feat(koi): bluesky pds
This commit is contained in:
parent
3855fef54b
commit
bcce805c58
8 changed files with 113 additions and 7 deletions
|
@ -21,6 +21,7 @@
|
|||
./containers/torrent.nix
|
||||
./containers/puffer.nix
|
||||
./containers/sharkey
|
||||
./containers/pds
|
||||
./vms/hass.nix
|
||||
# ./vms/windows.nix
|
||||
];
|
||||
|
|
39
hosts/koi/containers/pds/default.nix
Normal file
39
hosts/koi/containers/pds/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ abs, config, pkgs, ... }@inputs:
|
||||
|
||||
|
||||
let
|
||||
secrets = import (abs "lib/secrets.nix");
|
||||
in {
|
||||
imports = [
|
||||
(secrets.declare [
|
||||
"bluesky-pds-secrets"
|
||||
])
|
||||
((import (abs "lib/containers.nix") inputs).mkDockerComposeContainer {
|
||||
directory = ./.;
|
||||
envFiles = [
|
||||
# PDS_JWT_SECRET, PDS_ADMIN_PASSWORD, PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX, PDS_EMAIL_SMTP_URL
|
||||
(secrets.file config "bluesky-pds-secrets")
|
||||
];
|
||||
})
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /mnt/puffer/bluesky-pds 0777 root root -"
|
||||
"d /srv/bluesky-pds/data 0777 root root -"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."pds.stupid.fish" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "stupid.fish";
|
||||
http2 = true;
|
||||
|
||||
extraConfig = ''
|
||||
client_max_body_size 250M;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://pds.pds.docker:3000/";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
31
hosts/koi/containers/pds/docker-compose.yaml
Normal file
31
hosts/koi/containers/pds/docker-compose.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
pds:
|
||||
image: ghcr.io/bluesky-social/pds:sha-5cd5289d470ab6e8ab3fe5b1c1698ed26dbeb4b4
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- PDS_HOSTNAME=pds.stupid.fish
|
||||
- PDS_DATA_DIRECTORY=/pds
|
||||
- PDS_BLOBSTORE_DISK_LOCATION=/blobstore
|
||||
- PDS_DID_PLC_URL=https://plc.directory
|
||||
- PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
|
||||
- PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
|
||||
- PDS_REPORT_SERVICE_URL=https://mod.bsky.app
|
||||
- PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
|
||||
- PDS_CRAWLERS=https://bsky.network
|
||||
- LOG_ENABLED=true
|
||||
- PDS_EMAIL_FROM_ADDRESS=alina@tei.su
|
||||
- PDS_INVITE_REQUIRED=true
|
||||
# forward secret variables
|
||||
- PDS_JWT_SECRET=$PDS_JWT_SECRET
|
||||
- PDS_ADMIN_PASSWORD=$PDS_ADMIN_PASSWORD
|
||||
- PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX
|
||||
- PDS_EMAIL_SMTP_URL=$PDS_EMAIL_SMTP_URL
|
||||
volumes:
|
||||
- type: bind
|
||||
source: /srv/bluesky-pds/data
|
||||
target: /pds
|
||||
- type: bind
|
||||
source: /mnt/puffer/bluesky-pds
|
||||
target: /blobstore
|
|
@ -0,0 +1,9 @@
|
|||
[{
|
||||
"relation": ["delegate_permission/common.handle_all_urls"],
|
||||
"target": {
|
||||
