
"alsoKnownAs": [
|
||||
"at://dawn.gaze.systems"
|
||||
],
|
||||
"verificationMethod": [
|
||||
{
|
||||
"id": "did:web:dawn.gaze.systems#atproto",
|
||||
"type": "Multikey",
|
||||
"controller": "did:web:dawn.gaze.systems",
|
||||
"publicKeyMultibase": "zQ3shgM1xUBo5aLVavTm5v5id9isstiiSvxYnsoetTNbwz5fZ"
|
||||
}
|
||||
],
|
||||
"service": [
|
||||
{
|
||||
"id": "#atproto_pds",
|
||||
"type": "AtprotoPersonalDataServer",
|
||||
"serviceEndpoint": "https://gaze.systems"
|
||||
}
|
||||
]
|
||||
}
|
||||
BIN
secrets/pdsConfig.age
Normal file
BIN
secrets/pdsConfig.age
Normal file
Binary file not shown.
@ -12,4 +12,5 @@ in {
|
||||
"websiteConfig.age".publicKeys = [yusdacra wolumonde];
|
||||
"giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde];
|
||||
"xrayConfig.age".publicKeys = [yusdacra wolumonde];
|
||||
"pdsConfig.age".publicKeys = [yusdacra wolumonde];
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user