mirror of
https://github.com/Jokiller230/puzzlevision.git
synced 2024-12-04 20:05:00 +01:00
feat(service): add Bluesky PDS
This commit is contained in:
parent
1c394ad2e3
commit
66c86213d9
2 changed files with 87 additions and 0 deletions
44
modules/nixos/services/bluesky/pds/default.nix
Normal file
44
modules/nixos/services/bluesky/pds/default.nix
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
{
|
||||
lib,
|
||||
namespace,
|
||||
config,
|
||||
host,
|
||||
...
|
||||
}: with lib; with lib.${namespace};
|
||||
let
|
||||
cfg = config.${namespace}.services.bluesky.pds;
|
||||
in {
|
||||
options.${namespace}.services.bluesky.pds = {
|
||||
enable = mkEnableOption "Enable the Bluesky PDS, your own ATproto home!";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets.bluesky-pds = {
|
||||
sopsFile = lib.snowfall.fs.get-file "secrets/bluesky-pds.service.env";
|
||||
format = "dotenv";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/containers/bluesky-pds 0700 root root -"
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.bluesky-pds = {
|
||||
image = "ghcr.io/bluesky-social/pds:0.4";
|
||||
autoStart = true;
|
||||
hostname = host;
|
||||
environmentFiles = [
|
||||
config.sops.secrets.bluesky-pds.path
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.bluesky-pds.entrypoints" = "websecure";
|
||||
"traefik.http.routers.bluesky-pds.rule" = "Host(`bsky.thevoid.cafe`)";
|
||||
"traefik.http.services.bluesky-pds.loadbalancer.server.port" = "2583";
|
||||
};
|
||||
volumes = [
|
||||
"/var/lib/containers/bluesky-pds:/pds"
|
||||
];
|
||||
extraOptions = ["--network=proxy"];
|
||||
};
|
||||
};
|
||||
}
|
||||
43
secrets/bluesky-pds.service.env
Normal file
43
secrets/bluesky-pds.service.env
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
#ENC[AES256_GCM,data:ymMgS47dyPaiR+dlsUTo/QFARGsKD8cbdxKlZBq7k0m0kKzyaL+SqEnI,iv:WSs+8MDiq28oWZ/NvwVfkMeTuP8V9SXC1MSDqe6D8HY=,tag:epOEDkItljcgD/JukD4S5A==,type:comment]
|
||||
#ENC[AES256_GCM,data:pvDHzvOMTOuNZy/tNaBq5GblwMhio1Wu7W2hg4rzfk1DqXh6lrjhXf7tucutirVrk2bMVVRqLMZf5ZUYaUuOXfOXD0FJ7ts=,iv:na9arv0UPhtjiW4291gR2GJYVcsGM8Hg2uVinmcjF88=,tag:C7FOgkHPB314xXYgJLAFOQ==,type:comment]
|
||||
