nixos/services/pds: add captcha · isabelroses.com/dotfiles@a972222

+17 -4

2 changed files

expand all

modules

nixos

services

pds

default.nix

secrets

services

pds.yaml

+14 -1

modules/nixos/services/pds/default.nix

··· 80 80 81 81 # if your reading this you probably don't want this unless you 82 82 # intend to host a public free to join instance 83 - PDS_INVITE_REQUIRED = "false"; 83 + PDS_INVITE_REQUIRED = "true"; 84 84 PDS_SERVICE_HANDLE_DOMAINS = ".tgirl.beauty"; 85 85 86 86 # custom session duration: 30 days ··· 115 115 cp ${./two_factor_code.hbs} $out/two_factor_code.hbs 116 116 '' 117 117 ); 118 + 119 + # we want captcha for account creation, make sure to pick up 120 + # `PDS_HCAPTCHA_SECRET_KEY` and `PDS_HCAPTCHA_SITE_KEY` from the 121 + # something like <https://www.hcaptcha.com/> 122 + GATEKEEPER_CREATE_ACCOUNT_CAPTCHA = "true"; 123 + GATEKEEPER_DEFAULT_CAPTCHA_REDIRECT = "https://pds.tgirl.cloud"; 124 + GATEKEEPER_CAPTCHA_SUCCESS_REDIRECTS = concatStringsSep "," [ 125 + "https://bsky.app" 126 + "https://pdsmoover.com" 127 + "https://blacksky.community" 128 + "https://tektite.cc" 129 + "https://pds.tgirl.cloud" 130 + ]; 118 131 119 132 # we need to share a lot of secrets between pds and gatekeeper 120 133 PDS_ENV_LOCATION = config.sops.secrets.pds-env.path;

+3 -3

secrets/services/pds.yaml

··· 1 1 pds-env: ENC[AES256_GCM,data:h6F9Q5edcqpCGwJz3KuFcYi4eYHKCrKwatb9RMn3VhdHk0tv7w14tmAutF57XAFweDgdyx13+mLjzKslhS/P6waWNomZRIoPAsv8bVkIQ53q7mQF88oKeje8x1DBH9NbQP0Jdp73WjZ0eoX4e95DCsU5kUKk2jocnUBO9EWh7cPi1/VFPwYFScIUU027hIopb5s8zEJh4hQ2S8mkJ7DTNDvyJ41/ivsqEdDq9ATM9T3vv986v7/cwp0XwAdgCAn+vzQCaFI3ZClBh9a/B7663m30+JaXK5PCHUS4BfCFx7Y2dM3IoTop0WO6m8OFwZgSg7T93aquiCuyzJGmwxnxVdJh0Synrql6bZza7ARB/p0sQgwYbAf5aFpSsS6QcvQy/HiZH9cm0tJQ47qImPKNtGAvahjknkoDgWgVc7UHyZIUHjQAR4TVjcFwh29unmA8VhzAV40s,iv:93O4qjEXaEQmmDpOr0llQ9bb6DLtiSlM6Uim9/X7lTc=,tag:B/V8Z2n3cWIgc1t3hzxhlQ==,type:str] 2 2 pds-dash: ENC[AES256_GCM,data:merrAdgkuGBwjA4WGmEhlwfjkYy8zDjX4/NBKH6/JFyYa2zTCppNefycGBGWwOGdeFuTTLU=,iv:NOCqGWVgXj9N4HoghAWaeUItrbRmzs2T+WWRzjtvxi4=,tag:mM0OyYPNClptWXXXHTvc9A==,type:str] 3 - pds-gatekeeper: ENC[AES256_GCM,data:UvV6+SiiNx9UP0Qyxd5ovQug+wo4DcCb/0+qSWCzRHqZGm5HsCMASAPj3zTQR/NIcdSCHcOFVFHuBfXJrtJlJGXxIiRMVRJBsDbuLpx3yzUqi1K6,iv:1kL56HIQgoR1gxy3MZQ/HdRAEYAl4eB3WyMYa8ku3uE=,tag:OYbpaUxONM9BMA+PCJFtaw==,type:str] 3 + pds-gatekeeper: ENC[AES256_GCM,data:j3GMCnc54AcT860m3f3Bzw3mFCEbMd5eZc1OOZJxRMynn6Ix5gmlvFSjlt8jRBPKnKcTDFLcbeNqID0pzymbiCBl6BpQpx38V6etxq3kBT2rGUzeIcq27L6KKdy8KQooFYHXo9GDxVzsf//ZZ1SUaQGYXWC0uYvpTm7L9Qt3+CjqcJk5ceWcjLGg2nmuUK2hnpwqy/Oc2QlQ61VYIbpuv67M/cFsX0ru0NAZEHwT3cH0c3Sg3ZFN5uAq87v1gG+8Gm9t9DQoodvNNkU=,iv:weMltc+DO7ENNgKWw/7OUVTS6oAX58ZiL3tSSWSJr1s=,tag:xrZZX0WtY8PKDmZf2YEjdA==,type:str] 4 4 sops: 5 5 age: 6 6 - recipient: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQDiHbMSinj8twL9cTgPOfI6OMexrTZyHX27T8gnMj2 ··· 73 73 xBpNj3VHVWzF63+eAXa6/WlKzxtb5UUY+m3Ke8JPTRQTLyEVQ0lkAhMUiYoquJDE 74 74 W5cvlg== 75 75 -----END AGE ENCRYPTED FILE----- 76 - lastmodified: "2026-03-04T02:59:28Z" 77 - mac: ENC[AES256_GCM,data:iHeDTtFCbsv0VMFtW34FWBvMrv6QHHORe4xx7kcQ8ECcvmvaox9H++qwgt6x77i1qC84hh1rcJSYEs9Nb6RMYlByd/xROCcskxFaIcfd4a8obvEui88KZ5UxfxDYnyRLNFzY0EZKBwsI1fhbw9V0Va4+OeILBa0jgRqGYELgqvI=,iv:jqeFX8vBM05XgYJob06AoBsVpDFxI3QyNRu81lvKW2U=,tag:uER/V5I47awm9WNTzJCpSA==,type:str] 76 + lastmodified: "2026-03-16T20:40:48Z" 77 + mac: ENC[AES256_GCM,data:4a/Zwq34vI3cltJLaa/HSoLBqIFrgXH6VFENVUyLJNH0BK0fbMPIFRFpfj8mksAiRej9JNIauo6/n9+0DGuT+iKq/o2i6AwB6O7CfzdZuBcCu59C/ZlxnJtc5UHl9KsCSlE+kAMKzLmi42/qnFgQJ9txs3hKiSB01jSIAKLsKjo=,iv:Erqy96dlhrODtkohjFVBOjg9D3gbtp3GUOIhr7CKLks=,tag:zkjtnC6+MFvHG2Ru9J431Q==,type:str] 78 78 unencrypted_suffix: _unencrypted 79 79 version: 3.12.1

Configure Feed

Configure Feed