bwc9876.dev / nixos-config
Flake for my NixOS devices
fork atom

cocoon fix

bwc9876.dev 0ee93d53 3b8340ab

verified
+53 -53
unified split
+53 -53
nixosModules/cocoon.nix
··· 1 - { inputs, ... }: 2 - { 3 config, 4 lib, 5 pkgs, 6 ... 7 - }: 8 - { 9 options.cow.cocoon = { 10 enable = lib.mkEnableOption "Cocoon PDS"; 11 - package = lib.mkPackageOption { 12 - description = "Package to use, defaults to latest release on GH"; 13 - default = pkgs.cocoon.overrideAttrs (prev: next: { 14 src = pkgs.fetchFromGitHub { 15 owner = "haileyok"; 16 repo = "cocoon"; 17 - ref = "v0.8.4"; 18 - hash = ""; 19 }; 20 }); 21 }; ··· 61 relays = lib.mkOption { 62 type = lib.types.listOf lib.types.str; 63 description = "Relay servers to use for event syncing"; 64 - default = [ "https://bsky.network" ]; 65 }; 66 fallbackProxy = lib.mkOption { 67 type = lib.types.str; ··· 74 }; 75 }; 76 77 - config = 78 - let 79 - conf = config.cow.cocoon; 80 - in 81 lib.mkIf conf.enable { 82 cow.imperm.keep = [ 83 conf.dataDir 84 ]; 85 86 services.nginx.virtualHosts.${conf.hostname} = { 87 - serverAliases = [ ".${conf.hostname}" ]; 88 89 # All stolen from Isabel 90 # https://github.com/isabelroses/dotfiles/blob/262ae19c1e92be5d759f40020e894113ba5d5d44/modules/nixos/services/pds/default.nix 91 - locations = 92 - let 93 - mkAgeAssured = state: { 94 - return = "200 '${builtins.toJSON state}'"; 95 - extraConfig = '' 96 - default_type application/json; 97 - add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 98 - add_header access-control-allow-origin "*" always; 99 - add_header X-Frame-Options SAMEORIGIN always; 100 - add_header X-Content-Type-Options nosniff; 101 - ''; 102 - }; 103 - in 104 - { 105 - "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 106 lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 107 status = "assured"; 108 }; 109 - "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 110 - regions = [ ]; 111 }; 112 - "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 113 - state = { 114 - lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 115 - status = "assured"; 116 - access = "full"; 117 - }; 118 - metadata = { 119 - accountCreatedAt = "2026-01-19T05:59:50.391Z"; 120 - }; 121 - }; 122 123 - # pass everything else to the pds 124 - "/" = { 125 - proxyPass = "http://localhost:${toString conf.port}"; 126 - proxyWebsockets = true; 127 - extraConfig = '' 128 - add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 129 - ''; 130 - }; 131 }; 132 }; 133 134 users.users.${conf.userName} = { ··· 139 group = conf.userName; 140 }; 141 142 - users.groups.${conf.userName} = { }; 143 144 systemd.services.cocoon = { 145 description = "Cocoon PDS"; 146 - after = [ "network.target" ]; 147 - wantedBy = [ "multi-user.target" ]; 148 enableStrictShellChecks = true; 149 150 preStart = ''
··· 1 + {inputs, ...}: { 2 config, 3 lib, 4 pkgs, 5 ... 6 + }: { 7 options.cow.cocoon = { 8 enable = lib.mkEnableOption "Cocoon PDS"; 9 + package = lib.mkOption { 10 + type = lib.types.package; 11 + description = "Cocoon package to use, defaults to latest release on GH"; 12 + default = pkgs.cocoon.overrideAttrs (prev: next: let 13 + version = "0.8.4"; 14 + in { 15 + inherit version; 16 + vendorHash = "sha256-bux3OfHT8f1FVpBAZUP23vo8M6h8nPTJbi/GTUzhdc4="; 17 src = pkgs.fetchFromGitHub { 18 owner = "haileyok"; 19 repo = "cocoon"; 20 + tag = "v${version}"; 21 + hash = "sha256-xXXHJcI3icsCeOeI+6L/waK3+UtjhBZosQPLoGN1TiY="; 22 }; 23 }); 24 }; ··· 64 relays = lib.mkOption { 65 type = lib.types.listOf lib.types.str; 66 description = "Relay servers to use for event syncing"; 67 + default = ["https://bsky.network"]; 68 }; 69 fallbackProxy = lib.mkOption { 70 type = lib.types.str; ··· 77 }; 78 }; 79 80 + config = let 81 + conf = config.cow.cocoon; 82 + in 83 lib.mkIf conf.enable { 84 cow.imperm.keep = [ 85 conf.dataDir 86 ]; 87 88 services.nginx.virtualHosts.${conf.hostname} = { 89 + serverAliases = [".${conf.hostname}"]; 90 91 # All stolen from Isabel 92 # https://github.com/isabelroses/dotfiles/blob/262ae19c1e92be5d759f40020e894113ba5d5d44/modules/nixos/services/pds/default.nix 93 + locations = let 94 + mkAgeAssured = state: { 95 + return = "200 '${builtins.toJSON state}'"; 96 + extraConfig = '' 97 + default_type application/json; 98 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 99 + add_header access-control-allow-origin "*" always; 100 + add_header X-Frame-Options SAMEORIGIN always; 101 + add_header X-Content-Type-Options nosniff; 102 + ''; 103 + }; 104 + in { 105 + "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 106 + lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 107 + status = "assured"; 108 + }; 109 + "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 110 + regions = []; 111 + }; 112 + "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 113 + state = { 114 lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 115 status = "assured"; 116 + access = "full"; 117 }; 118 + metadata = { 119 + accountCreatedAt = "2026-01-19T05:59:50.391Z"; 120 }; 121 + }; 122 123 + # pass everything else to the pds 124 + "/" = { 125 + proxyPass = "http://localhost:${toString conf.port}"; 126 + proxyWebsockets = true; 127 + extraConfig = '' 128 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 129 + ''; 130 }; 131 + }; 132 }; 133 134 users.users.${conf.userName} = { ··· 139 group = conf.userName; 140 }; 141 142 + users.groups.${conf.userName} = {}; 143 144 systemd.services.cocoon = { 145 description = "Cocoon PDS"; 146 + after = ["network.target"]; 147 + wantedBy = ["multi-user.target"]; 148 enableStrictShellChecks = true; 149 150 preStart = ''