feat(pm)!: switch bluesky pds to tranquil PDS #202

Tranquil PDS has features we prefer to bluesky's, such as OIDC on accounts. Let's switch over!

BREAKING-CHANGE: You are required to manually migrate accounts to the new PDS. Not doing this will cause data loss.

+23 -35

2 changed files

Interdiff #0 → #1

expand all

unified split

npins

sources.json

packetmix

systems

teal

pds.nix

npins/sources.json

This file has not been changed.

+23 -35

packetmix/systems/teal/pds.nix

··· 15 15 16 16 services.tranquil-pds = { 17 17 enable = true; 18 - secretsFile = "/secrets/pds/environmentFile"; 18 + environmentFiles = [ 19 + "/secrets/pds/environmentFile" 20 + ]; 19 21 20 22 database.createLocally = true; 21 23 22 - nginx = { 23 - enable = true; 24 - openFirewall = false; # This should definitely be done elsewhere(!!) 25 - }; 24 + nginx.enable = true; 26 25 27 26 settings = { 28 - server = { 29 - pdsHostname = "at.freshly.space"; 30 - host = "127.0.0.1"; 31 - port = 1039; 32 - }; 27 + SERVER_HOST = "127.0.0.1"; 28 + SERVER_PORT = 1039; 33 29 34 - cache.valkeyUrl = "unix://${config.services.redis.servers.tranquil-pds.unixSocket}"; 30 + PDS_HOSTNAME = "at.freshly.space"; 35 31 36 - storage.blobBackend = "filesystem"; 37 - backup = { 38 - enable = true; 39 - backend = "filesystem"; 40 - }; 32 + MAIL_FROM_NAME = "Freshly PDS"; 33 + MAIL_FROM_ADDRESS = "pds@freshly.space"; 34 + SENDMAIL_PATH = "${pkgs.msmtp}/bin/sendmail"; 35 + 36 + VALKEY_URL = "unix://${config.services.redis.servers.tranquil-pds.unixSocket}"; 41 37 42 - notifications = { 43 - mailFromAddress = "pds@freshly.space"; 44 - mailFromName = "Freshly PDS"; 45 - sendmailPath = "${pkgs.msmtp}/bin/sendmail"; 46 - }; 38 + BACKUP_ENABLED = "true"; 39 + 40 + ACCEPTING_REPO_IMPORTS = "true"; 47 41 48 - import.accepting = true; 42 + INVITE_CODE_REQUIRED = "true"; 43 + AVAILABLE_USER_DOMAINS = "at.freshly.space,at.freshlybakedca.ke"; 44 + ENABLE_SELF_HOSTED_DID_WEB = "false"; 49 45 50 - registration = { 51 - inviteCodeRequired = true; 52 - availableUserDomains = "at.freshly.space,at.freshlybakedca.ke"; 53 - enableSelfHostedDidWeb = false; 54 - }; 55 - 56 - misc.ageAssuranceOverride = true; 46 + PDS_AGE_ASSURANCE_OVERRIDE = "true"; 57 47 # Our PDS is private 58 48 # Therefore, we have verified the age of everyone on the service is over the age of majority - and we didn't need KWS to do it! 59 49 60 - sso.oidc = { 61 - enable = true; 62 - clientId = "pds"; 63 - issuer = "https://idm.freshly.space/oauth2/openid/pds/"; 64 - name = "Freshly IDM"; 65 - }; 50 + SSO_OIDC_ENABLED = "true"; 51 + SSO_OIDC_CLIENT_ID = "pds"; 52 + SSO_OIDC_ISSUER = "https://idm.freshly.space/oauth2/openid/pds/"; 53 + SSO_OIDC_NAME = "Freshly IDM"; 66 54 }; 67 55 }; 68 56