this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Coccon setup perhaps

Ben C 9dbb791b d35299fe

+160 -147
+27 -7
nixosConfigurations/black-mesa.nix
··· 101 101 # Self hosted stuff 102 102 103 103 cow = { 104 + cocoon = let 105 + secure = x: "/nix/persist/secure/cocoon-keys/${x}"; 106 + in { 107 + enable = true; 108 + did = config.cow.bean.atproto.did; 109 + port = 8080; 110 + jwkPath = secure "jwk.key"; 111 + rotationPath = secure "rotation.key"; 112 + adminPassPath = secure "admin.pass"; 113 + sessionSecretPath = secure "session.key"; 114 + email = "ben@bwc9876.dev"; 115 + hostname = "pds.bwc9876.dev"; 116 + }; 104 117 tangled = { 105 118 hostname = "knot.bwc9876.dev"; 106 119 knot.enable = true; ··· 115 128 acmeRoot = null; # Doing DNS challenges 116 129 useACMEHost = "bwc9876.dev"; 117 130 }; 131 + virtualHosts."pds.bwc7986.dev" = { 132 + forceSSL = true; 133 + acmeRoot = null; # DNS 134 + useACMEHost = "bwc9876.dev"; 135 + }; 118 136 }; 119 137 120 138 security.acme = { ··· 150 168 }; 151 169 }; 152 170 } 153 - ({lib, ...}: { 154 - virtualisation.podman.enable = true; 155 - spoon.mc-srv.cobblemon.enable = lib.mkForce false; 156 - spoon.yggdrasil.enable = lib.mkForce false; 157 - spoon.yggdrasil.config.Listen = lib.mkForce []; 158 - cow.imperm.keep = ["/var/lib/containers"]; 159 - }) 171 + ( 172 + {lib, ...}: { 173 + virtualisation.podman.enable = true; 174 + spoon.mc-srv.cobblemon.enable = lib.mkForce false; 175 + spoon.yggdrasil.enable = lib.mkForce false; 176 + spoon.yggdrasil.config.Listen = lib.mkForce []; 177 + cow.imperm.keep = ["/var/lib/containers"]; 178 + } 179 + ) 160 180 ]; 161 181 }
+132
nixosModules/cocoon.nix
··· 1 + {inputs, ...}: { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: { 7 + options.cow.cocoon = { 8 + enable = lib.mkEnableOption "Cocoon PDS with postgresql"; 9 + did = lib.mkOption { 10 + type = lib.types.str; 11 + description = "DID of server owner"; 12 + }; 13 + port = lib.mkOption { 14 + type = lib.types.port; 15 + description = "Port to bind to"; 16 + default = 8080; 17 + }; 18 + userName = lib.mkOption { 19 + type = lib.types.str; 20 + description = "User name to create and use for the service."; 21 + default = "cocoon"; 22 + }; 23 + dataDir = lib.mkOption { 24 + type = lib.types.str; 25 + description = "Runtime path to store data at"; 26 + default = "/var/lib/cocoon"; 27 + }; 28 + jwkPath = lib.mkOption { 29 + type = lib.types.str; 30 + description = "Runtime path of the JWK key"; 31 + }; 32 + rotationPath = lib.mkOption { 33 + type = lib.types.str; 34 + description = "Runtime path of the rotation key"; 35 + }; 36 + sessionSecretPath = lib.mkOption { 37 + type = lib.types.str; 38 + description = "Runtime path of the session secret"; 39 + }; 40 + adminPassPath = lib.mkOption { 41 + type = lib.types.str; 42 + description = "Runtime path of the admin password"; 43 + }; 44 + email = lib.mkOption { 45 + type = lib.types.str; 46 + description = "Contact email for this PDS' administrator"; 47 + }; 48 + hostname = lib.mkOption { 49 + type = lib.types.str; 50 + description = "Public facing hostname for the server"; 51 + }; 52 + }; 53 + 54 + config = let 55 + conf = config.cow.cocoon; 56 + in 57 + lib.mkIf conf.enable { 58 + cow.imperm.keep = [ 59 + conf.dataDir 60 + ]; 61 + 62 + services.nginx.virtualHosts.