hosts/trimounts/modules/atproto.nix at 44dd5280c3bcd62227ea199ebfa15b6c8e4445c9 · ptr.pet/ark

ptr.pet / ark

nix machine / user configurations

ark / hosts / trimounts / modules / atproto.nix

at 44dd5280c3bcd62227ea199ebfa15b6c8e4445c9 1.1 kB view raw

 1{ pkgs, lib, ... }:
 2let
 3  getFileType = name: if lib.hasSuffix ".json" name then "application/json" else "text/plain";
 4  mkWellKnownCfg = files: {
 5    quic = true;
 6    kTLS = true;
 7    locations = (
 8      lib.mapAttrs' (name: file: {
 9        name = "=/.well-known/${name}";
10        value = {
11          extraConfig = ''
12            alias ${file};
13            add_header access-control-allow-origin *;
14            default_type ${getFileType name};
15          '';
16        };
17      }) files
18    );
19  };
20  mkDidWebCfg = domain: {
21    "${domain}" =
22      (mkWellKnownCfg {
23        "did.json" = ../../../secrets/${domain}.did;
24        "atproto-did" = pkgs.writeText "server" "did:web:${domain}";
25      })
26      // (lib.optionalAttrs (lib.hasSuffix "gaze.systems" domain) {
27        useACMEHost = "gaze.systems";
28        forceSSL = true;
29        quic = true;
30        kTLS = true;
31      });
32  };
33  guestbookDid = "guestbook.gaze.systems";
34in
35{
36  security.acme.certs."gaze.systems".extraDomainNames = [guestbookDid];
37  services.nginx.virtualHosts = mkDidWebCfg guestbookDid;
38}