summary refs log tree commit diff
path: root/pkgs/bluesky/pds/package.nix
blob: 673a74b6b5f62b63e384caaf1fb87a9707db1087 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

# See: https://github.com/NixOS/nixpkgs/pull/350645
{
  fetchFromGitHub,
  nodejs,
  buildNpmPackage,
  vips,
  pkg-config,
  writeShellApplication,
  bash,
  xxd,
  openssl,
  nixosTests,
  lib,
}:

let
  generateSecrets = writeShellApplication {
    name = "generate-pds-secrets";

    runtimeInputs = [
      xxd
      openssl
    ];

    # Commands from https://github.com/bluesky-social/pds/blob/8b9fc24cec5f30066b0d0b86d2b0ba3d66c2b532/installer.sh
    text = ''
      echo "PDS_JWT_SECRET=$(openssl rand --hex 16)"
      echo "PDS_ADMIN_PASSWORD=$(openssl rand --hex 16)"
      echo "PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=$(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)"
    '';
  };
in

# NOTE: Package comes with `pnpm-lock.yaml` but we cannot use `pnpm.fetchDeps` here because it
# does not work with `sharp` NPM dependency that needs `vips` and `pkg-config`
# Regenerate `package-lock.json` with `npm i --package-lock-only`
# Next release should have bumped `sharp` with pre-built binaries
buildNpmPackage rec {
  pname = "pds";
  version = "0.4.67";

  src = fetchFromGitHub {
    owner = "bluesky-social";
    repo = "pds";
    rev = "v${version}";
    hash = "sha256-dEB5u++Zx+F4TH5q44AF/tuwAhLEyYT+U5/18viT4sw=";
  };

  sourceRoot = "${src.name}/service";

  npmDepsHash = "sha256-uQKhODaVHLj+JEq6LYiJ/zXuu7kDCLmpxOs/VCc0GqQ=";

  postPatch = ''
    cp ${./package-lock.json} package-lock.json
  '';

  # Required for `sharp` NPM dependency
  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ vips ];

  buildPhase = ''
    runHook preBuild

    makeWrapper "${lib.getExe nodejs}" "$out/bin/pds" \
      --add-flags --enable-source-maps                \
      --add-flags "$out/lib/pds/index.js"             \
      --set-default NODE_ENV production

    runHook postBuild
  '';

  installPhase = ''
    runHook preInstall

    mkdir -p $out/{bin,lib/pds}
    mv node_modules $out/lib/pds
    mv index.js $out/lib/pds

    runHook postInstall
  '';

  passthru = {
    inherit generateSecrets;
    tests = {
      inherit (nixosTests) pds;
    };
  };

  meta = {
    description = "Bluesky Personal Data Server (PDS)";
    homepage = "https://bsky.social";
    license = with lib.licenses; [
      mit
      asl20
    ];
    platforms = lib.platforms.unix;
    mainProgram = "pds";
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 16:35:37 +0000