diff --git a/.sops.yaml b/.sops.yaml index 77fba33..6d6a09f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,6 @@ keys: &all - &op_noe age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - &op_noe_2 age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp - &op_noe_3 age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 - - &m_thonkpad age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s - &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 - &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 @@ -17,13 +16,6 @@ creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: *all - - path_regex: secrets/thonkpad/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - age: - - *op_noe - - *op_noe_2 - - *op_noe_3 - - *m_thonkpad - path_regex: secrets/work-mac/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: diff --git a/flake.lock b/flake.lock index ae47272..e0c816f 100644 --- a/flake.lock +++ b/flake.lock @@ -302,6 +302,24 @@ "type": "github" } }, + "iceshrimp": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1709197042, + "narHash": "sha256-EXTZ6H6+Pm/1wqdeijVkasXJFgvFN5fiCW6+S5pqNWA=", + "ref": "refs/heads/dev", + "rev": "04f8a479f1d80ae436246dfda3ebb1fcd4ded1e6", + "revCount": 42, + "type": "git", + "url": "https://iceshrimp.dev/iceshrimp/packaging" + }, + "original": { + "type": "git", + "url": "https://iceshrimp.dev/iceshrimp/packaging" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -341,7 +359,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1711375484, @@ -476,6 +494,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1700108881, + "narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1711231723, "narHash": "sha256-dARJQ8AJOv6U+sdRePkbcVyVbXJTi1tReCrkkOeusiA=", @@ -491,7 +525,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1711163522, "narHash": "sha256-YN/Ciidm+A0fmJPWlHBGvVkcarYWSC+s3NTPk/P+q3c=", @@ -507,7 +541,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1711200738, "narHash": "sha256-dkJmk/ET/tRV4007O6kU101UEg1svUwiyk/zEEX9Tdg=", @@ -604,8 +638,9 @@ "darwin": "darwin", "doll-repair": "doll-repair", "home-manager": "home-manager", + "iceshrimp": "iceshrimp", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "nixvim": "nixvim", @@ -632,7 +667,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { diff --git a/flake.nix b/flake.nix index 7bf5e7a..570e836 100644 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,9 @@ # Pro gamer move nixos-generators.url = "github:nix-community/nixos-generators"; + # Iceshrimpy + iceshrimp.url = "git+https://iceshrimp.dev/iceshrimp/packaging"; + # Self noe-sh = { url = "git+https://codeberg.org/noe/personal-site"; diff --git a/nixos/hosts/ingress-proxy/default.nix b/nixos/hosts/ingress-proxy/default.nix index 0bd9707..20193b7 100644 --- a/nixos/hosts/ingress-proxy/default.nix +++ b/nixos/hosts/ingress-proxy/default.nix @@ -24,6 +24,13 @@ in { ps2l_saerro.servers."${tsHost "ps2live" 8101}" = {}; ps2l_aggpop.servers."${tsHost "ps2live" 8201}" = {}; ps2l_metagame.servers."${tsHost "ps2live" 8301}" = {}; + pdr.servers."${tsHost "porcelain-doll-repair" 3000 }" = {}; + }; + + proxyCachePath."pdr" = { + enable = true; + keysZoneSize = "16m"; + inactive = "720m"; }; virtualHosts = let @@ -44,7 +51,7 @@ in { } // defaultConfig; placeholder = { locations."