feat(koi): bluesky pds

2024-05-28 13:10:22 +03:00 · 2024-05-28 13:10:22 +03:00 · bcce805c58
commit bcce805c58
parent 3855fef54b
8 changed files with 113 additions and 7 deletions
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@ -21,6 +21,7 @@
    ./containers/torrent.nix
    ./containers/puffer.nix
    ./containers/sharkey
+    ./containers/pds
    ./vms/hass.nix
    # ./vms/windows.nix
  ];
--- a/hosts/koi/containers/pds/default.nix
+++ b/hosts/koi/containers/pds/default.nix
@ -0,0 +1,39 @@
+{ abs, config, pkgs, ... }@inputs:
+
+
+let 
+  secrets = import (abs "lib/secrets.nix");
+in {
+  imports = [
+    (secrets.declare [
+      "bluesky-pds-secrets"
+    ])
+    ((import (abs "lib/containers.nix") inputs).mkDockerComposeContainer {
+      directory = ./.;
+      envFiles = [
+        # PDS_JWT_SECRET, PDS_ADMIN_PASSWORD, PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX, PDS_EMAIL_SMTP_URL
+        (secrets.file config "bluesky-pds-secrets")
+      ];
+    })
+  ];
+
+  systemd.tmpfiles.rules = [
+    "d /mnt/puffer/bluesky-pds 0777 root root -"
+    "d /srv/bluesky-pds/data 0777 root root -"
+  ];
+
+  services.nginx.virtualHosts."pds.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+    http2 = true;
+
+    extraConfig = ''
+      client_max_body_size 250M;
+    '';
+    
+    locations."/" = {
+      proxyPass = "http://pds.pds.docker:3000/";
+      proxyWebsockets = true;
+    };
+  };
+}
--- a/hosts/koi/containers/pds/docker-compose.yaml
+++ b/hosts/koi/containers/pds/docker-compose.yaml
@ -0,0 +1,31 @@
+version: "3"
+
+services:
+  pds:
+    image: ghcr.io/bluesky-social/pds:sha-5cd5289d470ab6e8ab3fe5b1c1698ed26dbeb4b4
+    restart: unless-stopped
+    environment: 
+      - PDS_HOSTNAME=pds.stupid.fish
+      - PDS_DATA_DIRECTORY=/pds
+      - PDS_BLOBSTORE_DISK_LOCATION=/blobstore
+      - PDS_DID_PLC_URL=https://plc.directory
+      - PDS_BSKY_APP_VIEW_URL=https://api.bsky.app
+      - PDS_BSKY_APP_VIEW_DID=did:web:api.bsky.app
+      - PDS_REPORT_SERVICE_URL=https://mod.bsky.app
+      - PDS_REPORT_SERVICE_DID=did:plc:ar7c4by46qjdydhdevvrndac
+      - PDS_CRAWLERS=https://bsky.network
+      - LOG_ENABLED=true
+      - PDS_EMAIL_FROM_ADDRESS=alina@tei.su
+      - PDS_INVITE_REQUIRED=true
+      # forward secret variables
+      - PDS_JWT_SECRET=$PDS_JWT_SECRET
+      - PDS_ADMIN_PASSWORD=$PDS_ADMIN_PASSWORD
+      - PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX
+      - PDS_EMAIL_SMTP_URL=$PDS_EMAIL_SMTP_URL
+    volumes:
+      - type: bind
+        source: /srv/bluesky-pds/data
+        target: /pds
+      - type: bind
+        source: /mnt/puffer/bluesky-pds
+        target: /blobstore
--- a/hosts/koi/services/landing/assets/.well-known/assetlinks.json
+++ b/hosts/koi/services/landing/assets/.well-known/assetlinks.json
@ -0,0 +1,9 @@