${conf.hostname} = { 63 + locations = { 64 + "/" = { 65 + proxyPass = "http://localhost:${builtins.toString conf.port}"; 66 + recommendedProxySettings = true; 67 + }; 68 + }; 69 + }; 70 + 71 + users.users.${conf.userName} = { 72 + isSystemUser = true; 73 + useDefaultShell = true; 74 + home = conf.dataDir; 75 + createHome = true; 76 + group = conf.userName; 77 + }; 78 + 79 + users.groups.${conf.userName} = {}; 80 + 81 + systemd.services.cocoon = { 82 + description = "Cocoon PDS"; 83 + after = ["network.target"]; 84 + wantedBy = ["multi-user.target"]; 85 + enableStrictShellChecks = true; 86 + 87 + preStart = '' 88 + mkdir -p "${conf.dataDir}" 89 + chown -R ${conf.userName}:${conf.userName} "${conf.dataDir}" 90 + ''; 91 + 92 + script = '' 93 + COCOON_ADMIN_PASSWORD=$(cat $CREDENTIALS_DIRECTORY/adminPass) \ 94 + COCOON_SESSION_SECRET=$(cat $CREDENTIALS_DIRECTORY/session) \ 95 + ${lib.getExe pkgs.cocoon} 96 + ''; 97 + 98 + serviceConfig = { 99 + User = conf.userName; 100 + PermissionsStartOnly = true; 101 + WorkingDirectory = conf.dataDir; 102 + Restart = "always"; 103 + RestartSec = "5s"; 104 + ProtectSystem = true; 105 + ProtectHome = true; 106 + PrivateTmp = true; 107 + ReadWritePaths = conf.dataDir; 108 + LoadCredential = [ 109 + "jwt:${conf.jwkPath}" 110 + "rotation:${conf.rotationPath}" 111 + "adminPass:${conf.adminPassPath}" 112 + "session:${conf.sessionSecretPath}" 113 + ]; 114 + Environment = lib.mapAttrsToList (k: v: "COCOON_${k}=${v}") { 115 + DID = conf.did; 116 + HOSTNAME = conf.hostname; 117 + ADDR = ":${builtins.toString conf.port}"; 118 + CONTACT_EMAIL = conf.email; 119 + 120 + # TODO: Don't hardcode 121 + RELAYS = "https://bsky.network"; 122 + 123 + JWK_PATH = "%d/jwt"; 124 + ROTATION_KEY_PATH = "%d/rotation"; 125 + 126 + DB_TYPE = "sqlite"; 127 + DB_NAME = "${conf.dataDir}/cocoon.db"; 128 + }; 129 + }; 130 + }; 131 + }; 132 + }
+1 -1
nixosModules/gaming.nix
··· 21 21 }; 22 22 23 23 environment.systemPackages = with pkgs; [ 24 - gamescope-wsi 24 + gamescope-wsi 25 25 prismlauncher 26 26 owmods-gui 27 27 owmods-cli
-139
nixosModules/tranquil.nix
··· 1 - {inputs, ...}: { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - options.cow.cocoon = { 8 - enable = lib.mkEnableOption "Cocoon PDS with postgresql"; 9 - port = lib.mkOption { 10 - type = lib.types.port; 11 - description = "Port to bind to"; 12 - default = 3000; 13 - }; 14 - userName = lib.mkOption { 15 - type = lib.types.str; 16 - description = "User name to create and use for the service. ALSO used as the database name!"; 17 - default = "cocoon"; 18 - }; 19 - dataDir = lib.mkOption { 20 - type = lib.types.str; 21 - description = "Runtime path to store data at"; 22 - default = "/var/lib/cocoon"; 23 - }; 24 - secretsDir = { 25 - type = lib.types.str; 26 - description = '' 27 - Runtime path with secret keys in files. Files map to env vars as follows: 28 - 29 - - jwt.key -> JWT_SECRET 30 - - dpop.key -> DPOP_SECRET 31 - - master.key -> MASTER_KEY 32 - 33 - This will not implicitly persist this directory 34 - ''; 