awawa

2025-05-01 12:17:18 -07:00 · 2025-05-01 12:17:18 -07:00 · 5bb0e81fa5
commit 5bb0e81fa5
parent 0d6afe0b3f
4 changed files with 41 additions and 20 deletions
--- a/flake.lock
+++ b/flake.lock
@ -331,11 +331,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745810134,
-        "narHash": "sha256-WfnYH/i7DFzn4SESQfWviXiNUZjohZhzODqLwKYHIPI=",
+        "lastModified": 1746040799,
+        "narHash": "sha256-osgPX/SzIpkR50vev/rqoTEAVkEcOWXoQXmbzsaI4KU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "be7cf1709b469a2a2c62169172a167d1fed3509f",
+        "rev": "5f217e5a319f6c186283b530f8c975e66c028433",
        "type": "github"
      },
      "original": {
@ -523,11 +523,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1745503349,
-        "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
+        "lastModified": 1745955289,
+        "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
+        "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b",
        "type": "github"
      },
      "original": {
@ -642,11 +642,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1745820364,
-        "narHash": "sha256-dszf++6yKpgVEmNLUWX3cKX2XicAC17sGpGnXrUP7Tk=",
+        "lastModified": 1746126702,
+        "narHash": "sha256-FyNfRI3HU2bzNvgGrEjj0XcKpDuUvOINyYOaA3oCZ7M=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "7327564431a1d9c8ee886357c55023a389ed7d97",
+        "rev": "91c5ad6583b95460619d18943b5df35498c56a51",
        "type": "github"
      },
      "original": {
@ -658,11 +658,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1745742390,
-        "narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
+        "lastModified": 1746055187,
+        "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
+        "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5",
        "type": "github"
      },
      "original": {
@ -674,11 +674,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1745526057,
-        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
+        "lastModified": 1745930157,
+        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
+        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
        "type": "github"
      },
      "original": {
@ -754,11 +754,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1745526057,
-        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
+        "lastModified": 1745930157,
+        "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
+        "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
        "type": "github"
      },
      "original": {
--- a/nixos/hosts/dis-sociat-ing/.flags
+++ b/nixos/hosts/dis-sociat-ing/.flags
@ -1 +1 @@
--option sandbox false
+--no-write-lock-file
--- a/nixos/hosts/ingress-proxy/default.nix
+++ b/nixos/hosts/ingress-proxy/default.nix
@ -33,6 +33,7 @@ in rec {
      ps2l_aggpop.servers."${tsHost "ps2live" 8201}" = {};
      ps2l_metagame.servers."${tsHost "ps2live" 8301}" = {};
      ps2l_plapkit.servers."${tsHost "ps2live" 8555}" = {};
+      ps2l_switcheroo.servers."${tsHost "ps2live" 8666}" = {};
      pdr.servers."${tsHost "porcelain-doll-repair" 3000}" = {};
      dsi.servers."${tsHost "dis-sociat-ing" 3000}" = {};
      se.servers."${tsHost "sapphic-engineer" 4000}" = {};
@ -73,6 +74,22 @@ in rec {
        enableACME = true;
      };

+      internalConfig = {
+        listen = lib.mkForce [
+          { addr = "0.0.0.0"; port = 80; }
+          { addr = "[::]"; port = 80; }
+        ];
+        http2 = lib.mkForce false;
+        http3 = lib.mkForce false;
+        forceSSL = lib.mkForce false;
+        enableACME = lib.mkForce false;
+        extraConfig = ''
+          allow 100.64.0.0/10;
+          allow fd7a:115c:a1e0::/48;
+          deny all;
+        '';
+      };
+
      staticSite = {
        locations."/" = {
          proxyPass = "http://staticsites";
@ -105,6 +122,7 @@ in rec {
      "saerro.ps2.live" = ps2live "saerro";
      "metagame.ps2.live" = ps2live "metagame";
      "i-pk.noe.sh" = ps2live "plapkit";
+      "sw.doll" = ps2live "switcheroo" // internalConfig;

      "proxy.ps2.live" = {
        locations."/" = {
@ -114,8 +132,9 @@ in rec {
        };
        extraConfig = ''
          allow 127.0.0.1;
-          allow 100.64.0.0/10;
          allow 10.0.0.0/8;
+          allow 100.64.0.0/10;
+          allow fd7a:115c:a1e0::/48;
          allow 15.204.161.37; 
          allow 172.13.181.252; 
          allow 162.197.1.49;
@ -139,6 +158,7 @@ in rec {
          allow 162.197.1.49;
          allow 2600:1700:6850:2300::/64;
          allow 2600:1700:5890:ee2f::/64;
+          allow fd7a:115c:a1e0::/48;
          deny all;
        '';
      } // defaultConfig;
--- a/nixos/hosts/sapphic-engineer/.flags
+++ b/nixos/hosts/sapphic-engineer/.flags
@ -0,0 +1 @@
+--no-write-lock-file