feat(koi): bluesky pds

2024-05-28 13:10:22 +03:00 · 2024-05-28 13:10:22 +03:00 · bcce805c58
commit bcce805c58
parent 3855fef54b
8 changed files with 113 additions and 7 deletions
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@ -21,6 +21,7 @@
    ./containers/torrent.nix
    ./containers/puffer.nix
    ./containers/sharkey
    ./containers/pds
    ./vms/hass.nix
    # ./vms/windows.nix
  ];
--- a/hosts/koi/containers/pds/default.nix
+++ b/hosts/koi/containers/pds/default.nix
@ -0,0 +1,39 @@
 { abs, config, pkgs, ... }@inputs:
 let 
  secrets = import (abs "lib/secrets.nix");
 in {
  imports = [
    (secrets.declare [
      "bluesky-pds-secrets"
    ])
    ((import (abs "lib/containers.nix") inputs).mkDockerComposeContainer {
      directory = ./.;
      envFiles = [
        # PDS_JWT_SECRET, PDS_ADMIN_PASSWORD, PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX, PDS_EMAIL_SMTP_URL
        (secrets.file config "bluesky-pds-secrets")
      ];
    })
  ];
  systemd.tmpfiles.rules = [
    "d /mnt/puffer/bluesky-pds 0777 root root -"
    "d /srv/bluesky-pds/data 0777 root root -"
  ];
  services.nginx.virtualHosts."pds.stupid.fish" = {
    forceSSL = true;
    useACMEHost = "stupid.fish";
    http2 = true;
    extraConfig = ''
      client_max_body_size 250M;
    '';
    locations."/" = {
      proxyPass = "http://pds.pds.docker:3000/";
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/koi/containers/pds/docker-compose.yaml
+++ b/hosts/koi/containers/pds/docker-compose.yaml
@ -0,0 +1,31 @@
 version: "3"
 services:
  pds:
    image: ghcr.io/bluesky-social/pds:sha-5cd5289d470ab6e8ab3fe5b1c1698ed26dbeb4b4
    restart: unless-stopped
    environment: 
      - PDS_HOSTNAME=pds.stupid.fish
      - PDS_DATA_DIRECTORY=/pds
      - PDS_BLOBSTORE_DISK_LOCATION=/blobstore
      - PDS_DID_PLC_URL=https://plc.directory
      - PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
      - PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
      - PDS_REPORT_SERVICE_URL=https://mod.bsky.app
      - PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
      - PDS_CRAWLERS=https://bsky.network
      - LOG_ENABLED=true
      - PDS_EMAIL_FROM_ADDRESS=alina@tei.su
      - PDS_INVITE_REQUIRED=true
      # forward secret variables
      - PDS_JWT_SECRET=$PDS_JWT_SECRET
      - PDS_ADMIN_PASSWORD=$PDS_ADMIN_PASSWORD
      - PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX
      - PDS_EMAIL_SMTP_URL=$PDS_EMAIL_SMTP_URL
    volumes:
      - type: bind
        source: /srv/bluesky-pds/data
        target: /pds
      - type: bind
        source: /mnt/puffer/bluesky-pds
        target: /blobstore
--- a/hosts/koi/services/landing/assets/.well-known/assetlinks.json
+++ b/hosts/koi/services/landing/assets/.well-known/assetlinks.json
@ -0,0 +1,9 @@
 [{
    "relation": ["delegate_permission/common.handle_all_urls"],
    "target": {
      "namespace": "android_app",
      "package_name": "fish.stupid.twa",
      "sha256_cert_fingerprints":
      ["6B:39:DC:A2:51:76:4C:57:BF:6F:A0:CD:47:D9:F8:23:49:1B:25:E5:DE:5B:BE:7D:BB:CD:F5:A7:91:4A:AA:DD"]
    }
  }]
--- a/hosts/koi/services/landing/assets/lol.jpg
+++ b/hosts/koi/services/landing/assets/lol.jpg
--- a/hosts/koi/services/landing/assets/manifest.json
+++ b/hosts/koi/services/landing/assets/manifest.json
@ -0,0 +1,8 @@
 {
    "name": "fish",
    "short_name": "fish",
    "start_url": ".",
    "display": "standalone",
    "background_color": "#000",
    "description": "fish stupid"
 }
--- a/lib/containers.nix
+++ b/lib/containers.nix
@ -69,12 +69,25 @@ in
      # every time we change anything at all
      storeDir = trivial.storeDirectory directory;
-      cmdline = [
+      inlineEnvNames = builtins.attrNames env;
-        "--build"
+      inlineEnvDrv = lib.optionals (builtins.length inlineEnvNames != 0) [
-        "--remove-orphans"
+        (pkgs.writeText "${name}.env" (
-      ] ++ map (env: "--env-file ${env}") envFiles
+          builtins.concatStringsSep "\n" (
-      ++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env)
+            map (name: "${name}=${builtins.toJSON env.${name}}") inlineEnvNames
-      ++ extraFlags;
+          )
        ))
      ];
      allEnvFiles = envFiles ++ inlineEnvDrv;
      cmdline = builtins.concatStringsSep " " (
        [
          "--build"
          "--remove-orphans"
        ] ++ extraFlags
      );
      cmdlineBeforeUp = builtins.concatStringsSep " " (
        map (env: "--env-file ${lib.escapeShellArg env}") allEnvFiles
      );
    in
    {
      systemd.services."docker-compose-${name}" = {
@ -82,7 +95,7 @@ in
        after = [ "docker.service" "docker.socket" ];
        serviceConfig = {
          WorkingDirectory = storeDir;
-          ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}";
+          ExecStart = "${pkgs.docker}/bin/docker compose ${cmdlineBeforeUp} up ${cmdline}";
          ExecStopPost = "${pkgs.docker}/bin/docker compose down";
        } // (extraConfig.serviceConfig or { });
      } // (builtins.removeAttrs extraConfig [ "serviceConfig" ]);
--- a/secrets/bluesky-pds-secrets.age
+++ b/secrets/bluesky-pds-secrets.age
@ -0,0 +1,5 @@
 age-encryption.org/v1
 -> ssh-ed25519 sj88Xw PLt6rtLAJNLP3FnCB2zaOxiHk7kQqKeyjNQTr07Vohw
 OrZCrZ6W8aYOQvHPNRWypZRufnmdzS0Slu9fAdq5Mf8
 --- 5LwMDjPXQJH0JYAhmjCnNtpd+R/mMIU4n7Tvyin2eNg
 V Çy†ÈÓý|ñ¾\¹=„g§×a<C397>…É8¨Ñ{%<Ò¾§—H†+µ©™ðÐK“F°@%H1%"3G<33>SÊ¡×<C2A1>‘é 3QÃnÞÙK~®Åì“í¦ÊÞ…SÌL=n‹â% „æ$c_uS¼|¿ÈM‡C85IW@ù¿j+fo¦ÓCDàìÕX®C\ŽK6¬ÎX+So¾—ñè-•4ü¼ÎtCììl¾£F=Ýé©ïëWˆ—Á4y«½Q”Éþ•§º#»òÝÖ¶« ö£ˆq]¸å`<60>0§R‰0šlé†–”‚ÙÆ[ÑZðÅPL‘ÑÎ”Üþ²)»ò[·ÿ»/Î[<5B>å©Iâ€ýÊp7/>ëõÛl'
9ƒvâ>Ò·a sªÑ'Çü%AEiî:”SÏÇŠ˜±C&)Ï´^ÚÉ(.ƒÓ]c˜ XõÜc