+[{
+    "relation": ["delegate_permission/common.handle_all_urls"],
+    "target": {
+      "namespace": "android_app",
+      "package_name": "fish.stupid.twa",
+      "sha256_cert_fingerprints":
+      ["6B:39:DC:A2:51:76:4C:57:BF:6F:A0:CD:47:D9:F8:23:49:1B:25:E5:DE:5B:BE:7D:BB:CD:F5:A7:91:4A:AA:DD"]
+    }
+  }]
--- a/hosts/koi/services/landing/assets/lol.jpg
+++ b/hosts/koi/services/landing/assets/lol.jpg
--- a/hosts/koi/services/landing/assets/manifest.json
+++ b/hosts/koi/services/landing/assets/manifest.json
@ -0,0 +1,8 @@
+{
+    "name": "fish",
+    "short_name": "fish",
+    "start_url": ".",
+    "display": "standalone",
+    "background_color": "#000",
+    "description": "fish stupid"
+}
--- a/lib/containers.nix
+++ b/lib/containers.nix
@ -69,12 +69,25 @@ in
      # every time we change anything at all
      storeDir = trivial.storeDirectory directory;

-      cmdline = [
+      inlineEnvNames = builtins.attrNames env;
+      inlineEnvDrv = lib.optionals (builtins.length inlineEnvNames != 0) [
+        (pkgs.writeText "${name}.env" (
+          builtins.concatStringsSep "\n" (
+            map (name: "${name}=${builtins.toJSON env.${name}}") inlineEnvNames
+          )
+        ))
+      ];
+      allEnvFiles = envFiles ++ inlineEnvDrv;
+
+      cmdline = builtins.concatStringsSep " " (
+        [
          "--build"
          "--remove-orphans"
-      ] ++ map (env: "--env-file ${env}") envFiles
-      ++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env)
-      ++ extraFlags;
+        ] ++ extraFlags
+      );
+      cmdlineBeforeUp = builtins.concatStringsSep " " (
+        map (env: "--env-file ${lib.escapeShellArg env}") allEnvFiles
+      );
    in
    {
      systemd.services."docker-compose-${name}" = {
@ -82,7 +95,7 @@ in
        after = [ "docker.service" "docker.socket" ];
        serviceConfig = {
          WorkingDirectory = storeDir;
-          ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}";
+          ExecStart = "${pkgs.docker}/bin/docker compose ${cmdlineBeforeUp} up ${cmdline}";
          ExecStopPost = "${pkgs.docker}/bin/docker compose down";
        } // (extraConfig.serviceConfig or { });
      } // (builtins.removeAttrs extraConfig [ "serviceConfig" ]);
--- a/secrets/bluesky-pds-secrets.age
+++ b/secrets/bluesky-pds-secrets.age
@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 sj88Xw PLt6rtLAJNLP3FnCB2zaOxiHk7kQqKeyjNQTr07Vohw
+OrZCrZ6W8aYOQvHPNRWypZRufnmdzS0Slu9fAdq5Mf8
+--- 5LwMDjPXQJH0JYAhmjCnNtpd+R/mMIU4n7Tvyin2eNg
+V Çy†ÈÓý|ñ¾\¹=„g§×a<C397>…É8¨Ñ{%<Ò¾§—H†+µ©™ðÐK“F°@%H1%"3G<33>SÊ¡×<C2A1>‘é 3QÃnÞÙK~®Åì“í¦ÊÞ…SÌL=n‹â% „æ$c_uS¼|¿ÈM‡C85IW@ù¿j+fo¦ÓCDàìÕX®C\ŽK6¬ÎX+So¾—ñè-•4ü¼ÎtCììl¾£F=Ýé©ïëWˆ—Á4y«½Q”Éþ•§º#»òÝÖ¶« ö£ˆq]¸å`<60>0§R‰0šlé†–”‚ÙÆ[ÑZðÅPL‘ÑÎ”Üþ²)»ò[·ÿ»/Î[<5B>å©Iâ€ýÊp7/>ëõÛl'
9ƒvâ>Ò·a sªÑ'Çü%AEiî:”SÏÇŠ˜±C&)Ï´^ÚÉ(.ƒÓ]c˜ XõÜc