···
description = "Enable tangled appview";
description = "Package to use for the appview";
22
+
# core configuration
description = "Port to run the appview on";
29
+
listenAddr = mkOption {
31
+
default = "0.0.0.0:${toString cfg.port}";
32
+
description = "Listen address for the appview service";
37
+
default = "/var/lib/appview/appview.db";
38
+
description = "Path to the SQLite database file";
41
+
appviewHost = mkOption {
43
+
default = "https://tangled.org";
44
+
example = "https://example.com";
45
+
description = "Public host URL for the appview instance";
48
+
appviewName = mkOption {
50
+
default = "Tangled";
51
+
description = "Display name for the appview instance";
57
+
description = "Enable development mode";
60
+
disallowedNicknamesFile = mkOption {
61
+
type = types.nullOr types.path;
63
+
description = "Path to file containing disallowed nicknames";
66
+
# redis configuration
70
+
default = "localhost:6379";
71
+
description = "Redis server address";
77
+
description = "Redis database number";
81
+
# jetstream configuration
83
+
endpoint = mkOption {
85
+
default = "wss://jetstream1.us-east.bsky.network/subscribe";
86
+
description = "Jetstream WebSocket endpoint";
90
+
# knotstream consumer configuration
92
+
retryInterval = mkOption {
95
+
description = "Initial retry interval for knotstream consumer";
98
+
maxRetryInterval = mkOption {
101
+
description = "Maximum retry interval for knotstream consumer";
104
+
connectionTimeout = mkOption {
107
+
description = "Connection timeout for knotstream consumer";
110
+
workerCount = mkOption {
113
+
description = "Number of workers for knotstream consumer";
116
+
queueSize = mkOption {
119
+
description = "Queue size for knotstream consumer";
123
+
# spindlestream consumer configuration
125
+
retryInterval = mkOption {
128
+
description = "Initial retry interval for spindlestream consumer";
131
+
maxRetryInterval = mkOption {
134
+
description = "Maximum retry interval for spindlestream consumer";
137
+
connectionTimeout = mkOption {
140
+
description = "Connection timeout for spindlestream consumer";
143
+
workerCount = mkOption {
146
+
description = "Number of workers for spindlestream consumer";
149
+
queueSize = mkOption {
152
+
description = "Queue size for spindlestream consumer";
156
+
# resend configuration
158
+
sentFrom = mkOption {
160
+
default = "noreply@notifs.tangled.sh";
161
+
description = "Email address to send notifications from";
165
+
# posthog configuration
167
+
endpoint = mkOption {
169
+
default = "https://eu.i.posthog.com";
170
+
description = "PostHog API endpoint";
174
+
# camo configuration
178
+
default = "https://camo.tangled.sh";
179
+
description = "Camo proxy host URL";
183
+
# avatar configuration
187
+
default = "https://avatar.tangled.sh";
188
+
description = "Avatar service host URL";
195
+
default = "https://plc.directory";
196
+
description = "PLC directory URL";
203
+
default = "https://tngl.sh";
204
+
description = "PDS host URL";
209
+
defaults = mkOption {
210
+
type = types.listOf types.str;
212
+
"at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/wontfix"
213
+
"at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/good-first-issue"
214
+
"at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/duplicate"
215
+
"at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/documentation"
216
+
"at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/assignee"
218
+
description = "Default label definitions";
221
+
goodFirstIssue = mkOption {
223
+
default = "at://did:plc:wshs7t2adsemcrrd4snkeqli/sh.tangled.label.definition/good-first-issue";
224
+
description = "Good first issue label definition";
environmentFile = mkOption {
type = with types; nullOr path;
28
-
example = "/etc-/appview.env";
231
+
example = "/etc/appview.env";
Additional environment file as defined in {manpage}`systemd.exec(5)`.