PDS_HOSTNAME=ENC[AES256_GCM,data:E04Xm/KorM3Bl2W9kw7CXhGpMQ==,iv:Pe1v+2MmI+g5d0OhlVP8mkYE1InAo3yIhQMm3yEYxgM=,tag:BRL38lixU757kClddyLsbw==,type:str]
|
||||
PDS_PORT=ENC[AES256_GCM,data:K1Xhfc8x,iv:K/mJlwJMmWygBCGnbmB8ESsVIG7TxpfOHvk2TSpUpTU=,tag:zlNrfwn5O2tCwixW6b92MQ==,type:str]
|
||||
#ENC[AES256_GCM,data:6g/ZfgV8SbqeDyWu6Nu4rQHJEKETTDflSKKr73HAJhovX4RHrkik,iv:2EwvFzAbuxgBeJeTmUDAfcHdzSbzfXFpB8X4XQTS0Bk=,tag:99MvXgGXcDoCBxC0Q21ZhA==,type:comment]
|
||||
PDS_DATA_DIRECTORY=ENC[AES256_GCM,data:eVFdqTug,iv:DxwK2a13CMELsM4VOijJ+QRFRAnoY+oBpxvQ61TR6Wo=,tag:LtMD+267N6iEx/PcuFSyPA==,type:str]
|
||||
#ENC[AES256_GCM,data:jnvmS1bF0F+r1hbsNdLqIijZGEkhV9tKSl7IQiHdt2/b812dgEgIDxC27w2FgeB2qO6zf3vD18A=,iv:DYJ+CWqk/b/ALr9TD7HPBf71Rky5hyi9ChffQD0PfMM=,tag:50MIIyqgHdhMSERgP3UG9g==,type:comment]
|
||||
PDS_BLOBSTORE_DISK_LOCATION=ENC[AES256_GCM,data:aY6mlFlMZg==,iv:VK0AameUc9DKHaey5Y+eDJ37ATM/uor9mxjCtDUyRko=,tag:z8LXE16Les4+pOkwHmT3kA==,type:str]
|
||||
#ENC[AES256_GCM,data:2Hu8altCHAXazYQAixYKYOS6u2brQR3vcPR+rUSSGOFlrB86+EUsXVud17g+ZTY4Fynzxh+FPojGdu9blBsiKdkg9SH/nqflnq6h,iv:FcIASLSlyBbDVQRPL3ySig5S6vDyoOJyZrR3qmK9Ij8=,tag:dETBU1taXpPoBJJ5g9v8lw==,type:comment]
|
||||
PDS_REPO_SIGNING_KEY_K256_PRIVATE_KEY_HEX=ENC[AES256_GCM,data:sM/0rFiuCtHRNdCJPFCQ0ISbjYB1ZGc3gK751J8XmTBHJdDGoCHVxgmnS59rWtg7iAJ/SXSb55M4QjuhoUHb9IR3,iv:dL1U+p+32LVGaRFgJGKdISrcYWM5rRboZtYMrOjU3Ag=,tag:OK3h0B1Utlf+KFUJliklMg==,type:str]
|
||||
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=ENC[AES256_GCM,data:0tIuGNBAjJo2up28ymDNKkj3qVsH4aZUZuHkWsDBAIs1bIQVGbU1rpZBN/xOl19dBnjbOtL2PU5z/lz/JU++Eywx,iv:PzTjMi7OMIZBFkyWxItZuPWG6BowgXQHUsyvXdGU/es=,tag:N5qehWLCV+4m0tF30NB86A==,type:str]
|
||||
#ENC[AES256_GCM,data:jfeJPg58+C1pr7bzvgzB7Chc6HhTmZimTvTxQhbHXQxEuyjO6NHi32IwKOClljBL,iv:LWh3Iu3mKhJxVL0kFykFmUhis2f7ANa8B3yF4IPIZHs=,tag:Bma2uzjI5my41yHnTti6Iw==,type:comment]
|
||||
PDS_DPOP_SECRET=ENC[AES256_GCM,data:5p/K3SiRO+rqiiwaYGSVKLlBWbFjB55hyIc02o3P2bUg/Q==,iv:FqExFL3PhKXTJmd0OEo/RBazasF4p/g4r4N8lbEPmqA=,tag:WN9TYipAIk0cmEMEgNv70g==,type:str]
|
||||
