From 217fe05d812c0a1695202121a528c2fb97276db4 Mon Sep 17 00:00:00 2001 From: dusk Date: Fri, 7 Feb 2025 07:28:24 +0900 Subject: [PATCH] feat: add guestbook did --- hosts/wolumonde/modules/atproto.nix | 46 +++++++++------------ hosts/wolumonde/modules/nginx.nix | 1 + secrets/{dawn.did => dawn.gaze.systems.did} | 0 secrets/guestbook.gaze.systems.did | 26 ++++++++++++ 4 files changed, 47 insertions(+), 26 deletions(-) rename secrets/{dawn.did => dawn.gaze.systems.did} (100%) create mode 100644 secrets/guestbook.gaze.systems.did diff --git a/hosts/wolumonde/modules/atproto.nix b/hosts/wolumonde/modules/atproto.nix index 73533a2..23ca568 100644 --- a/hosts/wolumonde/modules/atproto.nix +++ b/hosts/wolumonde/modules/atproto.nix @@ -1,35 +1,29 @@ -{pkgs, ...}: let -in { - services.nginx.virtualHosts."gaze.systems" = let - _wellKnownFile = - pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; - wellKnownDir = pkgs.runCommand "well-known" {} '' - mkdir -p $out - cp ${_wellKnownFile} $out/atproto-did +{pkgs, lib, ...}: let + mkFileCopy = name: file: "cp ${file} $out/${name}"; + mkWellKnownDir = files: pkgs.runCommand "well-known" {} '' + mkdir -p $out + ${lib.concatStringsSep "\n" (lib.mapAttrsToList mkFileCopy files)} ''; - in { - locations."/.well-known/".extraConfig = '' - add_header content-type text/plain; - add_header access-control-allow-origin *; - alias ${wellKnownDir}/; - ''; - }; - services.nginx.virtualHosts."dawn.gaze.systems" = let - _atprotoDidFile = - pkgs.writeText "server" "did:web:dawn.gaze.systems"; - _didFile = ../../../secrets/dawn.did; - wellKnownDir = pkgs.runCommand "well-known" {} '' - mkdir -p $out - cp ${_didFile} $out/did.json - cp ${_atprotoDidFile} $out/atproto-did - ''; - in { + mkWellKnownCfg = files: { useACMEHost = "gaze.systems"; forceSSL = true; locations."/.well-known/".extraConfig = '' add_header content-type text/plain; add_header access-control-allow-origin *; - alias ${wellKnownDir}/; + alias ${mkWellKnownDir files}/; ''; }; + mkDidWebCfg = domain: { + "${domain}" = mkWellKnownCfg { + "did.json" = ../../../secrets/${domain}.did; + "atproto-did" = pkgs.writeText "server" "did:web:${domain}"; + }; + }; +in { + services.nginx.virtualHosts = { + "gaze.systems" = mkWellKnownCfg { + "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; + }; + } // (mkDidWebCfg "dawn.gaze.systems") + // (mkDidWebCfg "guestbook.gaze.systems"); } diff --git a/hosts/wolumonde/modules/nginx.nix b/hosts/wolumonde/modules/nginx.nix index eaf6867..078a239 100644 --- a/hosts/wolumonde/modules/nginx.nix +++ b/hosts/wolumonde/modules/nginx.nix @@ -24,6 +24,7 @@ "limbus.gaze.systems" # "bsky.gaze.systems" "dawn.gaze.systems" + "guestbook.gaze.systems" ]; }; }; diff --git a/secrets/dawn.did b/secrets/dawn.gaze.systems.did similarity index 100% rename from secrets/dawn.did rename to secrets/dawn.gaze.systems.did diff --git a/secrets/guestbook.gaze.systems.did b/secrets/guestbook.gaze.systems.did new file mode 100644 index 0000000..dcd8245 --- /dev/null +++ b/secrets/guestbook.gaze.systems.did @@ -0,0 +1,26 @@ +{ + "@context": [ + "https://www.w3.org/ns/did/v1", + "https://w3id.org/security/multikey/v1", + "https://w3id.org/security/suites/secp256k1-2019/v1" + ], + "id": "did:web:guestbook.gaze.systems", + "alsoKnownAs": [ + "at://guestbook.gaze.systems" + ], + "verificationMethod": [ + { + "id": "did:web:guestbook.gaze.systems#atproto", + "type": "Multikey", + "controller": "did:web:guestbook.gaze.systems", + "publicKeyMultibase": "zQ3shSiLsnqpyQ4SfDTT1D8qzFEoeYT8rSDXW6o8pVY7VcRBJ" + } + ], + "service": [ + { + "id": "#atproto_pds", + "type": "AtprotoPersonalDataServer", + "serviceEndpoint": "https://gaze.systems" + } + ] +}