bwc9876.dev / nixos-config
this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix nginx age assurance for bsky

Ben C 27fc7b47 1925b7d2

+49 -37
+49 -37
nixosModules/cocoon.nix
··· 1 - {inputs, ...}: { 1 + { inputs, ... }: 2 + { 2 3 config, 3 4 lib, 4 5 pkgs, 5 6 ... 6 - }: { 7 + }: 8 + { 7 9 options.cow.cocoon = { 8 10 enable = lib.mkEnableOption "Cocoon PDS"; 9 11 did = lib.mkOption { ··· 48 50 relays = lib.mkOption { 49 51 type = lib.types.listOf lib.types.str; 50 52 description = "Relay servers to use for event syncing"; 51 - default = ["https://bsky.network"]; 53 + default = [ "https://bsky.network" ]; 52 54 }; 53 55 fallbackProxy = lib.mkOption { 54 56 type = lib.types.str; ··· 61 63 }; 62 64 }; 63 65 64 - config = let 65 - conf = config.cow.cocoon; 66 - in 66 + config = 67 + let 68 + conf = config.cow.cocoon; 69 + in 67 70 lib.mkIf conf.enable { 68 71 cow.imperm.keep = [ 69 72 conf.dataDir 70 73 ]; 71 74 72 75 services.nginx.virtualHosts.${conf.hostname} = { 73 - serverAliases = [".${conf.hostname}"]; 76 + serverAliases = [ ".${conf.hostname}" ]; 74 77 75 78 # All stolen from Isabel 76 79 # https://github.com/isabelroses/dotfiles/blob/262ae19c1e92be5d759f40020e894113ba5d5d44/modules/nixos/services/pds/default.nix 77 - locations = let 78 - mkAgeAssured = state: { 79 - return = "200 '${builtins.toJSON state}'"; 80 - extraConfig = '' 81 - default_type application/json; 82 - ''; 83 - }; 84 - in { 85 - "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 86 - lastInitiatedAt = "2025-07-14T15:11:05.487Z"; 87 - status = "assured"; 88 - }; 89 - "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 90 - regions = []; 91 - }; 92 - "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 93 - state = { 94 - lastInitiatedAt = "2025-07-14T15:11:05.487Z"; 80 + locations = 81 + let 82 + mkAgeAssured = state: { 83 + return = "200 '${builtins.toJSON state}'"; 84 + extraConfig = '' 85 + default_type application/json; 86 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 87 + add_header access-control-allow-origin "*" always; 88 + add_header X-Frame-Options SAMEORIGIN always; 89 + add_header X-Content-Type-Options nosniff; 90 + ''; 91 + }; 92 + in 93 + { 94 + "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 95 + lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 95 96 status = "assured"; 96 - access = "full"; 97 97 }; 98 - metadata = { 99 - accountCreatedAt = "2022-11-17T00:35:16.391Z"; 98 + "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 99 + regions = [ ]; 100 + }; 101 + "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 102 + state = { 103 + lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 104 + status = "assured"; 105 + access = "full"; 106 + }; 107 + metadata = { 108 + accountCreatedAt = "2026-01-19T05:59:50.391Z"; 109 + }; 100 110 }; 101 - }; 102 111 103 - # pass everything else to the pds 104 - "/" = { 105 - proxyPass = "http://localhost:${toString conf.port}"; 106 - proxyWebsockets = true; 112 + # pass everything else to the pds 113 + "/" = { 114 + proxyPass = "http://localhost:${toString conf.port}"; 115 + proxyWebsockets = true; 116 + extraConfig = '' 117 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 118 + ''; 119 + }; 107 120 }; 108 - }; 109 121 }; 110 122 111 123 users.users.${conf.userName} = { ··· 116 128 group = conf.userName; 117 129 }; 118 130 119 - users.groups.${conf.userName} = {}; 131 + users.groups.${conf.userName} = { }; 120 132 121 133 systemd.services.cocoon = { 122 134 description = "Cocoon PDS"; 123 - after = ["network.target"]; 124 - wantedBy = ["multi-user.target"]; 135 + after = [ "network.target" ]; 136 + wantedBy = [ "multi-user.target" ]; 125 137 enableStrictShellChecks = true; 126 138 127 139 preStart = ''