PDS_JWT_SECRET=ENC[AES256_GCM,data:YU/PoMKj3IgFJtm/wrmwnnzkVbrgU45GDgO4nRvF8rAY+PfA7NsT8Efz/x5B2/ygVTupZKkKSdOrMGohYMfTCAmgVdKxYkthEFXLb62QyBjokSqjHfZLLOZ6OaoWxB9YpW/sYw1E+2Mr4zyzXystNfZinH3ztJkt2yZyL6G3qYkp9+fI0tqy2ZgBloe2CGU5WdOY0XWeEmAG0ptTyjFh+gej4Oq3cksqPARiTYst+t5dx2HOlqn7lrbYNF+/11dRk0hWZb3Evm5nDTEiam/RMF0WBEVZZ9+cvRVs7Do0x+8Wa1jdeFdtXK9B7mE7zEiXac0b+bKTYiPy9oiaJZrQMFXbxamkytDsrrsCtWNjl+RMQveiQlhjUDUXYaGt3MeKnYCsIgBnvyqgnpugF/aJVGPKYymV/1tcvCVORSetRQquoTiSKI5Ypas+8lxmnPfztqURz4ZYtyy3Nyj5mCORAwQzrP1PHF5JJoUR3lX/0W34ykM5OoRlp52YnjCZsrX2X6HFu8+9EkBLAYkuYylMSfrYKUHNU85f2yLExaPDjz+mKkuyT1FUqbEu0PX82XQt1mk4qYXwMQreKVX1n3Axw2kWmejKz32XHnb+DGWp4TkIb3JVKFVOwVFt7/pMx+zubD3SW8cv/SorB1QOR+wavyzs7jykBtc7fNZnhE37D23jsQ==,iv:YqBCVFBAibdBN+kN4kjp7k9lIilV2bARlI96xOsbq8A=,tag:x5+B6yIojqOdX5zMOirVgQ==,type:str]
|
||||
PDS_ADMIN_PASSWORD=ENC[AES256_GCM,data:zPh/p5qtrELfoQLAqjjflFzO79PzlKvMcBkDYh7IZE0aKz9uLjnf,iv:ML4sqZf4Azmrwtr0q9Skvyk+iSbo3GNk3AxyPwZ/lng=,tag:F9Y20sqqjOZvZhvu6ikqtw==,type:str]
|
||||
#ENC[AES256_GCM,data:JiFiCQEIK+rTTTMiYwFqCwLPV88UoSWYN+4rWfROBVj111oVg8EtoXJa,iv:rsMuO5IvC94JZbLSxc5WSS3UuWa6E3vBp0tzeT9xZNU=,tag:KTSyE2EPbD3HUFZXWddJjA==,type:comment]
|
||||
PDS_DID_PLC_URL=ENC[AES256_GCM,data:JC/zxe/CqMgqoumKyDvOCvPD5L793ao=,iv:aGPS12soVowzh0SJpDbdKMbjOxHfm5fowGZOs3Ork0w=,tag:/D32ftmw1ILXQm5aRbvkQA==,type:str]
|
||||
PDS_BSKY_APP_VIEW_ENDPOINT=ENC[AES256_GCM,data:Y5rwR73jjH3YnTS2guTqYNlE0t491w==,iv:oJRcqytCy6aDxkQzwS+hZu+voapAPfMGsAX332wVxs4=,tag:C3L1MRmmUfDw45uXLOA1uw==,type:str]
|
||||
PDS_BSKY_APP_VIEW_DID=ENC[AES256_GCM,data:URP73XKLVuOR9fBONf0Ea9rQcxvofw==,iv:tY9m5c91gDVYytzY2PjSnKcmw+1trxIbo0itmVclCNI=,tag:iSlk456EKczZ8yWAiT8Cnw==,type:str]
|
||||
PDS_CRAWLERS=ENC[AES256_GCM,data:i1cFWWguyNxsmCoHphy1y7I9fQ+ezg==,iv:OJye7wGaVooSKsOlldbrBN3SUb6la1/vBMevIK13jTM=,tag:AI2ggUkEtEwjDLkE/rWoTQ==,type:str]
|
||||
#ENC[AES256_GCM,data:p0cLIOdKd+l+dRMiTOWc,iv:NUd8o/h56gtx5oUzawpnh+KvRUcqoflozT4iJKhNVk8=,tag:DqmoDqW2chihKx8dAxgnQw==,type:comment]
|
||||
PDS_OAUTH_PROVIDER_NAME=ENC[AES256_GCM,data:lHgqWFUvJD9lYGuw2E4Ig1TyUYw=,iv:cI+aMAYuD4Oc+GZIcB7v9+u59IiCiiq+XaGOPm4ZLSA=,tag:pF+FuraGTIdSkIyKw1QsWA==,type:str]
|
||||
PDS_OAUTH_PROVIDER_LOGO=
|
||||
PDS_OAUTH_PROVIDER_PRIMARY_COLOR=ENC[AES256_GCM,data:XHOBoMAwoeg1,iv:dihYukPUkLMmQ/45yF1nF/SzylU1D/Bj/V//mV91mtU=,tag:D/cdvtsx61h6ofTIdbX0xg==,type:str]
|
||||
PDS_OAUTH_PROVIDER_ERROR_COLOR=
|
||||
PDS_OAUTH_PROVIDER_HOME_LINK=
|
||||
PDS_OAUTH_PROVIDER_TOS_LINK=
