43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
|
{ config, lib, ... }:
|
||
|
|
||
|
let
|
||
|
bskySecretsFromVault = [
|
||
|
"PDS_ADMIN_PASSWORD"
|
||
|
"PDS_BLOBSTORE_S3_ACCESS_KEY_ID"
|
||
|
"PDS_BLOBSTORE_S3_SECRET_ACCESS_KEY"
|
||
|
"PDS_JWT_SECRET"
|
||
|
"PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX"
|
||
|
];
|
||
|
in {
|
||
|
imports = [ ../lib/bsky-pds.nix ];
|
||
|
|
||
|
my.services.bsky-pds = {
|
||
|
enable = true;
|
||
|
settings = {
|
||
|
pds_hostname = "pds.lukegb.com";
|
||
|
pds_admin_email = "bskypds@lukegb.com";
|
||
|
pds_blobstore_disk_location = null;
|
||
|
pds_blobstore_s3_bucket = "bsky-pds";
|
||
|
pds_blobstore_s3_region = "anywhere";
|
||
|
pds_blobstore_s3_endpoint = "https://objdump.zxcvbnm.ninja";
|
||
|
pds_blobstore_s3_force_path_style = false;
|
||
|
pds_blobstore_s3_upload_timeout_ms = 10000;
|
||
|
};
|
||
|
generateSecrets = false;
|
||
|
secrets = lib.listToAttrs (map (k: lib.nameValuePair (lib.toLower k) config.my.vault.secrets."bsky_${lib.toLower k}".path) bskySecretsFromVault);
|
||
|
};
|
||
|
|
||
|
my.vault.secrets = let
|
||
|
bskySecret = key: {
|
||
|
group = "bsky-pds";
|
||
|
template = ''
|
||
|
{{- with secret "kv/apps/bsky-pds" -}}
|
||
|
{{- .Data.data.${key} -}}
|
||
|
{{- end -}}
|
||
|
'';
|
||
|
};
|
||
|
in lib.listToAttrs (map (k: lib.nameValuePair "bsky_${lib.toLower k}" (bskySecret k)) bskySecretsFromVault);
|
||
|
users.groups.bsky-pds = {};
|
||
|
users.users.bsky-pds = { isSystemUser = true; group = "bsky-pds"; };
|
||
|
}
|