=/" = { - alias = pkgs.writeText "placeholder.html" "empty space -- this site is non-functional"; + root = pkgs.writeText "placeholder.html" "empty space -- this site is non-functional"; extraConfig = '' default_type text/plain; ''; @@ -80,7 +87,21 @@ in { }; "doll.repair" = static { src = flakePackage "doll-repair"; }; - "porcelain.doll.repair" = placeholder; + "porcelain.doll.repair" = { + clientMaxBodySize = "150m"; + + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://pdr"; + proxyWebsockets = true; + extraConfig = '' + proxy_cache pdr; + proxy_cache_lock on; + proxy_cache_use_stale updating; + add_header X-Cache $upstream_cache_status; + ''; + }; + } // defaultConfig; }; }; diff --git a/nixos/hosts/porcelain-doll-repair/default.nix b/nixos/hosts/porcelain-doll-repair/default.nix index e51ceef..b6fa550 100644 --- a/nixos/hosts/porcelain-doll-repair/default.nix +++ b/nixos/hosts/porcelain-doll-repair/default.nix @@ -1,15 +1,19 @@ -{ ... }: { +{ inputs, ... }: { imports = [ ../../templates/proxmox-lxc.nix ../../server.nix ../../features/dns-cache.nix ../../features/telemetry - + inputs.iceshrimp.nixosModules.iceshrimp ]; networking.hostName = "porcelain-doll-repair"; system.stateVersion = "24.05"; nixpkgs.hostPlatform = "x86_64-linux"; - + services.iceshrimp = { + enable = true; + url = "https://porcelain.doll.repair"; + createDb = true; + }; } diff --git a/secrets/porcelain-doll-repair/default.yaml b/secrets/porcelain-doll-repair/default.yaml new file mode 100644 index 0000000..2833f49 --- /dev/null +++ b/secrets/porcelain-doll-repair/default.yaml @@ -0,0 +1,48 @@ +db_password: ENC[AES256_GCM,data:mS22Lwrbv9WdeC7pPxnHKtJAzugTG1ZxuiNhcfZxBdo=,iv:BP5DgMFjciL/OQgi6SFaClmKOc4CMzpZeGGeAKoV2zw=,tag:EC8KlPHzSSkNUHcZTLlh5A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eklWOEpMclFwUlNJcE5D + OUhSSkQzc3ZvSXJNelJvMmpOT2lKd0ZSKzI4CnBjRjBLOFZZS2N4TjdpZzZCa1NE + SlNNOHpvQndYa3lLVkFhM0dzL1VRTkUKLS0tIHVaZXdEVUxmbVpiWHIzdkVkM2k0 + T3hQeEMySlMrSHcvKzQ4S2NTZ1FEQTQKgbB9GubzNao7YhYOLDZNTelyKuY9cdAE + 32cJFBlYtoR46lCt61AG/jFI30/CErEz3O6rxLEtSg9H0gz3kNfI+Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNEI5MkNBNFcwa1l5YWlx + NGRPTkc2TGVlVE1HV0M4VzFpbFVTN2o4R3dRCnFEYTJIRU10TThHQUo5S0pyK2tm + MVhXUGIxZEpRWkkwQURsZFVoZnJnbFEKLS0tIGphaHhtQldNMUwrMkFQU0FuUEEz + OUloSVc5akdXMHZYVFVKQkJVTllrUHcKwbuu0HxxPIACo6lzxX4vvgjlpaVpJybB + izfbI9/3FEPDiuwLNdlb/CCF17eFHjWm7v/x/OaiZFfzus8Bb0/I9w== + -----END AGE ENCRYPTED FILE----- + - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOGkzNHJlbG9xcFA2akRR + UmtRaVBvdkFuYjFuMmJJWDJ3Z3l5SG5DZGx3CkFOZDBndFNXYldPeGQ3Mk9Ub0JP + WGo0dm1UbGJibXp2UDFPSGF6MjU4bFUKLS0tIC9IZkFiV1pNS3ZGRjZqcStuRE0y + a1BTT1dKVk1zWGJxdzUvVUNuS2xKb3cKlTJOIOgY91vkGrbLjrg2tQFtGEj96r3u + jeZ3DWjnw16ypv+Ls+oPngjPw9p9I4ZNXdoPRh2c8LEX2pZIyBC5jA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1j9j6retzrs73wy45hnlwj06mk9puasegmwwux3zg4pyal3zz69tqug5kaz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQno0RUtIWmFhOUpGZ1VH + ZldFNEltRllyNGVtOHJFL1NQb1U1OEd5aUQ4CllrL0FHSFc1dCtBWjl2VmVnbjNU + WjU3N0Z3VHJvRHptQ1UxWEpBWUFOYTQKLS0tIG82anZiZW9mTFRMUGpsWVpjemFV + RVZDSGR5aVVLcXhXTzBlcmlVZG9IdlkK0CMnS7EScoIWjTOu8xyqFBkwG6Jfjaln + QMMAv2KuCE2jFzW5+hYrq7r1Yu17MGaVXwx46ZViVt9vN5nP8n30ZA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-26T03:28:17Z" + mac: ENC[AES256_GCM,data:5/4sJXjRmMCRZ/NOVcdHEej7kTL/32DDjIHteE6af//kd8W7Dpa2bnCnlHlPz7Bzuz+92Za+BHr+Pggc6XxqNnULbA9EIea+34l+guk0i3EgVnyzzEMPmd22YSXz+MF0yu+wf71B70yOPWB2akBw/74uC4n76XY6WBt2e4ASC/o=,iv:wHfl197j+iQXPSGT+9iiUFlZ54p+YM72mdqGRLTDET4=,tag:kVWq7fb650kCNlFnYxAdVg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1