|
||||
PDS_OAUTH_PROVIDER_POLICY_LINK=
|
||||
PDS_OAUTH_PROVIDER_SUPPORT_LINK=
|
||||
#ENC[AES256_GCM,data:lXPnReG2UoQ9ZQ==,iv:oVIVFKpbJFFyp+jslT1ZzfXI8lZ62ZNqGJSi148bUek=,tag:kTbWnEDa88X4G7Msgdl2LQ==,type:comment]
|
||||
NODE_TLS_REJECT_UNAUTHORIZED=ENC[AES256_GCM,data:8A==,iv:iotnwszX5u1IMJoDzxpzmSUvOJAaklinwZNEQEIQHqg=,tag:A40CFgIF+DfWFkkMzNCtuA==,type:str]
|
||||
LOG_ENABLED=ENC[AES256_GCM,data:ZQ==,iv:bNhYXWO6Ms8K07xvTqe4ZYwjh9TWPyqyCrVmY9bwmN4=,tag:Iaue+ogCI2E76o8sjrIDQg==,type:str]
|
||||
LOG_LEVEL=ENC[AES256_GCM,data:SxmFPQ==,iv:aH1IyGDqghBqjnacWHZ/97VKMxKe1Z2qjQcJLvUnarU=,tag:Mt9imYpKE0A5b7gPoXVM2Q==,type:str]
|
||||
PDS_INVITE_REQUIRED=ENC[AES256_GCM,data:3A==,iv:fCUgZw9k/TXotvhgu/dNiEWsS81iaUqBEoniKZIGfKQ=,tag:elpjSMFQLDSgrQOrO9Zwpw==,type:str]
|
||||
PDS_DISABLE_SSRF_PROTECTION=ENC[AES256_GCM,data:YQ==,iv:wFGVzbbokir/pfjjWjFxCtrYftolOJelx170umMZMpo=,tag:9EkZ8vC8V4yfzRCXT4oXeQ==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNE5JNnBlbG5sT2ZES1lj\nbWU2ZlNpZ3YyOHFlWHlISXV2NFpuR0Y5Q2xVCjVNWTlSNy9hS1hhcUY0eHh2b25W\nemdCRWhINzd2WnM5VC9GaHpPUWs5ZXMKLS0tICtNVTJsdmVNOS9GVU5odTd1cS9D\nUmoxTnM1Vm1NUndjaitjaVhTUmQvSE0KRIxuzz43MqcwHe/Lg0bNmLjaIg3XUr0L\nQmvAitUE2yMTqNc+7UK8tyhYYbbm55ZQYExA3036M/JS8DwgbnVVQw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age1gudgza8lv02nwec0pejqpp5t7zu0tzjsfkmvgvy3ckfscr9f4qrq2sl5dv
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RHBxSWxRMHdiSGNhS2tz\nNkpaL3lRbHFHWmlBbXV4YSt2MmFGQ2JsYndNCjRSQzBXd25SZ05zR2xXdWwxazgv\nZWVyZ0FkK1hYRW5tQ280Y1Jvc2gvVFUKLS0tIDBjQkh6QzZGVlg2aUUzdHptYjJC\nTlFxc3RjR3RDNWtrRXRCUW1ybitMcEEK1lIlBzdiAH7DJLsX1XxEhykk0a4vOp8F\nK/iEyvAix1MVyt3a0faLfoyqxQY5DBspYkW79A+uvx/44II4O0PBNg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age1qcjcwh9tq8pzf2yr7m3hm2n3n3y5rlc30fpkr0eytju9w57ucgcsgcy79d
|
||||
sops_lastmodified=2024-10-26T15:10:32Z
|
||||
sops_mac=ENC[AES256_GCM,data:UmWc9jDJU0vEgGRuavcEeluiAhSnxzmtTi/dkUNoVPQT8ckKU8vxoqr/yk8ep0TFvV4jvyqx8FKsdeZR5TtW5RXozqFmyi4A8lML/2BM4V4Q9XpVzPJTmcbceGG9tHT036WDXgXTCo7hBDceE/7Ju5gRIoJNRe0uiWqni6Me9t4=,iv:lUrEAaraB4cpYugYltVM+B4UIX/F//uhfx3ER4qeqQM=,tag:tCvJJvcWBa715A4iNn7URw==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.9.0
|
||||
Loading…
Reference in a new issue