noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

porcelain-doll-repair w/ shrimpy

Browse source
This commit is contained in:
41666 2024-03-25 23:40:09 -04:00
parent bee3240fbf
commit 1cfd600738
6 changed files with 121 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -2,7 +2,6 @@ keys: &all
- &op_noe age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - &op_noe age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
- &op_noe_2 age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp - &op_noe_2 age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
- &op_noe_3 age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 - &op_noe_3 age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
- &m_thonkpad age1f5cqspxexkl8f42v5ne47mx6xmm4v00lafdlslq9g79a508e4p9qrku72s
- &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 - &m_work-mac age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
- &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - &m_cider age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
- &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 - &m_aerial age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
@ -17,13 +16,6 @@ creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: *all - age: *all
- path_regex: secrets/thonkpad/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_thonkpad
- path_regex: secrets/work-mac/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/work-mac/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:

45
flake.lock generated
View file

@ -302,6 +302,24 @@
"type": "github" "type": "github"
} }
}, },
"iceshrimp": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1709197042,
"narHash": "sha256-EXTZ6H6+Pm/1wqdeijVkasXJFgvFN5fiCW6+S5pqNWA=",
"ref": "refs/heads/dev",
"rev": "04f8a479f1d80ae436246dfda3ebb1fcd4ded1e6",
"revCount": 42,
"type": "git",
"url": "https://iceshrimp.dev/iceshrimp/packaging"
},
"original": {
"type": "git",
"url": "https://iceshrimp.dev/iceshrimp/packaging"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -341,7 +359,7 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1711375484, "lastModified": 1711375484,
@ -476,6 +494,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1700108881,
"narHash": "sha256-+Lqybl8kj0+nD/IlAWPPG/RDTa47gff9nbei0u7BntE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7414e9ee0b3e9903c24d3379f577a417f0aae5f1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1711231723, "lastModified": 1711231723,
"narHash": "sha256-dARJQ8AJOv6U+sdRePkbcVyVbXJTi1tReCrkkOeusiA=", "narHash": "sha256-dARJQ8AJOv6U+sdRePkbcVyVbXJTi1tReCrkkOeusiA=",
@ -491,7 +525,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1711163522, "lastModified": 1711163522,
"narHash": "sha256-YN/Ciidm+A0fmJPWlHBGvVkcarYWSC+s3NTPk/P+q3c=", "narHash": "sha256-YN/Ciidm+A0fmJPWlHBGvVkcarYWSC+s3NTPk/P+q3c=",
@ -507,7 +541,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1711200738, "lastModified": 1711200738,
"narHash": "sha256-dkJmk/ET/tRV4007O6kU101UEg1svUwiyk/zEEX9Tdg=", "narHash": "sha256-dkJmk/ET/tRV4007O6kU101UEg1svUwiyk/zEEX9Tdg=",
@ -604,8 +638,9 @@
"darwin": "darwin", "darwin": "darwin",
"doll-repair": "doll-repair", "doll-repair": "doll-repair",
"home-manager": "home-manager", "home-manager": "home-manager",
"iceshrimp": "iceshrimp",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
@ -632,7 +667,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {

3
flake.nix
View file

@ -34,6 +34,9 @@
# Pro gamer move # Pro gamer move
nixos-generators.url = "github:nix-community/nixos-generators"; nixos-generators.url = "github:nix-community/nixos-generators";
# Iceshrimpy
iceshrimp.url = "git+https://iceshrimp.dev/iceshrimp/packaging";
# Self # Self
noe-sh = { noe-sh = {
url = "git+https://codeberg.org/noe/personal-site"; url = "git+https://codeberg.org/noe/personal-site";

25
nixos/hosts/ingress-proxy/default.nix
View file

@ -24,6 +24,13 @@ in {
ps2l_saerro.servers."${tsHost "ps2live" 8101}" = {}; ps2l_saerro.servers."${tsHost "ps2live" 8101}" = {};
ps2l_aggpop.servers."${tsHost "ps2live" 8201}" = {}; ps2l_aggpop.servers."${tsHost "ps2live" 8201}" = {};
ps2l_metagame.servers."${tsHost "ps2live" 8301}" = {}; ps2l_metagame.servers."${tsHost "ps2live" 8301}" = {};
pdr.servers."${tsHost "porcelain-doll-repair" 3000 }" = {};
};
proxyCachePath."pdr" = {
enable = true;
keysZoneSize = "16m";
inactive = "720m";
}; };
virtualHosts = let virtualHosts = let
@ -44,7 +51,7 @@ in {
} // defaultConfig; } // defaultConfig;
placeholder = { placeholder = {
locations."=/" = { locations."=/" = {
alias = pkgs.writeText "placeholder.html" "empty space -- this site is non-functional"; root = pkgs.writeText "placeholder.html" "empty space -- this site is non-functional";
extraConfig = '' extraConfig = ''
default_type text/plain; default_type text/plain;
''; '';
@ -80,7 +87,21 @@ in {
}; };
"doll.repair" = static { src = flakePackage "doll-repair"; }; "doll.repair" = static { src = flakePackage "doll-repair"; };
"porcelain.doll.repair" = placeholder; "porcelain.doll.repair" = {
clientMaxBodySize = "150m";
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://pdr";
proxyWebsockets = true;
extraConfig = ''
proxy_cache pdr;
proxy_cache_lock on;
proxy_cache_use_stale updating;
add_header X-Cache $upstream_cache_status;
'';
};
} // defaultConfig;
}; };
}; };

