bwc9876.dev / nixos-config
this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Clean up cocoon and tangled modules

Ben C c902cc86 5d6b6e7c

+92 -64
+28 -28
flake.lock
··· 284 284 "treefmt-nix": "treefmt-nix" 285 285 }, 286 286 "locked": { 287 - "lastModified": 1768913476, 288 - "narHash": "sha256-HZOtq5p1UTdbjZG1nvB91E7m4T2JzzXg4cCrrqyTmgA=", 287 + "lastModified": 1769601612, 288 + "narHash": "sha256-iT3FhnJ4iY1WHg2U/0XwKHFVyjAYI1tAlsoCfm7ESTw=", 289 289 "owner": "m15a", 290 290 "repo": "flakelight-treefmt", 291 - "rev": "9bc6dbc915037034e9c73bb74ba8afa86372bce2", 291 + "rev": "2eaa23b50d4bba2161ff550663b1bb36372623cb", 292 292 "type": "github" 293 293 }, 294 294 "original": { ··· 453 453 ] 454 454 }, 455 455 "locked": { 456 - "lastModified": 1769450270, 457 - "narHash": "sha256-pdVm/zJazDUAasTyHFX/Pbrlk9Upjxi0yzgn7GjGe4g=", 456 + "lastModified": 1769579508, 457 + "narHash": "sha256-EE2bs7xFrC64qrj0N2zP6E6e/nmhcdw6v/grdYi+BiY=", 458 458 "owner": "nix-community", 459 459 "repo": "home-manager", 460 - "rev": "a10c1e8f5ad2589414407f4851c221cb66270257", 460 + "rev": "eec72f127831326b042d1f35003767a4ab6a9516", 461 461 "type": "github" 462 462 }, 463 463 "original": { ··· 513 513 ] 514 514 }, 515 515 "locked": { 516 - "lastModified": 1768941735, 517 - "narHash": "sha256-OyxsfXNcOkt06/kM+4bnuC8moDx+t7Qr+RB0BBa83Ig=", 516 + "lastModified": 1769548169, 517 + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", 518 518 "owner": "nix-community", 519 519 "repo": "impermanence", 520 - "rev": "69ecf31e8fddc9354a4b418f3a517445d486bb54", 520 + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", 521 521 "type": "github" 522 522 }, 523 523 "original": { ··· 639 639 "xwayland-satellite-unstable": "xwayland-satellite-unstable" 640 640 }, 641 641 "locked": { 642 - "lastModified": 1769500166, 643 - "narHash": "sha256-ycYlPMg7WIWAh+Ni9+g4ZGdWGIFmBjCz+hFUVQMmBS8=", 642 + "lastModified": 1769582851, 643 + "narHash": "sha256-T2a9J3iZ+p+dSmrd8mGgehvXrzwnFlMF22BmBqYHkVg=", 644 644 "owner": "sodiboo", 645 645 "repo": "niri-flake", 646 - "rev": "f23ab93b35dbc90e666327310767edeed622e431", 646 + "rev": "8942525e9d5c79f6b47cffef4992454c9b3f9b69", 647 647 "type": "github" 648 648 }, 649 649 "original": { ··· 672 672 "niri-unstable": { 673 673 "flake": false, 674 674 "locked": { 675 - "lastModified": 1769494881, 676 - "narHash": "sha256-tWgA1QwSbabVaBAT7eU6qmiYH19jIn5D9pQb/uUFs0c=", 675 + "lastModified": 1769577126, 676 + "narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=", 677 677 "owner": "YaLTeR", 678 678 "repo": "niri", 679 - "rev": "e1015ac92f07dba4d030358642d1920a324a8629", 679 + "rev": "f30db163b5748e8cf95c05aba77d0d3736f40543", 680 680 "type": "github" 681 681 }, 682 682 "original": { ··· 722 722 }, 723 723 "nixpkgs": { 724 724 "locked": { 725 - "lastModified": 1769170682, 726 - "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", 725 + "lastModified": 1769461804, 726 + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", 727 727 "owner": "NixOS", 728 728 "repo": "nixpkgs", 729 - "rev": "c5296fdd05cfa2c187990dd909864da9658df755", 729 + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", 730 730 "type": "github" 731 731 }, 732 732 "original": { ··· 761 761 "systems": "systems" 762 762 }, 763 763 "locked": { 764 - "lastModified": 1769418848, 765 - "narHash": "sha256-jLSg9IkglcIw64kU1utXxsxXhiVdD45dkh9ZJKaFQ7U=", 764 + "lastModified": 1769537308, 765 + "narHash": "sha256-N7famD4s2hiDIicr9mJWhUj8l9EULB60+1QN/S+UjeM=", 766 766 "owner": "nix-community", 767 767 "repo": "nixvim", 768 - "rev": "c19a0517ddeed4c1548611e42e187048fc2e5dcf", 768 + "rev": "7addac6d111837217c16762968a9042eac703f7e", 769 769 "type": "github" 770 770 }, 771 771 "original": { ··· 1072 1072 "sqlite-lib-src": "sqlite-lib-src" 1073 1073 }, 1074 1074 "locked": { 1075 - "lastModified": 1769508314, 1076 - "narHash": "sha256-NO6zA56l1qqBs44oXdMuIjyGIcL0EGwZ95bGnd5ZT0s=", 1075 + "lastModified": 1769592915, 1076 + "narHash": "sha256-WsAOFNVPoXCDdBzd60XvbpH2FNaR+WmRdtxKY7iAME0=", 1077 1077 "ref": "refs/heads/master", 1078 - "rev": "dc2cc2b318297aaca96f29a7db9c6b2eaeba092b", 1079 - "revCount": 1896, 1078 + "rev": "c2049613392b034666f88e5c2b55d991f0c51040", 1079 + "revCount": 1898, 1080 1080 "type": "git", 1081 1081 "url": "https://tangled.org/tangled.org/core" 1082 1082 }, ··· 1094 1094 ] 1095 1095 }, 1096 1096 "locked": { 1097 - "lastModified": 1768158989, 1098 - "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", 1097 + "lastModified": 1769515380, 1098 + "narHash": "sha256-CWWK3PaQ7zhr+Jcf5zyaTR2cfRBXPo09H7+5nWApL8s=", 1099 1099 "owner": "numtide", 1100 1100 "repo": "treefmt-nix", 1101 - "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", 1101 + "rev": "9911802c2822def2eec3d22e2cafd1619ede94a5", 1102 1102 "type": "github" 1103 1103 }, 1104 1104 "original": {
+14
nixosConfigurations/black-mesa.nix
··· 111 111 rotationPath = secure "rotation.key"; 112 112 adminPassPath = secure "admin.pass"; 113 113 sessionSecretPath = secure "session.key"; 114 + relays = [ 115 + "https://bsky.network" 116 + "https://relay.cerulea.blue" 117 + "https://relay.fire.hose.cam" 118 + "https://relay2.fire.hose.cam" 119 + "https://relay3.fr.hose.cam" 120 + "https://relay.hayescmd.net" 121 + "https://relay.xero.systems" 122 + "https://relay.upcloud.world" 123 + "https://relay.feeds.blue" 124 + "https://atproto.africa" 125 + "https://relay.whey.party" 126 + ]; 114 127 email = "ben@bwc9876.dev"; 115 128 hostname = "pds.bwc9876.dev"; 116 129 }; ··· 136 149 recommendedProxySettings = true; 137 150 experimentalZstdSettings = true; 138 151 152 + # TODO: HTTP Challenge instead? 139 153 virtualHosts."knot.bwc9876.dev" = { 140 154 addSSL = true; 141 155 acmeRoot = null; # Doing DNS challenges
