From a8ddc2ef34b8313d32940cc1cbc873bf8708da04 Mon Sep 17 00:00:00 2001 From: Anish Lakhwara Date: Sun, 26 Apr 2026 16:24:59 -0700 Subject: [PATCH] Bump bluesky-pds to v0.4.219 and fix tangled service options The deployed PDS was on v0.4.182 with a 50 MB blob upload limit, causing upload failures for large images. Add an overlay that overrides bluesky-pds to v0.4.219 (the latest tag in the bluesky-social/pds repo, ahead of nixpkgs-unstable's 0.4.204) and set PDS_BLOB_UPLOAD_LIMIT explicitly to 100 MB. Also fix `services.tangled-{knot,spindle}` -> `services.tangled.{knot,spindle}` to match the option names exposed by the official tangled.org/@tangled.org/core flake we import. The hyphenated names came from an older third-party flake and have been causing every auto-update to fail since the tangled rev bumped on Apr 20. --- flake.nix | 86 +++++++++++++++++++++----------------- hosts/asusmini/atproto.nix | 39 +++++++---------- overlays/default.nix | 46 ++++++++++++++++++++ 3 files changed, 108 insertions(+), 63 deletions(-) create mode 100644 overlays/default.nix diff --git a/flake.nix b/flake.nix index cb66af4..ce80077 100644 --- a/flake.nix +++ b/flake.nix @@ -13,47 +13,55 @@ }; }; - outputs = { - self, - nixpkgs, - tangled, - agenix, - ... - } @ inputs: let - inherit (self) outputs; - in { - # Available through 'nixos-rebuild --flake .#your-hostname' - nixosConfigurations = { - asusmini = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs;}; - system = "x86_64-linux"; - modules = [ - ./hosts/asusmini - tangled.nixosModules.knot - tangled.nixosModules.spindle - agenix.nixosModules.default - ]; + outputs = + { + self, + nixpkgs, + tangled, + agenix, + ... + }@inputs: + let + inherit (self) outputs; + in + { + # Available through 'nixos-rebuild --flake .#your-hostname' + nixosConfigurations = { + asusmini = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + system = "x86_64-linux"; + modules = [ + ./hosts/asusmini + tangled.nixosModules.knot + tangled.nixosModules.spindle + agenix.nixosModules.default + { nixpkgs.overlays = [ (import ./overlays) ]; } + ]; + }; }; - }; - devShells = { - aarch64-darwin.default = let - pkgs = nixpkgs.legacyPackages.aarch64-darwin; - in pkgs.mkShell { - packages = [ - agenix.packages.aarch64-darwin.default - pkgs.dnscontrol - ]; - }; - - x86_64-linux.default = let - pkgs = nixpkgs.legacyPackages.x86_64-linux; - in pkgs.mkShell { - packages = [ - agenix.packages.x86_64-linux.default - pkgs.dnscontrol - ]; + devShells = { + aarch64-darwin.default = + let + pkgs = nixpkgs.legacyPackages.aarch64-darwin; + in + pkgs.mkShell { + packages = [ + agenix.packages.aarch64-darwin.default + pkgs.dnscontrol + ]; + }; + + x86_64-linux.default = + let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + in + pkgs.mkShell { + packages = [ + agenix.packages.x86_64-linux.default + pkgs.dnscontrol + ]; + }; }; }; - }; } diff --git a/hosts/asusmini/atproto.nix b/hosts/asusmini/atproto.nix index 38680e3..1e9ef7e 100644 --- a/hosts/asusmini/atproto.nix +++ b/hosts/asusmini/atproto.nix @@ -12,15 +12,24 @@ settings = { PDS_PORT = 5556; PDS_HOSTNAME = "pds.commonscomputer.com"; + # 100 MB blob upload limit (matches upstream default as of v0.4.219). + # Set explicitly so the limit is visible in our config rather than + # depending on whatever default the pinned nixpkgs module ships with. + PDS_BLOB_UPLOAD_LIMIT = "104857600"; # We can set a bunch of other things too # PDS_BSKY_APP_VIEW_URL # PDS_CRAWLERS - # PDS_BLOB_UPLOAD_LIMIT # Full list available here: https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts }; }; - services.tangled-spindle = { + # Note: the option namespace is `services.tangled.