zoey/config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

push changes

Browse source
This commit is contained in:
zack 2024-11-13 20:35:13 -05:00
parent 6ea10852a9
commit 9aa6f3fdbe
No known key found for this signature in database
GPG key ID: 5F873416BCF59F35
20 changed files with 573 additions and 277 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/hardware/audio/default.nix
View file

@ -26,8 +26,8 @@ in {
extraConfig.pipewire.adjust-sample-rate = {
"context.properties" = {
"default.clock.rate" = 96000;
"default.allowed-rates" = [96000];
"default.clock.rate" = 48000;
"default.allowed-rates" = [48000];
};
};

1
modules/nixos/sites/hydra/default.nix
View file

@ -40,6 +40,7 @@ in {
"git+ssh://github.com/"
"git+https://git.zoeys.computer/"
"git+ssh://git.zoeys.computer/"
"path:"
];
trustedUsers = ["hydra"]; # Ensure hydra user is trusted for nix
buildMachines = [

1
modules/nixos/sites/pds/atproto/.well-known/atproto-did Normal file
View file

@ -0,0 +1 @@
did:plc:xcdmmzavba7hda7cdllvnm3q

11
modules/nixos/sites/pds/cloudflare.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 lGzg3g ubKqOxjQuETum4jFizgaF7Howiz/Q8jyaOHoXgovd18
DDVTAdDUGQUmJte2+VdmRfzlMdoT9534SKJDCAo8z1w
-> ssh-ed25519 s+NXzQ G46FDbxKPW3tpE46NiUZY6TZcWzgZ4lS4eYmjz4oJhc
iv11dp9dWYnWACkWG9xorOzpEl1689qnQImdJby/ip4
-> ssh-ed25519 yEtzbQ 9s9q70RO4zrKGf6ih80jyD+roAUJIHjyQQKRqNo0SGg
xTE6HvJt2n99B6ltwlmFSdw5nnSIcVb444BTHXOjVUI
-> ssh-ed25519 RMNffg Meu8usfE+zFiZnOAEjCvEEQ13VBxCmlo79OLDQ0Ppyo
zqh3VzlfeFBNA/SgdD+wFgfKaWYNmN1UcwrRn8JEj70
--- 0OGQgnI656lh0EnAxN5Pygo6DbcN/fVETwR055tEP+E
Ok8<6B>3?¹ Û™­]#¬Ð…z=«Y<C2AB> Û6P NñšÄDÚ#P:Å•”Å7Á<^8Í<õCªí‰ÅŸ1/ 8f7¶_ùã p5« .÷L|<7C>g6 y+¡ÚúM;P'n%wŒŒ)~år8XÖNaÆÿ¦´PZU£&Qì³,Èe