32
-
Sensitive secrets such as {env}`TANGLED_COOKIE_SECRET` may be
33
-
passed to the service without makeing them world readable in the
235
+
Sensitive secrets such as {env}`TANGLED_COOKIE_SECRET`,
236
+
{env}`TANGLED_OAUTH_CLIENT_SECRET`, {env}`TANGLED_RESEND_API_KEY`,
237
+
{env}`TANGLED_CAMO_SHARED_SECRET`, {env}`TANGLED_AVATAR_SHARED_SECRET`,
238
+
{env}`TANGLED_REDIS_PASS`, {env}`TANGLED_PDS_ADMIN_SECRET`,
239
+
{env}`TANGLED_CLOUDFLARE_API_TOKEN`, {env}`TANGLED_CLOUDFLARE_ZONE_ID`,
240
+
{env}`TANGLED_CLOUDFLARE_TURNSTILE_SITE_KEY`,
241
+
{env}`TANGLED_CLOUDFLARE_TURNSTILE_SECRET_KEY`,
242
+
{env}`TANGLED_POSTHOG_API_KEY`, {env}`TANGLED_APP_PASSWORD`,
243
+
and {env}`TANGLED_ALT_APP_PASSWORD` may be passed to the service
244
+
without making them world readable in the nix store.
···
systemd.services.appview = {
description = "tangled appview service";
wantedBy = ["multi-user.target"];
50
-
after = ["redis-appview.service"];
259
+
after = ["redis-appview.service" "network-online.target"];
requires = ["redis-appview.service"];
261
+
wants = ["network-online.target"];
54
-
ListenStream = "0.0.0.0:${toString cfg.port}";
ExecStart = "${cfg.package}/bin/appview";
57
-
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
267
+
RestartSec = "10s";
268
+
EnvironmentFile = mkIf (cfg.environmentFile != null) cfg.environmentFile;
271
+
StateDirectory = "appview";
272
+
WorkingDirectory = "/var/lib/appview";
274
+
# security hardening
275
+
NoNewPrivileges = true;
277
+
ProtectSystem = "strict";
278
+
ProtectHome = true;
279
+
ReadWritePaths = ["/var/lib/appview"];
61
-
TANGLED_DB_PATH = "appview.db";
283
+
TANGLED_DB_PATH = cfg.dbPath;
284
+
TANGLED_LISTEN_ADDR = cfg.listenAddr;
285
+
TANGLED_APPVIEW_HOST = cfg.appviewHost;
286
+
TANGLED_APPVIEW_NAME = cfg.appviewName;
287
+
TANGLED_DEV = if cfg.dev then "true" else "false";
288
+
} // optionalAttrs (cfg.disallowedNicknamesFile != null) {
289
+
TANGLED_DISALLOWED_NICKNAMES_FILE = cfg.disallowedNicknamesFile;
291
+
TANGLED_REDIS_ADDR = cfg.redis.addr;
292
+
TANGLED_REDIS_DB = toString cfg.redis.db;
294
+
TANGLED_JETSTREAM_ENDPOINT = cfg.jetstream.endpoint;
296
+
TANGLED_KNOTSTREAM_RETRY_INTERVAL = cfg.knotstream.retryInterval;
297
+
TANGLED_KNOTSTREAM_MAX_RETRY_INTERVAL = cfg.knotstream.maxRetryInterval;
298
+
TANGLED_KNOTSTREAM_CONNECTION_TIMEOUT = cfg.knotstream.connectionTimeout;
299
+
TANGLED_KNOTSTREAM_WORKER_COUNT = toString cfg.knotstream.workerCount;
300
+
TANGLED_KNOTSTREAM_QUEUE_SIZE = toString cfg.knotstream.queueSize;
302
+
TANGLED_SPINDLESTREAM_RETRY_INTERVAL = cfg.spindlestream.retryInterval;
303
+
TANGLED_SPINDLESTREAM_MAX_RETRY_INTERVAL = cfg.spindlestream.maxRetryInterval;
304
+
TANGLED_SPINDLESTREAM_CONNECTION_TIMEOUT = cfg.spindlestream.connectionTimeout;
305
+
TANGLED_SPINDLESTREAM_WORKER_COUNT = toString cfg.spindlestream.workerCount;
306
+
TANGLED_SPINDLESTREAM_QUEUE_SIZE = toString cfg.spindlestream.queueSize;
308
+
TANGLED_RESEND_SENT_FROM = cfg.resend.sentFrom;
310
+
TANGLED_POSTHOG_ENDPOINT = cfg.posthog.endpoint;
312
+
TANGLED_CAMO_HOST = cfg.camo.host;
314
+
TANGLED_AVATAR_HOST = cfg.avatar.host;
316
+
TANGLED_PLC_URL = cfg.plc.url;
318
+
TANGLED_PDS_HOST = cfg.pds.host;
320
+
TANGLED_LABEL_DEFAULTS = concatStringsSep "," cfg.label.defaults;
321
+
TANGLED_LABEL_GFI = cfg.label.goodFirstIssue;
anirudh.fi