From d1eb9cc98163ef009cf652feb421eb9b7b3c267d Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Fri, 31 Jan 2025 14:54:40 +0000 Subject: [PATCH] nixos/toot: Add BlueSky PDS --- flake.lock | 6 +-- .../vms/shill/containers/middleman/vhosts.nix | 10 +++++ .../colony/vms/shill/containers/toot.nix | 38 ++++++++++++++++++- nixos/modules/tmproot.nix | 10 +++++ secrets/toot/pds.env.age | 18 +++++++++ 5 files changed, 77 insertions(+), 5 deletions(-) create mode 100644 secrets/toot/pds.env.age diff --git a/flake.lock b/flake.lock index 850f280..028866a 100644 --- a/flake.lock +++ b/flake.lock @@ -545,11 +545,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1732985787, - "narHash": "sha256-6rSJ9L4QywpHLi/xvpOHdTuPm6/eOJcXxnYzDbP3U1k=", + "lastModified": 1738258527, + "narHash": "sha256-qMRx0rK9VDEdd69Vdjmh8opSAtQGcE8qz0goQ+qt7Jk=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "a28c46933ef5038fb7a2dd483b85152a539c7969", + "rev": "fcf13e28c9c9aacfde5096ef45c55491eeb233e9", "type": "github" }, "original": { diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index 9e2d070..9d939b8 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -49,6 +49,7 @@ let "/.well-known/webfinger".return = "301 https://toot.nul.ie$request_uri"; "/.well-known/nodeinfo".return = "301 https://toot.nul.ie$request_uri"; "/.well-known/host-meta".return = "301 https://toot.nul.ie$request_uri"; + "/.well-known/atproto-did".return = "301 https://pds.nul.ie$request_uri"; }; in { @@ -326,6 +327,15 @@ in useACMEHost = pubDomain; }; + "pds.nul.ie" = { + locations."/" = { + proxyPass = "http://toot-ctr.${domain}:3000"; + proxyWebsockets = true; + extraConfig = proxyHeaders; + }; + useACMEHost = pubDomain; + }; + "share.${pubDomain}" = { locations."/" = { proxyPass = "http://object-ctr.${domain}:9090"; diff --git a/nixos/boxes/colony/vms/shill/containers/toot.nix b/nixos/boxes/colony/vms/shill/containers/toot.nix index 098d443..5951c7e 100644 --- a/nixos/boxes/colony/vms/shill/containers/toot.nix +++ b/nixos/boxes/colony/vms/shill/containers/toot.nix @@ -26,6 +26,8 @@ in let inherit (lib) mkMerge mkIf genAttrs; inherit (lib.my) networkdAssignment systemdAwaitPostgres; + + pdsPort = 3000; in { config = mkMerge [ @@ -36,7 +38,7 @@ in secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSslLkDe54AKYzxdtKD70zcU72W0EpYsfbdJ6UFq0QK"; - files = genAttrs + files = (genAttrs (map (f: "toot/${f}") [ "postgres-password.txt" "secret-key.txt" @@ -48,7 +50,12 @@ in (_: with config.services.mastodon; { owner = user; inherit group; - }); + })) // { + "toot/pds.env" = { + owner = "pds"; + group = "pds"; + }; + }; }; firewall = { @@ -56,6 +63,7 @@ in 19999 "http" + pdsPort ]; }; }; @@ -155,6 +163,32 @@ in }; }; }; + + pds = { + enable = true; + environmentFiles = [ config.age.secrets."toot/pds.env".path ]; + settings = { + PDS_HOSTNAME = "pds.nul.ie"; + PDS_PORT = pdsPort; + + PDS_BLOBSTORE_DISK_LOCATION = null; + PDS_BLOBSTORE_S3_BUCKET = "pds"; + PDS_BLOBSTORE_S3_ENDPOINT = "https://s3.nul.ie/"; + PDS_BLOBSTORE_S3_REGION = "eu-central-1"; + PDS_BLOBSTORE_S3_ACCESS_KEY_ID = "pds"; + PDS_BLOB_UPLOAD_LIMIT = "52428800"; + + PDS_EMAIL_FROM_ADDRESS = "pds@nul.ie"; + + PDS_DID_PLC_URL = "https://plc.directory"; + PDS_INVITE_REQUIRED = 1; + PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app"; + PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app"; + PDS_REPORT_SERVICE_URL = "https://mod.bsky.app"; + PDS_REPORT_SERVICE_DID = "did:plc:ar7c4by46qjdydhdevvrndac"; + PDS_CRAWLERS = "https://bsky.network"; + }; + }; }; } (mkIf config.my.build.isDevVM { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index d9a0e78..21c8eca 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -551,6 +551,16 @@ in ]; }); }) + (mkIf config.services.pds.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/pds"; + mode = "0750"; + user = "pds"; + group = "pds"; + } + ]; + }) ])) ]); diff --git a/secrets/toot/pds.env.age b/secrets/toot/pds.env.age new file mode 100644 index 0000000..9e777a8 --- /dev/null +++ b/secrets/toot/pds.env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDYySmNjQSBONnFw +QVduaWJac2hVVDl0bHY5dXFQSkFUNGlWaTNUbGkxN3d1RWpSZGdRCmpBZ2pLZHZ0 +V21EenE0U3lYblp3dTFyRlRrMGVjWGpxdVVRWW5pcnpCVlUKLT4gWDI1NTE5IEx0 +QUM0aEVsbCtLd3ZmS0kyb0Q3d2RuVW1oc2pHSFpMbUZHY2VXYlhYR28KSHhraW9K +RXArS1lia0NsMWkvRFhTVEduM1M0c2JnYmduY0ZmSjhCN1M1YwotPiAlL1lJLWdy +ZWFzZSAhVCpkTAplMU5KckU1K2diWnBreG9LbERtbGJZQjZwK0lOZjJHcEJyMWZp +c1lxL1UvbTE5QzRIMm9wSXFmY2xUSzhBMEJiCmgxUQotLS0gOUhYVERseXJlVksr +SEZtby92YUIrTG4ra0hneklheFBERHhqSlFlT0YwVQr5gAYwgdPqUqW2XEtN7+ZR +VblX1NFXjMLljiGcW+ZlMXHIaKMxizPr+S/6U183e4wiUUqcpipnznnslhm/Zkny +iHmW37pnNC0T9kctqOXeEjqsQxAMo2YKFroxo1iK0YvN+VyoIDSYMDKu8uDe1Cna +rabi42KfdZNDjtPLrJyHSo2cCdnDUeWalAjQ3eQqn4y85gfPZq8kZcwvK6SmurDN +GkwxXpZpSd6MdY4fIaaBEwe7WY9hq4fE7WgcQaz5yG47F+ArCwWauAz38+309XHj +omsDSzj1jrN7T4kr2gjtUX227NrCw3REHYRNN6IQK/6fDNyPF1wbLFpXU4dnANLT +OdMRnsDRPafNLAOYn0pgCVcVs0KLpaJvy3KLevVt2MZEtSZe/S+ys28H3JJCB8qz +igaX3gw9+W8by4ET864fpFgufJrpufVvdz/MZ1207YHz1URQACWRtFKwnwfzP45+ +l47Y4s+xy34V+IXLJduEQdQ0ZHqKmTv02BjEjqksBwZswjI0EbTvD3Nsiw== +-----END AGE ENCRYPTED FILE-----