+15 -20
nixosModules/cocoon.nix
··· 5 5 ... 6 6 }: { 7 7 options.cow.cocoon = { 8 - enable = lib.mkEnableOption "Cocoon PDS with postgresql"; 8 + enable = lib.mkEnableOption "Cocoon PDS"; 9 9 did = lib.mkOption { 10 10 type = lib.types.str; 11 11 description = "DID of server owner"; ··· 44 44 email = lib.mkOption { 45 45 type = lib.types.str; 46 46 description = "Contact email for this PDS' administrator"; 47 + }; 48 + relays = lib.mkOption { 49 + type = lib.types.listOf lib.types.str; 50 + description = "Relay servers to use for event syncing"; 51 + default = ["https://bsky.network"]; 52 + }; 53 + fallbackProxy = lib.mkOption { 54 + type = lib.types.str; 55 + description = "Proxy for xrpc requests that we can't service"; 56 + default = "did:web:api.bsky.app#bsky_appview"; 47 57 }; 48 58 hostname = lib.mkOption { 49 59 type = lib.types.str; ··· 136 146 PrivateTmp = true; 137 147 ReadWritePaths = conf.dataDir; 138 148 LoadCredential = [ 139 - "jwt:${conf.jwkPath}" 149 + "jwk:${conf.jwkPath}" 140 150 "rotation:${conf.rotationPath}" 141 151 "adminPass:${conf.adminPassPath}" 142 152 "session:${conf.sessionSecretPath}" ··· 147 157 ADDR = ":${builtins.toString conf.port}"; 148 158 CONTACT_EMAIL = conf.email; 149 159 150 - # TODO: Don't hardcode 151 - RELAYS = lib.join "," [ 152 - "https://bsky.network" 153 - "https://relay.cerulea.blue" 154 - "https://relay.fire.hose.cam" 155 - "https://relay2.fire.hose.cam" 156 - "https://relay3.fr.hose.cam" 157 - "https://relay.hayescmd.net" 158 - "https://relay.xero.systems" 159 - "https://relay.upcloud.world" 160 - "https://relay.feeds.blue" 161 - "https://atproto.africa" 162 - "https://relay.whey.party" 163 - ]; 160 + RELAYS = lib.join "," conf.relays; 161 + FALLBACK_PROXY = conf.fallbackProxy; 164 162 165 - # TODO: Don't? 166 - FALLBACK_PROXY = "did:web:api.bsky.app#bsky_appview"; 167 - 168 - JWK_PATH = "%d/jwt"; 163 + JWK_PATH = "%d/jwk"; 169 164 ROTATION_KEY_PATH = "%d/rotation"; 170 165 171 166 DB_TYPE = "sqlite";
+5 -4
nixosModules/ssh-server.nix
··· 12 12 services.openssh = { 13 13 enable = true; 14 14 openFirewall = true; 15 - banner = '' 16 - -=≡ ${lib.toUpper config.networking.hostName} ≡=- 17 - 18 - ''; 15 + banner = let 16 + name = lib.toUpper config.networking.hostName; 17 + bleh = builtins.readFile ../res/bleh.txt; 18 + in 19 + lib.replaceString "$NAME$" name bleh; 19 20 listenAddresses = [ 20 21 { 21 22 addr = "0.0.0.0";
+28 -11
nixosModules/tangled.nix