"namespace": "android_app",
|
||||
"package_name": "fish.stupid.twa",
|
||||
"sha256_cert_fingerprints":
|
||||
["6B:39:DC:A2:51:76:4C:57:BF:6F:A0:CD:47:D9:F8:23:49:1B:25:E5:DE:5B:BE:7D:BB:CD:F5:A7:91:4A:AA:DD"]
|
||||
}
|
||||
}]
|
BIN
hosts/koi/services/landing/assets/lol.jpg
Normal file
BIN
hosts/koi/services/landing/assets/lol.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 24 KiB |
8
hosts/koi/services/landing/assets/manifest.json
Normal file
8
hosts/koi/services/landing/assets/manifest.json
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"name": "fish",
|
||||
"short_name": "fish",
|
||||
"start_url": ".",
|
||||
"display": "standalone",
|
||||
"background_color": "#000",
|
||||
"description": "fish stupid"
|
||||
}
|
|
@ -69,12 +69,25 @@ in
|
|||
# every time we change anything at all
|
||||
storeDir = trivial.storeDirectory directory;
|
||||
|
||||
cmdline = [
|
||||
inlineEnvNames = builtins.attrNames env;
|
||||
inlineEnvDrv = lib.optionals (builtins.length inlineEnvNames != 0) [
|
||||
(pkgs.writeText "${name}.env" (
|
||||
builtins.concatStringsSep "\n" (
|
||||
map (name: "${name}=${builtins.toJSON env.${name}}") inlineEnvNames
|
||||
)
|
||||
))
|
||||
];
|
||||
allEnvFiles = envFiles ++ inlineEnvDrv;
|
||||
|
||||
cmdline = builtins.concatStringsSep " " (
|
||||
[
|
||||
"--build"
|
||||
"--remove-orphans"
|
||||
] ++ map (env: "--env-file ${env}") envFiles
|
||||
++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env)
|
||||
++ extraFlags;
|
||||
] ++ extraFlags
|
||||
);
|
||||
cmdlineBeforeUp = builtins.concatStringsSep " " (
|
||||
map (env: "--env-file ${lib.escapeShellArg env}") allEnvFiles
|
||||
);
|
||||
in
|
||||
{
|
||||
systemd.services."docker-compose-${name}" = {
|
||||
|
@ -82,7 +95,7 @@ in
|
|||
after = [ "docker.service" "docker.socket" ];
|
||||
serviceConfig = {
|
||||
WorkingDirectory = storeDir;
|
||||
ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}";
|
||||
ExecStart = "${pkgs.docker}/bin/docker compose ${cmdlineBeforeUp} up ${cmdline}";
|
||||
ExecStopPost = "${pkgs.docker}/bin/docker compose down";
|
||||
} // (extraConfig.serviceConfig or { });
|
||||
} // (builtins.removeAttrs extraConfig [ "serviceConfig" ]);
|
||||
|
|
5
secrets/bluesky-pds-secrets.age
Normal file
5
secrets/bluesky-pds-secrets.age
Normal file
|
@ -0,0 +1,5 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 sj88Xw PLt6rtLAJNLP3FnCB2zaOxiHk7kQqKeyjNQTr07Vohw
|
||||
OrZCrZ6W8aYOQvHPNRWypZRufnmdzS0Slu9fAdq5Mf8
|
||||
--- 5LwMDjPXQJH0JYAhmjCnNtpd+R/mMIU4n7Tvyin2eNg
|
||||
V Çy†ÈÓý|ñ¾\¹=„g§×a<C397>…É8¨Ñ{%<Ò¾§—H†+µ©™ðÐK“F°@%H1%"3G<33>SÊ¡×<C2A1>‘é 3QÃnÞÙK~®Åì“í¦ÊÞ…SÌL=n‹â% „æ$c_uS¼|¿ÈM‡C85IW@ù¿j+fo¦ÓCDàìÕX®C\ŽK6¬ÎX+So¾—ñè-•4ü¼ÎtCììl¾£F=Ýé©ïëWˆ—Á4y«½Q”Éþ•§º#»òÝÖ¶« ö£ˆq]¸å`<60>0§R‰0šl醖”‚ÙÆ[ÑZðÅPL‘ÑΔÜþ²)»ò[·ÿ»/Î[<5B>å©Iâ€ýÊp7/>ëõÛl'
9ƒvâ>Ò·a sªÑ'Çü%AEiî:”SÏÇŠ˜±C&)Ï´^ÚÉ(.ƒÓ]c˜ XõÜc
|
Loading…
Reference in a new issue