` (with a dot), + # not `services.tangled-` (with a dash). The dashed form was used + # by an older third-party `tangled-knot-nix` flake; the official monorepo + # at tangled.org/@tangled.org/core (which we import) uses the dotted form. + # See nix/modules/{knot,spindle}.nix in the tangled core flake for the + # full list of options. + services.tangled.spindle = { enable = true; server = { hostname = "spindle.commonscomputer.com"; @@ -28,30 +37,12 @@ }; }; - # stolen from https://tangled.org/@isuggest.selfce.st/tangled-knot-nix/blob/main/knot.nix - services.tangled-knot = { + services.tangled.knot = { enable = true; server = { - hostname = "knot.commonscomputer.com"; # put in the hostname where your knot can be accessed at. e.g. knot.a.tgirl.gay - owner = "did:plc:om5yygegi4yxcbay5gemn2wm"; # your did, must be did:plc: or did:web:. + hostname = "knot.commonscomputer.com"; + owner = "did:plc:om5yygegi4yxcbay5gemn2wm"; }; - # optional configuration options. the current value is the default provided to the knot server. - # appviewEndpoint = "https://tangled.sh"; # appview endpoint. - # gitUser = "git"; # user that hosts git repos and performs git operations. - # openFirewall = true; # open port 22 in the firewall for ssh. - # stateDir = "/home/${cfg.gitUser}"; # tangled knot data directory. - # repo = { - # scanPath = cfg.stateDir; # path where repositories are scanned from; - # mainBranch = "main"; # default branch name for repositories; - # }; - # motd = ""; # message of the day. the contents are shown as-is; eg. you will want to add a newline if setting a non-empty message since the knot won't do this for you. - # motdFile = null; # "file containing message of the day. the contents are shown as-is; eg. you will want to add a newline if setting a non-empty message since the knot won't do this for you." - # server = { - # listenAddr = "0.0.0.0:5555"; # address to listen on. - # internalListenAddr = "127.0.0.1:5444"; # internal address for inter-service communication. - # dbPath = "${cfg.stateDir}/knotserver.db"; # path to the database file. - # dev = false; # enable development mode (disables signature verification) - # }; }; services.caddy = { @@ -59,7 +50,7 @@ virtualHosts = { "knot.commonscomputer.com".extraConfig = '' reverse_proxy http://localhost:5555 - ''; + ''; "pds.commonscomputer.com".extraConfig = '' reverse_proxy http://localhost:5556 ''; diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..13463f0 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,46 @@ +# Nixpkgs overlay for commonscomputing +# +# Overlays modify the global pkgs set. Anything that references +# `pkgs.` (including NixOS service modules using `mkPackageOption`) +# automatically picks up our overrides without further config changes. +# +# Each override below should include a brief note about why we're overriding +# and when the override can be removed (e.g. when nixpkgs catches up). + +final: prev: { + # Override bluesky-pds to v0.4.219 (latest tag in bluesky-social/pds repo). + # + # As of 2026-04-26 nixpkgs-unstable ships 0.4.204. The deployed version on + # z-space (from our pinned flake.lock) is even older at 0.4.182. + # + # Notable changes between 0.4.182 and 0.4.219: + # - Default PDS_BLOB_UPLOAD_LIMIT doubled to 100 MB (commit cc0e9ac) + # - Rate limits enabled by default (PR #308) + # - Node bumped to v20.20 (commit 0ef7817) + # - pdsadmin account commands replaced with goat (PR #313) + # + # Remove this override once nixpkgs ships bluesky-pds >= 0.4.219. + bluesky-pds = prev.bluesky-pds.overrideAttrs (old: rec { + version = "0.4.219"; + + src = prev.fetchFromGitHub { + owner = "bluesky-social"; + repo = "pds"; + tag = "v${version}"; + hash = "sha256-zXNg1rtXN9qdTBvRlSiPlRu6k1Pv3T8nhROsEarev5U="; + }; + + sourceRoot = "${src.name}/service"; + + # pnpmDeps must be re-fetched whenever src changes because pnpm-lock.yaml + # may have changed. The hash below was computed by running a build with + # an empty hash and reading the correct one from the build failure. + pnpmDeps = prev.fetchPnpmDeps { + pname = "pds"; + inherit version src sourceRoot; + pnpm = prev.pnpm_9; + fetcherVersion = 2; + hash = "sha256-n7UurqgR15vu1yNRXCWTWpEU42xgqVVaKurIMvt3XYk="; + }; + }); +}