··· 14 14 }; 15 15 knot = { 16 16 enable = lib.mkEnableOption "tangled knot service"; 17 + gitUser = lib.mkOption { 18 + type = lib.types.str; 19 + description = "Name of git user for SSH operations"; 20 + default = "git"; 21 + }; 22 + port = lib.mkOption { 23 + type = lib.types.port; 24 + default = 5555; 25 + description = "Port for HTTP traffic to listen on"; 26 + }; 27 + internalPort = lib.mkOption { 28 + type = lib.types.port; 29 + default = 5444; 30 + description = "Port for internal HTTP traffic to listen on"; 31 + }; 32 + stateDir = lib.mkOption { 33 + type = lib.types.str; 34 + description = "runtime path to store all state for the knot"; 35 + default = "/var/lib/tangled/knot"; 36 + }; 17 37 }; 18 38 }; 19 39 20 40 config = let 21 41 conf = config.cow.tangled; 22 - knotStateDir = "/var/lib/tangled-knot"; 23 - gitUser = "gurt"; 24 42 in { 25 - cow.imperm.keep = lib.optional conf.knot.enable knotStateDir; 43 + cow.imperm.keep = lib.optional conf.knot.enable conf.knot.stateDir; 26 44 27 45 services.tangled = { 28 46 knot = lib.mkIf conf.knot.enable { 29 47 enable = true; 30 - openFirewall = false; 31 - inherit gitUser; 32 - stateDir = knotStateDir; 33 - repo.scanPath = "${config.services.tangled.knot.stateDir}/repos"; 34 - motdFile = ../res/bleh.txt; 48 + openFirewall = lib.mkDefault false; 49 + inherit (conf.knot) gitUser stateDir; 50 + repo.scanPath = "${conf.knot.stateDir}/repos"; 35 51 server = { 36 - # Pub Port: 5555, Internal Port: 5444 52 + listenAddr = "127.0.0.1:${conf.knot.port}"; 53 + internalListenAddr = "127.0.0.1:${conf.knot.internalPort}"; 37 54 hostname = lib.mkDefault conf.hostname; 38 55 owner = lib.mkIf config.cow.bean.enable (lib.mkDefault config.cow.bean.atproto.did); 39 56 }; ··· 43 60 services.nginx.virtualHosts.${conf.hostname} = lib.mkIf conf.knot.enable { 44 61 locations = { 45 62 "/" = { 46 - proxyPass = "http://localhost:5555"; 63 + proxyPass = "http://localhost:${conf.knot.port}"; 47 64 recommendedProxySettings = true; 48 65 }; 49 66 "/events" = { 50 - proxyPass = "http://localhost:5555"; 67 + proxyPass = "http://localhost:${conf.knot.port}"; 51 68 proxyWebsockets = true; 52 69 recommendedProxySettings = true; 53 70 };
+2 -1
res/bleh.txt
··· 1 + -=≡ WELCOME TO $NAME$! ≡=- 2 + 1 3 ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⢠⡀⢠⡄⠀⡤⠀⣤⡀⠄⠀⠀⢠⡀⠀⠀⠀⠀⠀⠀⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣤⠤⠤⠤⢤⣤⠠⠠⡄⠠⠄⣤⡤⢤⣤⡤⠤⠤⣤⠀ 2 4 ⠀⠲⠠⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⢿⣤⣿⡆⢹⡄⢹⣓⡒⠀⠀⠘⢏⡳⢞⢲⡖⡶⠆⣾⣸⠀⠀⠀⠀⠀⠀⠀⠀⠰⣿⣿⣿⡂⢸⣿⣿⣶⡌⢋⡑⠀⣠⣼⣿⣄⡤⡤⠀⠀ 3 5 ⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⠋⣉⣛⠀⠁⠐⣘⢢⠀⠀⠀⠛⡍⠉⠡⠐⠀⠛⠛⠘⠀⠀⠀⢠⣬⠀⠆⠀⣿⣿⣿⣿⣿⣿⡟⢿⣿⣿⠆⢈⣛⣀⡘⠀⣰⡶⠀⠀⠀ ··· 29 31 ⠀⢠⠃⡔⡈⢆⠱⣈⢑⡊⡔⢣⢜⡰⢣⣞⡄⢹⡧⠀⣳⢬⡓⡼⡙⢎⡱⢎⡣⣝⡳⣿⡽⢞⡫⡕⠎⢈⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠂⠌⡀⢀⠈⠀⠀ 30 32 ⠀⠀⠈⠰⠡⠊⠔⠂⠧⠜⠜⠲⠎⠭⠣⠎⠡⠴⠿⠥⠡⠬⠳⠱⠙⠎⠱⠃⠹⠘⠱⠁⠌⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠂⠐⠀⠠⠀⠀ 31 33 32 -