35 - example = "/var/lib/cocoon/keys"; 36 - }; 37 - metadata.email = lib.mkOption { 38 - type = lib.types.str; 39 - description = "Contact email for this PDS' administrator"; 40 - }; 41 - ageAssuranceOverride = lib.mkEnableOption "override age assurance on the app view"; 42 - acceptRepoImports = lib.mkEnableOption "accepting repository imports"; 43 - inviteCodeRequired = lib.mkEnableOption "requiring invite codes to register"; 44 - hostname = lib.mkOption { 45 - type = lib.types.str; 46 - description = "Public facing hostname for the server"; 47 - }; 48 - }; 49 - 50 - config = let 51 - conf = config.cow.cocoon; 52 - in 53 - lib.mkIf conf.enable { 54 - cow.imperm.keep = [config.services.postgresql.dataDir conf.dataDir]; 55 - 56 - users.users.${conf.userName} = { 57 - isSystemUser = true; 58 - useDefaultShell = true; 59 - home = conf.dataDir; 60 - createHome = true; 61 - group = conf.userName; 62 - }; 63 - 64 - users.groups.${conf.userName} = {}; 65 - 66 - services.postgresql = { 67 - enable = true; 68 - ensureDatabases = [conf.userName]; 69 - ensureUsers.${conf.userName} = { 70 - name = conf.userName; 71 - ensureDBOwnsership = true; 72 - }; 73 - }; 74 - 75 - systemd.services.cocoon = let 76 - blobPath = "${conf.dataDir}/blobs"; 77 - backupPath = "${conf.dataDir}/backups"; 78 - dbUrl = "postgres:///${conf.userName}?host=/var/run/postgresql"; 79 - in { 80 - description = "Tranquil PDS"; 81 - after = ["network.target"]; 82 - wantedBy = ["multi-user.target"]; 83 - enableStrictShellChecks = true; 84 - 85 - preStart = '' 86 - mkdir -p "${conf.dataDir}" "${blobPath}" "${backupPath}" 87 - echo "Running Migrations..." 88 - ${lib.getExe pkgs.sqlx-cli} migrate run --source "${inputs.cocoon.outPath}/migrations" -D ${dbUrl} 89 - echo "Complete." 90 - chown -R ${conf.userName}:${conf.userName} "${conf.dataDir}" 91 - ''; 92 - 93 - script = '' 94 - JWT_SECRET=$(cat $CREDENTIALS_DIRECTORY/jtw.key) \ 95 - DPOP_SECRET=$(cat $CREDENTIALS_DIRECTORY/dpop.key) \ 96 - MASTER_KEY=$(cat $CREDENTIALS_DIRECTORY/master.key) \ 97 - ${lib.getExe pkgs.cocoon} 98 - ''; 99 - 100 - serviceConfig = { 101 - User = conf.userName; 102 - PermissionsStartOnly = true; 103 - WorkingDirectory = conf.dataDir; 104 - Restart = "always"; 105 - RestartSec = "5s"; 106 - ProtectSystem = true; 107 - ProtectHome = true; 108 - PrivateTmp = true; 109 - ReadWritePaths = conf.dataDir; 110 - LoadCredential = builtins.map (v: "${v}:${conf.secretsDir}/${v}.key") [ 111 - "jwt" 112 - "dpop" 113 - "master" 114 - ]; 115 - Environment = let 116 - boolToEnv = b: 117 - if b 118 - then "1" 119 - else "0"; 120 - in 121 - lib.mapAttrsToList (k: v: "${k}=${v}") { 122 - SERVER_HOST = "127.0.0.1"; 123 - SERVER_PORT = builtins.toString conf.port; 124 - 125 - PDS_HOSTNAME = conf.hostname; 126 - DATABASE_URL = dbUrl; 127 - 128 - BLOB_STORAGE_PATH = blobPath; 129 - BACKUP_STORAGE_PATH = backupPath; 130 - 131 - ACCEPTING_REPO_IMPORTS = boolToEnv conf.acceptRepoImports; 132 - INVITE_CODE_REQUIRED = boolToEnv conf.inviteCodeRequired; 133 - CONTACT_EMAIL = conf.metadata.email; 134 - PDS_AGE_ASSURANCE_OVERRIDE = boolToEnv conf.ageAssuranceOverride; 135 - }; 136 - }; 137 - }; 138 - }; 139 - }