commit edc75500da5e4c5c6900e508154f2de27129d025 · ptr.pet/ark

+2 -2

flake.lock

···

       100
       100
        
               "systems": "systems_2"

     

       101
       101
        
             },

     

       102
       102
        
             "locked": {

     

       103
       103
       -
               "lastModified": 1731969219,

     

       104
       104
       -
               "narHash": "sha256-FkzplQ6ro4XeiPzm6tOY4zhI4Tw/iwQ/nOQU+f3biLk=",

     

       103
       103
       +
               "lastModified": 1733266129,

     

       104
       104
       +
               "narHash": "sha256-ez4R0WpHSZ5mVit5uh5qiQ/ljpkhh7fQZDiQkHL/rCc=",

     

       105
       105
        
               "type": "tarball",

     

       106
       106
        
               "url": "https://git.gaze.systems/gazesys/website/releases/download/latest/source.tgz"

     

       107
       107
        
             },

+8 -1

hosts/wolumonde/modules/secrets.nix

···

       1
       1
       -
       {

     

       1
       1
       +
       {lib, ...}: {

     

       2
       2
        
         age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;

     

       3
       3
        
         age.secrets.wgWolumondeKey = {

     

       4
       4
        
           file = ../../../secrets/wgWolumondeKey.age;

     
···

       10
       10
        
         age.secrets.tmodloaderServerPass.file = ../../../secrets/tmodloaderServerPass.age;

     

       11
       11
        
         age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;

     

       12
       12
        
         age.secrets.giteaActRunnerToken.file = ../../../secrets/giteaActRunnerToken.age;

     

       13
       13
       +
         age.secrets.xrayConfig = {

     

       14
       14
       +
           name = "xrayConfig.json";

     

       15
       15
       +
           file = ../../../secrets/xrayConfig.age;

     

       16
       16
       +
           mode = "600";

     

       17
       17
       +
           # owner = "xray";

     

       18
       18
       +
           # group = "xray";

     

       19
       19
       +
         };

     

       13
       20
        
       }

+23

hosts/wolumonde/modules/xray.disabled

···

       1
       1
       +
       {lib, config, ...}: {

     

       2
       2
       +
         services.xray = {

     

       3
       3
       +
           enable = true;

     

       4
       4
       +
           settingsFile = config.age.secrets.xrayConfig.path;

     

       5
       5
       +
         };

     

       6
       6
       +
         users.groups.xray = {};

     

       7
       7
       +
         users.users.xray = {

     

       8
       8
       +
           group = "xray";

     

       9
       9
       +
           isSystemUser = true;

     

       10
       10
       +
         };

     

       11
       11
       +
         systemd.services.xray.serviceConfig = {

     

       12
       12
       +
           User = "xray";

     

       13
       13
       +
           Group = "xray";

     

       14
       14
       +
           DynamicUser = lib.mkForce false;

     

       15
       15
       +
           RuntimeDirectory = "xray";

     

       16
       16
       +
           ProtectSystem = "strict";

     

       17
       17
       +
           ProtectHome = "read-only";

     

       18
       18
       +
           PrivateTmp = "yes";

     

       19
       19
       +
           RemoveIPC = "yes";

     

       20
       20
       +
         };

     

       21
       21
       +
         networking.firewall.allowedUDPPorts = [1080];

     

       22
       22
       +
         networking.firewall.allowedTCPPorts = [1080];

     

       23
       23
       +
       }

+1

secrets/secrets.nix

···

       11
       11
        
         "tmodloaderServerPass.age".publicKeys = [yusdacra wolumonde];

     

       12
       12
        
         "websiteConfig.age".publicKeys = [yusdacra wolumonde];

     

       13
       13
        
         "giteaActRunnerToken.age".publicKeys = [yusdacra wolumonde];

     

       14
       14
       +
         "xrayConfig.age".publicKeys = [yusdacra wolumonde];

     

       14
       15
        
       }

secrets/xrayConfig.age

This is a binary file and will not be displayed.