10
nixos/hosts/porcelain-doll-repair/default.nix
View file

@ -1,15 +1,19 @@
{ ... }: { { inputs, ... }: {
imports = [ imports = [
../../templates/proxmox-lxc.nix ../../templates/proxmox-lxc.nix
../../server.nix ../../server.nix
../../features/dns-cache.nix ../../features/dns-cache.nix
../../features/telemetry ../../features/telemetry
inputs.iceshrimp.nixosModules.iceshrimp
]; ];
networking.hostName = "porcelain-doll-repair"; networking.hostName = "porcelain-doll-repair";
system.stateVersion = "24.05"; system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
services.iceshrimp = {
enable = true;
url = "https://porcelain.doll.repair";
createDb = true;
};
} }

48
secrets/porcelain-doll-repair/default.yaml Normal file
View file

@ -0,0 +1,48 @@
db_password: ENC[AES256_GCM,data:mS22Lwrbv9WdeC7pPxnHKtJAzugTG1ZxuiNhcfZxBdo=,iv:BP5DgMFjciL/OQgi6SFaClmKOc4CMzpZeGGeAKoV2zw=,tag:EC8KlPHzSSkNUHcZTLlh5A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6eklWOEpMclFwUlNJcE5D
OUhSSkQzc3ZvSXJNelJvMmpOT2lKd0ZSKzI4CnBjRjBLOFZZS2N4TjdpZzZCa1NE
SlNNOHpvQndYa3lLVkFhM0dzL1VRTkUKLS0tIHVaZXdEVUxmbVpiWHIzdkVkM2k0
T3hQeEMySlMrSHcvKzQ4S2NTZ1FEQTQKgbB9GubzNao7YhYOLDZNTelyKuY9cdAE
32cJFBlYtoR46lCt61AG/jFI30/CErEz3O6rxLEtSg9H0gz3kNfI+Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNEI5MkNBNFcwa1l5YWlx
NGRPTkc2TGVlVE1HV0M4VzFpbFVTN2o4R3dRCnFEYTJIRU10TThHQUo5S0pyK2tm
MVhXUGIxZEpRWkkwQURsZFVoZnJnbFEKLS0tIGphaHhtQldNMUwrMkFQU0FuUEEz
OUloSVc5akdXMHZYVFVKQkJVTllrUHcKwbuu0HxxPIACo6lzxX4vvgjlpaVpJybB
izfbI9/3FEPDiuwLNdlb/CCF17eFHjWm7v/x/OaiZFfzus8Bb0/I9w==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwOGkzNHJlbG9xcFA2akRR
UmtRaVBvdkFuYjFuMmJJWDJ3Z3l5SG5DZGx3CkFOZDBndFNXYldPeGQ3Mk9Ub0JP
WGo0dm1UbGJibXp2UDFPSGF6MjU4bFUKLS0tIC9IZkFiV1pNS3ZGRjZqcStuRE0y
a1BTT1dKVk1zWGJxdzUvVUNuS2xKb3cKlTJOIOgY91vkGrbLjrg2tQFtGEj96r3u
jeZ3DWjnw16ypv+Ls+oPngjPw9p9I4ZNXdoPRh2c8LEX2pZIyBC5jA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j9j6retzrs73wy45hnlwj06mk9puasegmwwux3zg4pyal3zz69tqug5kaz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrQno0RUtIWmFhOUpGZ1VH
ZldFNEltRllyNGVtOHJFL1NQb1U1OEd5aUQ4CllrL0FHSFc1dCtBWjl2VmVnbjNU
WjU3N0Z3VHJvRHptQ1UxWEpBWUFOYTQKLS0tIG82anZiZW9mTFRMUGpsWVpjemFV
RVZDSGR5aVVLcXhXTzBlcmlVZG9IdlkK0CMnS7EScoIWjTOu8xyqFBkwG6Jfjaln
QMMAv2KuCE2jFzW5+hYrq7r1Yu17MGaVXwx46ZViVt9vN5nP8n30ZA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-26T03:28:17Z"
mac: ENC[AES256_GCM,data:5/4sJXjRmMCRZ/NOVcdHEej7kTL/32DDjIHteE6af//kd8W7Dpa2bnCnlHlPz7Bzuz+92Za+BHr+Pggc6XxqNnULbA9EIea+34l+guk0i3EgVnyzzEMPmd22YSXz+MF0yu+wf71B70yOPWB2akBw/74uC4n76XY6WBt2e4ASC/o=,iv:wHfl197j+iQXPSGT+9iiUFlZ54p+YM72mdqGRLTDET4=,tag:kVWq7fb650kCNlFnYxAdVg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1