server.nix/services/pds.nix

{ config, inputs, ... }: {
  services = {
    pds = {
      enable = true;
      pdsadmin.enable = true;

      environmentFiles = [
        "/etc/secrets/bluesky.env"
      ];
      settings = {
        PDS_PORT = 3001;
        PDS_HOSTNAME = "bsky.ee";

        #PDS_EMAIL_SMTP_URL = "smtps://bluesky@bsky.ee:password@mx1.sly.ee:465";
        PDS_EMAIL_FROM_ADDRESS = "bluesky@bsky.ee";

        PDS_CRAWLERS = "https://bsky.network,https://relay.cerulea.blue";
      };
    };

    caddy.virtualHosts."bsky.ee" = {
      extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
          resolvers 1.1.1.1
        }

        handle /xrpc/* {
          reverse_proxy :${toString config.services.pds.settings.PDS_PORT}
        }

        # https://github.com/mary-ext/atproto-scraping
        handle /xrpc/_health {
          respond {"version":":trollface:"}
        }

        handle /.well-known/* {
          reverse_proxy :${toString config.services.pds.settings.PDS_PORT}
        }

        root * ${inputs.bsky-website}
        file_server browse {
          hide .git
        }
      '';
      serverAliases = [ "*.bsky.ee" ];
    };

    borgbackup.jobs."borgbase".paths = [
      "/var/lib/pds"
    ];
  };
}