+1

nixosConfigurations/black-mesa.nix

reviewed

··· 106 106 in { 107 107 enable = true; 108 108 did = config.cow.bean.atproto.did; 109 109 + favicon = ../res/favicon.ico; 109 110 port = 8080; 110 111 jwkPath = secure "jwk.key"; 111 112 rotationPath = secure "rotation.key";

+17 -71

nixosModules/cocoon.nix

reviewed

··· 6 6 }: { 7 7 options.cow.cocoon = { 8 8 enable = lib.mkEnableOption "Cocoon PDS"; 9 9 - package = lib.mkOption { 10 10 - type = lib.types.package; 11 11 - description = "Cocoon package to use, defaults to latest release on GH"; 12 12 - default = pkgs.cocoon.overrideAttrs (prev: next: let 13 13 - version = "0.8.5"; 14 14 - in { 15 15 - inherit version; 16 16 - vendorHash = "sha256-bux3OfHT8f1FVpBAZUP23vo8M6h8nPTJbi/GTUzhdc4="; 17 17 - src = pkgs.fetchFromGitHub { 18 18 - owner = "haileyok"; 19 19 - repo = "cocoon"; 20 20 - tag = "v${version}"; 21 21 - hash = "sha256-2+K4KiF0N+Y+J5dS4xQZuYlxr6OYzNloVXjxyGnEHh4="; 22 22 - }; 23 23 - }); 24 24 - }; 25 9 did = lib.mkOption { 26 10 type = lib.types.str; 27 11 description = "DID of server owner"; ··· 140 124 }; 141 125 }; 142 126 143 143 - users.users.${conf.userName} = { 144 144 - isSystemUser = true; 145 145 - useDefaultShell = true; 146 146 - home = conf.dataDir; 147 147 - createHome = true; 148 148 - group = conf.userName; 149 149 - }; 150 150 - 151 151 - users.groups.${conf.userName} = {}; 152 152 - 153 153 - systemd.services.cocoon = { 154 154 - description = "Cocoon PDS"; 155 155 - after = ["network.target"]; 156 156 - wantedBy = ["multi-user.target"]; 157 157 - enableStrictShellChecks = true; 158 158 - 159 159 - preStart = '' 160 160 - mkdir -p "${conf.dataDir}" 161 161 - chown -R ${conf.userName}:${conf.userName} "${conf.dataDir}" 162 162 - ''; 163 163 - 164 164 - script = '' 165 165 - COCOON_ADMIN_PASSWORD=$(cat "$CREDENTIALS_DIRECTORY/adminPass") \ 166 166 - COCOON_SESSION_SECRET=$(cat "$CREDENTIALS_DIRECTORY/session") \ 167 167 - ${lib.getExe conf.package} run 168 168 - ''; 169 169 - 170 170 - serviceConfig = { 171 171 - User = conf.userName; 172 172 - PermissionsStartOnly = true; 173 173 - WorkingDirectory = conf.dataDir; 174 174 - Restart = "always"; 175 175 - RestartSec = "5s"; 176 176 - ProtectSystem = true; 177 177 - ProtectHome = true; 178 178 - PrivateTmp = true; 179 179 - ReadWritePaths = conf.dataDir; 180 180 - LoadCredential = [ 181 181 - "jwk:${conf.jwkPath}" 182 182 - "rotation:${conf.rotationPath}" 183 183 - "adminPass:${conf.adminPassPath}" 184 184 - "session:${conf.sessionSecretPath}" 185 185 - ]; 186 186 - Environment = lib.mapAttrsToList (k: v: "COCOON_${k}=${v}") { 187 187 - DID = conf.did; 188 188 - HOSTNAME = conf.hostname; 189 189 - ADDR = ":${builtins.toString conf.port}"; 190 190 - CONTACT_EMAIL = conf.email; 127 127 + services.cocoon = { 128 128 + enable = true; 129 129 + environmentFiles = [ 130 130 + conf.adminPassPath 131 131 + conf.sessionSecretPath 132 132 + ]; 133 133 + settings = lib.mapAttrsToList (k: v: "COCOON_${k}=${v}") { 134 134 + JWK_PATH = conf.jwkPath; 135 135 + ROTATION_KEY_PATH = conf.rotationPath; 191 136 192 192 - RELAYS = lib.join "," conf.relays; 193 193 - FALLBACK_PROXY = conf.fallbackProxy; 137 137 + DID = conf.did; 138 138 + HOSTNAME = conf.hostname; 139 139 + ADDR = ":${builtins.toString conf.port}"; 140 140 + CONTACT_EMAIL = conf.email; 194 141 195 195 - JWK_PATH = "%d/jwk"; 196 196 - ROTATION_KEY_PATH = "%d/rotation"; 142 142 + RELAYS = lib.join "," conf.relays; 143 143 + FALLBACK_PROXY = conf.fallbackProxy; 197 144 198 198 - DB_TYPE = "sqlite"; 199 199 - DB_NAME = "${conf.dataDir}/cocoon.db"; 200 200 - }; 145 145 + DB_TYPE = "sqlite"; 146 146 + DB_NAME = "${conf.dataDir}/cocoon.db"; 201 147 }; 202 148 }; 203 149 };