cocoon fix · bwc9876.dev/nixos-config@0ee93d5

bwc9876.dev / nixos-config

fork atom

Flake for my NixOS devices

fork atom

cocoon fix

bwc9876.dev 1 month ago 0ee93d53 3b8340ab

verified

+53 -53

1 changed file

expand all

unified split

nixosModules

cocoon.nix

+53 -53

nixosModules/cocoon.nix

··· 1 - { inputs, ... }: 2 - { 1 + {inputs, ...}: { 3 2 config, 4 3 lib, 5 4 pkgs, 6 5 ... 7 - }: 8 - { 6 + }: { 9 7 options.cow.cocoon = { 10 8 enable = lib.mkEnableOption "Cocoon PDS"; 11 - package = lib.mkPackageOption { 12 - description = "Package to use, defaults to latest release on GH"; 13 - default = pkgs.cocoon.overrideAttrs (prev: next: { 9 + package = lib.mkOption { 10 + type = lib.types.package; 11 + description = "Cocoon package to use, defaults to latest release on GH"; 12 + default = pkgs.cocoon.overrideAttrs (prev: next: let 13 + version = "0.8.4"; 14 + in { 15 + inherit version; 16 + vendorHash = "sha256-bux3OfHT8f1FVpBAZUP23vo8M6h8nPTJbi/GTUzhdc4="; 14 17 src = pkgs.fetchFromGitHub { 15 18 owner = "haileyok"; 16 19 repo = "cocoon"; 17 - ref = "v0.8.4"; 18 - hash = ""; 20 + tag = "v${version}"; 21 + hash = "sha256-xXXHJcI3icsCeOeI+6L/waK3+UtjhBZosQPLoGN1TiY="; 19 22 }; 20 23 }); 21 24 }; ··· 61 64 relays = lib.mkOption { 62 65 type = lib.types.listOf lib.types.str; 63 66 description = "Relay servers to use for event syncing"; 64 - default = [ "https://bsky.network" ]; 67 + default = ["https://bsky.network"]; 65 68 }; 66 69 fallbackProxy = lib.mkOption { 67 70 type = lib.types.str; ··· 74 77 }; 75 78 }; 76 79 77 - config = 78 - let 79 - conf = config.cow.cocoon; 80 - in 80 + config = let 81 + conf = config.cow.cocoon; 82 + in 81 83 lib.mkIf conf.enable { 82 84 cow.imperm.keep = [ 83 85 conf.dataDir 84 86 ]; 85 87 86 88 services.nginx.virtualHosts.${conf.hostname} = { 87 - serverAliases = [ ".${conf.hostname}" ]; 89 + serverAliases = [".${conf.hostname}"]; 88 90 89 91 # All stolen from Isabel 90 92 # https://github.com/isabelroses/dotfiles/blob/262ae19c1e92be5d759f40020e894113ba5d5d44/modules/nixos/services/pds/default.nix 91 - locations = 92 - let 93 - mkAgeAssured = state: { 94 - return = "200 '${builtins.toJSON state}'"; 95 - extraConfig = '' 96 - default_type application/json; 97 - add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 98 - add_header access-control-allow-origin "*" always; 99 - add_header X-Frame-Options SAMEORIGIN always; 100 - add_header X-Content-Type-Options nosniff; 101 - ''; 102 - }; 103 - in 104 - { 105 - "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 93 + locations = let 94 + mkAgeAssured = state: { 95 + return = "200 '${builtins.toJSON state}'"; 96 + extraConfig = '' 97 + default_type application/json; 98 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 99 + add_header access-control-allow-origin "*" always; 100 + add_header X-Frame-Options SAMEORIGIN always; 101 + add_header X-Content-Type-Options nosniff; 102 + ''; 103 + }; 104 + in { 105 + "/xrpc/app.bsky.unspecced.getAgeAssuranceState" = mkAgeAssured { 106 + lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 107 + status = "assured"; 108 + }; 109 + "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 110 + regions = []; 111 + }; 112 + "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 113 + state = { 106 114 lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 107 115 status = "assured"; 116 + access = "full"; 108 117 }; 109 - "/xrpc/app.bsky.ageassurance.getConfig" = mkAgeAssured { 110 - regions = [ ]; 118 + metadata = { 119 + accountCreatedAt = "2026-01-19T05:59:50.391Z"; 111 120 }; 112 - "/xrpc/app.bsky.ageassurance.getState" = mkAgeAssured { 113 - state = { 114 - lastInitiatedAt = "2026-01-19T05:59:50.391Z"; 115 - status = "assured"; 116 - access = "full"; 117 - }; 118 - metadata = { 119 - accountCreatedAt = "2026-01-19T05:59:50.391Z"; 120 - }; 121 - }; 121 + }; 122 122 123 - # pass everything else to the pds 124 - "/" = { 125 - proxyPass = "http://localhost:${toString conf.port}"; 126 - proxyWebsockets = true; 127 - extraConfig = '' 128 - add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 129 - ''; 130 - }; 123 + # pass everything else to the pds 124 + "/" = { 125 + proxyPass = "http://localhost:${toString conf.port}"; 126 + proxyWebsockets = true; 127 + extraConfig = '' 128 + add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always; 129 + ''; 131 130 }; 131 + }; 132 132 }; 133 133 134 134 users.users.${conf.userName} = { ··· 139 139 group = conf.userName; 140 140 }; 141 141 142 - users.groups.${conf.userName} = { }; 142 + users.groups.${conf.userName} = {}; 143 143 144 144 systemd.services.cocoon = { 145 145 description = "Cocoon PDS"; 146 - after = [ "network.target" ]; 147 - wantedBy = [ "multi-user.target" ]; 146 + after = ["network.target"]; 147 + wantedBy = ["multi-user.target"]; 148 148 enableStrictShellChecks = true; 149 149 150 150 preStart = ''