From 1dfa8f78441cdaf6460bd6696ab6583a9c1f2e81 Mon Sep 17 00:00:00 2001
From: Skyler Grey <minion@freshlybakedca.ke>
Date: Sun, 21 Sep 2025 19:12:02 +0000
Subject: [PATCH] feat: upgrade pds
Change-Id: skzxlxrvssppuoyyxkpqprvwspmrzluw

We want to add some patches to our PDS to enable SSO - and those patches
need us to be on a later version. Therefore, let's upgrade!

bluesky-pds is packaged in a rather interesting way
- The vast majority of the code is in a different repo which is normally
  fetched with pnpm - we need to twist stuff so that we build it with
  nix
---
 packetmix/npins/sources.json               | 13 +++
 packetmix/packages/bluesky-pds/default.nix | 96 ++++++++++++++++++++++
 packetmix/packages/default.nix             |  1 +
 packetmix/systems/teal/pds.nix             | 13 ++-
 4 files changed, 122 insertions(+), 1 deletion(-)
 create mode 100644 packetmix/packages/bluesky-pds/default.nix

diff --git a/packetmix/npins/sources.json b/packetmix/npins/sources.json
index 27b16070..45ae331d 100644
--- a/packetmix/npins/sources.json
+++ b/packetmix/npins/sources.json
@@ -52,6 +52,19 @@
       "url": "https://github.com/beancount/smart_importer/archive/d288eb31c580883491294c5e6c0abb4962f16e79.tar.gz",
       "hash": "sha256-1hE/2za1grfCeo1UK81dpLL/JkiLgaRYqLtF09mbDHc="
     },
+    "bluesky-atproto": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "bluesky-social",
+        "repo": "atproto"
+      },
+      "branch": "main",
+      "submodules": false,
+      "revision": "d91988fe79030b61b556dd6f16a46f0c3b9d0b44",
+      "url": "https://github.com/bluesky-social/atproto/archive/d91988fe79030b61b556dd6f16a46f0c3b9d0b44.tar.gz",
+      "hash": "sha256-KCnhgyWiA6kBlQCIEEPHGYDxgkPn5/WIwxlfeShugG0="
+    },
     "catppuccin": {
       "type": "Git",
       "repository": {
diff --git a/packetmix/packages/bluesky-pds/default.nix b/packetmix/packages/bluesky-pds/default.nix
new file mode 100644
index 00000000..3aa09217
--- /dev/null
+++ b/packetmix/packages/bluesky-pds/default.nix
@@ -0,0 +1,96 @@
+# SPDX-FileCopyrightText: 2003-2025 Eelco Dolstra and the Nixpkgs/NixOS contributors
+# SPDX-FileCopyrightText: 2025 FreshlyBakedCake
+#
+# SPDX-License-Identifier: MIT
+
+{ config, ... }:
+{
+  config.packages.bluesky-atproto-pds = {
+    systems = [ "x86_64-linux" ];
+    package =
+      {
+        system,
+        stdenv,
+        nodejs,
+        pnpm_9,
+        lib,
+        srcOnly,
+        python3,
+        ...
+      }:
+      let
+        nodeSources = srcOnly nodejs;
+        pythonEnv = python3.withPackages (p: [ p.setuptools ]);
+      in
+      stdenv.mkDerivation (finalAttrs: {
+        pname = "bluesky-atproto";
+        version = config.inputs.bluesky-atproto.src.revision;
+
+        src = config.inputs.bluesky-atproto.src;
+
+        nativeBuildInputs = [
+          nodejs
+          pnpm_9.configHook
+          pythonEnv
+        ];
+
+        pnpmDeps = pnpm_9.fetchDeps {
+          inherit (finalAttrs) pname version src;
+          fetcherVersion = 2;
+          hash = "sha256-AwwlG9ZjAc0TWavM7pOJE77Owfxw+3xjMjfjpJ9z54I=";
+        };
+
+        buildPhase = ''
+          runHook preBuild
+
+          pnpm build
+
+          # copied from nixpkgs to fix better-sqlite3 missing bindings error:
+          pushd ./node_modules/.pnpm/better-sqlite3@10.0.0/node_modules/better-sqlite3
+          npm run build-release --offline --nodedir="${nodeSources}"
+          find build -type f -exec remove-references-to -t "${nodeSources}" {} \;
+          popd
+
+          pushd ./node_modules/.pnpm/better-sqlite3@9.6.0/node_modules/better-sqlite3
+          npm run build-release --offline --nodedir="${nodeSources}"
+          find build -type f -exec remove-references-to -t "${nodeSources}" {} \;
+          popd
+
+          runHook postBuild
+        '';
+
+        installPhase = ''
+          runHook preInstall
+
+          mkdir -p $out
+
+          cp -r interop-test-files $out
+          cp -r node_modules $out
+          cp -r packages $out
+          cp -r services $out
+
+          mkdir -p $out/lib/@atproto
+          ln -s $out/packages/pds $out/lib/@atproto/pds
+
+          runHook postInstall
+        '';
+      });
+  };
+  config.packages.bluesky-pds = {
+    systems = [ "x86_64-linux" ];
+    package =
+      {
+        system,
+        ...
+      }:
+      config.inputs.nixos-unstable.result.${system}.bluesky-pds.overrideAttrs (prevAttrs: {
+        postBuild = ''
+          rm -r node_modules/.pnpm/@atproto+pds@0.4.169
+          mkdir -p node_modules/.pnpm/@atproto+pds@0.4.169
+          ln -s ${
+            config.packages.bluesky-atproto-pds.result.${system}
+          }/lib node_modules/.pnpm/@atproto+pds@0.4.169/node_modules
+        '';
+      });
+  };
+}
diff --git a/packetmix/packages/default.nix b/packetmix/packages/default.nix
index 5392289c..7b6a30a8 100644
--- a/packetmix/packages/default.nix
+++ b/packetmix/packages/default.nix
@@ -8,6 +8,7 @@
     ./beancount-beancount_plugin_utils
     ./beancount-beancount_share
     ./beancount-smart_importer
+    ./bluesky-pds
     ./collabora-gtimelog
     ./headscale
     ./jujutsu
diff --git a/packetmix/systems/teal/pds.nix b/packetmix/systems/teal/pds.nix
index 1b604253..b606517e 100644
--- a/packetmix/systems/teal/pds.nix
+++ b/packetmix/systems/teal/pds.nix
@@ -2,9 +2,20 @@
 #
 # SPDX-License-Identifier: MIT
 
+{ project, pkgs, system, ... }:
 {
-  services.pds = {
+  disabledModules = [ "services/web-apps/pds.nix" ];
+  imports = [ "${project.inputs.nixos-unstable.src}/nixos/modules/services/web-apps/bluesky-pds.nix" ];
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      bluesky-pdsadmin = final.pdsadmin;
+    })
+  ];
+
+  services.bluesky-pds = {
     enable = true;
+    package = project.packages.bluesky-pds.result.${system};
     settings = {
       PDS_HOSTNAME = "pds.freshly.space";
       PDS_PORT = 1033;
-- 
2.43.0