224
modules/nixos/sites/pds/default.nix Normal file
View file

@ -0,0 +1,224 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.atproto-pds;
in {
options.services.atproto-pds = {
enable = mkEnableOption "Bluesky Personal Data Server container";
dataDir = mkOption {
type = types.path;
default = "/pds";
description = "Directory to store PDS data, maps to /pds inside container.";
};
blobStorage = {
type = mkOption {
type = types.enum ["disk" "s3"];
default = "disk";
description = "Type of blob storage to use (disk or s3).";
};
# Disk-specific options
diskPath = mkOption {
type = types.str;
default = "/pds/blocks";
description = "Path for disk-based blob storage.";
};
# S3-specific options
s3 = {
endpoint = mkOption {
type = types.nullOr types.str;
default = null;
description = "S3 endpoint URL (optional, for non-AWS S3).";
};
bucket = mkOption {
type = types.str;
default = "";
description = "S3 bucket name.";
};
region = mkOption {
type = types.str;
default = "us-east-1";
description = "AWS region for S3.";
};
};
};
environmentFile = mkOption {
type = types.path;
default = "/pds/pds.env";
description = "Environment file for PDS configuration.";
};
image = mkOption {
type = types.str;
default = "ghcr.io/bluesky-social/pds";
description = "PDS container image to use.";
};
imageTag = mkOption {
type = types.str;
default = "0.4";
description = "Tag of the PDS container image.";
};
port = mkOption {
type = types.port;
default = 3000;
description = "Port on which PDS will listen.";
};
useHostNetwork = mkOption {
type = types.bool;
default = false;
description = "Whether to use host networking. Set to false to use port mapping instead.";
};
nginx = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable nginx virtual host.";
};
domain = mkOption {
type = types.str;
default = "zoeys.computer";
description = "Domain name for the PDS server.";
};
subdomainPrefix = mkOption {
type = types.str;
default = "*";
description = "Subdomain prefix for PDS (e.g., pds.zoeys.computer).";
};
useACME = mkOption {
type = types.bool;
default = true;
description = "Whether to enable automatic HTTPS certificates via ACME.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Additional nginx configuration.";
};
};
};
config = mkIf cfg.enable {
age.secrets = {
pds = {
file = ./pds.age;
};
cloudflare = {
file = ./cloudflare.age;
};
};
# Ensure directories exist
systemd.tmpfiles.rules =
[
"d '${cfg.dataDir}' 0750 root root - -"
# Create blocks directory if using disk storage
]
++ optional (cfg.blobStorage.type == "disk")
"d '${cfg.blobStorage.diskPath}' 0750 root root - -";
# Docker container configuration
virtualisation.oci-containers = {
backend = "docker";
containers.pds = {
image = "${cfg.image}:${cfg.imageTag}";
autoStart = true;
extraOptions =
[
"--name=pds"
"--env-file=${config.age.secrets.pds.path}"
]
++ (optional cfg.useHostNetwork "--network=host");
# Add port mapping if not using host network
ports = mkIf (!cfg.useHostNetwork) [
"${toString cfg.port}:3000"
];
# Match docker-compose volumes
volumes = [
"${cfg.dataDir}:/pds"
];
};
};
# Nginx configuration remains the same as before
services.nginx = mkIf cfg.nginx.enable {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"${cfg.nginx.domain}" = {
enableACME = cfg.nginx.useACME;
forceSSL = cfg.nginx.useACME;
locations = {
"~ ^/xrpc/(.*)$" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
"~ ^/.well-known/atproto-did$" = {
root = ./atproto;
extraConfig = ''
default_type text/plain;
'';
};
};
};
"~^(?<subdomain>.+)\\.${cfg.nginx.domain}" = {
useACMEHost = "pds.zoeys.computer";
forceSSL = cfg.nginx.useACME;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
${cfg.nginx.extraConfig}
'';
};
};
};
};
security.acme.certs = mkIf cfg.nginx.useACME {
"pds.zoeys.computer" = {
domain = "*.zoeys.computer";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.cloudflare.path;
group = config.services.nginx.group;
};
};
};
}

BIN
modules/nixos/sites/pds/pds.age Normal file
View file

Binary file not shown.

29
modules/nixos/ui/fonts/default.nix
View file

@ -29,20 +29,21 @@ in {
lexend
jost
dejavu_fonts
(pkgs-unstable.iosevka.override {
set = "Custom";
privateBuildPlan = ''
[buildPlans.IosevkaCustom]
family = "Iosevka"
spacing = "normal"
serifs = "sans"
noCvSs = true
exportGlyphNames = true
[buildPlans.IosevkaCustom.variants]
inherits = "ss14"
'';
})
iosevka
# (pkgs-unstable.iosevka.override {
# set = "Custom";
# privateBuildPlan = ''
# [buildPlans.IosevkaCustom]
# family = "Iosevka"
# spacing = "normal"
# serifs = "sans"
# noCvSs = true
# exportGlyphNames = true
#
# [buildPlans.IosevkaCustom.variants]
# inherits = "ss14"
# '';
# })
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji