comparing 267f34a2e18332f1006d4e3e4af4dd8749f29b18 and terra on ptr.pet/ark

+4 -4

_sources/generated.json

···

       22
       22
        
           },

     

       23
       23
        
           "blog": {

     

       24
       24
        
               "cargoLocks": null,

     

       25
       25
       -
               "date": "2025-12-01",

     

       25
       25
       +
               "date": "2025-12-07",

     

       26
       26
        
               "extract": null,

     

       27
       27
        
               "name": "blog",

     

       28
       28
        
               "passthru": null,

     
···

       32
       32
        
                   "fetchSubmodules": false,

     

       33
       33
        
                   "leaveDotGit": false,

     

       34
       34
        
                   "name": null,

     

       35
       35
       -
                   "rev": "b42a0251ec0648d7f9dc0b3033811a5fa4168d39",

     

       36
       36
       -
                   "sha256": "sha256-uPNpQxAYAwXHrWCo2VncbjT6OJbAX80jFdcslu8q7dQ=",

     

       35
       35
       +
                   "rev": "ab573fb4fa69204bf3f891abb49205e6bf5b4c8f",

     

       36
       36
       +
                   "sha256": "sha256-Ee2NczojZbFfimKF51W6T0wCv3sNmdliPAKFetOJZ4I=",

     

       37
       37
        
                   "sparseCheckout": [],

     

       38
       38
        
                   "type": "git",

     

       39
       39
        
                   "url": "https://tangled.org/@ptr.pet/endpoint"

     

       40
       40
        
               },

     

       41
       41
       -
               "version": "b42a0251ec0648d7f9dc0b3033811a5fa4168d39"

     

       41
       41
       +
               "version": "ab573fb4fa69204bf3f891abb49205e6bf5b4c8f"

     

       42
       42
        
           },

     

       43
       43
        
           "clickee-proxy": {

     

       44
       44
        
               "cargoLocks": null,

+4 -4

_sources/generated.nix

···

       15
       15
        
         };

     

       16
       16
        
         blog = {

     

       17
       17
        
           pname = "blog";

     

       18
       18
       -
           version = "b42a0251ec0648d7f9dc0b3033811a5fa4168d39";

     

       18
       18
       +
           version = "ab573fb4fa69204bf3f891abb49205e6bf5b4c8f";

     

       19
       19
        
           src = fetchgit {

     

       20
       20
        
             url = "https://tangled.org/@ptr.pet/endpoint";

     

       21
       21
       -
             rev = "b42a0251ec0648d7f9dc0b3033811a5fa4168d39";

     

       21
       21
       +
             rev = "ab573fb4fa69204bf3f891abb49205e6bf5b4c8f";

     

       22
       22
        
             fetchSubmodules = false;

     

       23
       23
        
             deepClone = false;

     

       24
       24
        
             leaveDotGit = false;

     

       25
       25
        
             sparseCheckout = [ ];

     

       26
       26
       -
             sha256 = "sha256-uPNpQxAYAwXHrWCo2VncbjT6OJbAX80jFdcslu8q7dQ=";

     

       26
       26
       +
             sha256 = "sha256-Ee2NczojZbFfimKF51W6T0wCv3sNmdliPAKFetOJZ4I=";

     

       27
       27
        
           };

     

       28
       28
       -
           date = "2025-12-01";

     

       28
       28
       +
           date = "2025-12-07";

     

       29
       29
        
         };

     

       30
       30
        
         clickee-proxy = {

     

       31
       31
        
           pname = "clickee-proxy";

+70 -38

dns/dnsconfig.js

···

       1
       1
        
       var DSP_CLOUDFLARE = NewDnsProvider("cloudflare");

     

       2
       2
       +
       var DSP_BUNNY = NewDnsProvider("bunny_dns");

     

       2
       3
        
       var REG_NONE = NewRegistrar("none");

     

       3
       4
        
       

     

       4
       4
       -
       var WOLUMONDE_IP = "23.88.101.188";

     

       5
       5
       -
       var DZWONEK_IP = "94.237.26.47";

     

       6
       6
       -
       var TRIMOUNTS_IP = "159.195.58.28";

     

       5
       5
       +
       var DZWONEK_IP4 = "94.237.26.47";

     

       6
       6
       +
       var DZWONEK_IP6 = "2a04:3542:1000:910:6898:1dff:fea1:4b4b";

     

       7
       7
       +
       var DZWONEK_IPS = [DZWONEK_IP4, DZWONEK_IP6];

     

       8
       8
       +
       var TRIMOUNTS_IP4 = "159.195.58.28";

     

       9
       9
       +
       var TRIMOUNTS_IP6 = "2a0a:4cc0:c1:e83d::b00b";

     

       10
       10
       +
       var TRIMOUNTS_IPS = [TRIMOUNTS_IP4, TRIMOUNTS_IP6];

     

       11
       11
       +
       

     

       12
       12
       +
       function host(name, ips, opts) {

     

       13
       13
       +
           if (opts)

     

       14
       14
       +
               return [

     

       15
       15
       +
                   A(name, ips[0], opts),

     

       16
       16
       +
                   AAAA(name, ips[1], opts),

     

       17
       17
       +
               ];

     

       18
       18
       +
           else

     

       19
       19
       +
               return [

     

       20
       20
       +
                   A(name, ips[0]),

     

       21
       21
       +
                   AAAA(name, ips[1]),

     

       22
       22
       +
               ];

     

       23
       23
       +
       }

     

       24
       24
       +
       

     

       25
       25
       +
       function hosts(_names, ips, opts) {

     

       26
       26
       +
           var names = [];

     

       27
       27
       +
           if (typeof _names === "string")

     

       28
       28
       +
               names.push(_names);

     

       29
       29
       +
           else

     

       30
       30
       +
               names = _names;

     

       31
       31
       +
       

     

       32
       32
       +
           var records = [];

     

       33
       33
       +
           _.each(names, function (name) {

     

       34
       34
       +
               _.each(host(name, ips, opts), function (r) {

     

       35
       35
       +
                   records.push(r);

     

       36
       36
       +
               });

     

       37
       37
       +
           });

     

       38
       38
       +
           return records;

     

       39
       39
       +
       }

     

       40
       40
       +
       

     

       41
       41
       +
       function TRIMOUNTS(names, opts) {

     

       42
       42
       +
           return hosts(names, TRIMOUNTS_IPS, opts);

     

       43
       43
       +
       }

     

       44
       44
       +
       function DZWONEK(names, opts) {

     

       45
       45
       +
           return hosts(names, DZWONEK_IPS, opts);

     

       46
       46
       +
       }

     

       47
       47
       +
       

     

       48
       48
       +
       function IGNORE_ACME() {

     

       49
       49
       +
           return IGNORE_NAME("_acme-challenge");

     

       50
       50
       +
       }

     

       7
       51
        
       

     

       8
       52
        
       D(

     

       9
       53
        
           "gaze.systems",

     

       10
       54
        
           REG_NONE,

     

       11
       11
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       55
       55
       +
           DnsProvider(DSP_BUNNY),

     

       12
       56
        
           DefaultTTL(1),

     

       13
       13
       -
           A("@", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),

     

       14
       14
       -
           A("doc", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       15
       15
       -
           A("pmart", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       16
       16
       -
           // A("webhook", WOLUMONDE_IP, CF_PROXY_OFF),

     

       17
       17
       -
           A("dash", TRIMOUNTS_IP, CF_PROXY_OFF), // perses

     

       18
       18
       -
           A("knot", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),

     

       19
       19
       -
           A("spindle", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),

     

       20
       20
       -
           A("id", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       21
       21
       -
           // atp

     

       22
       22
       -
           A("guestbook", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       23
       23
       -
           // dzwonek

     

       24
       24
       -
           A("vpn", DZWONEK_IP, CF_PROXY_OFF),

     

       25
       25
       -
           // A("meow", WOLUMONDE_IP, CF_PROXY_OFF),

     

       26
       26
       -
           // thing

     

       27
       27
       -
           // TXT("id", "a data endpoint for entity with serial id /90008/."),

     

       28
       28
       -
           // TXT("id", "entity linked here uses it/they pronouns. it can be referred to as /dusk/ or /dawn/."),

     

       29
       29
       -
           // TXT("id", "this one is not a human, try to refer to it in third person. use /this one/, /this thing/, etc."),

     

       30
       30
       -
           // TXT("id", "try connecting to https://gaze.systems/about for more information."),

     

       57
       57
       +
           TRIMOUNTS(

     

       58
       58
       +
               [

     

       59
       59
       +
                   "@", "doc", "pmart", "dash", "id",

     

       60
       60
       +
                   "knot", "spindle",

     

       61
       61
       +
                   "guestbook",

     

       62
       62
       +
               ],

     

       63
       63
       +
               CF_PROXY_OFF,

     

       64
       64
       +
           ),

     

       65
       65
       +
           DZWONEK("vpn", CF_PROXY_OFF),

     

       31
       66
        
           // github pages

     

       32
       67
        
           CNAME("dev", "90-008.github.io."),

     

       33
       68
        
           // fastmail

     
···

       37
       72
        
           MX("@", 10, "in1-smtp.messagingengine.com."),

     

       38
       73
        
           MX("@", 20, "in2-smtp.messagingengine.com."),

     

       39
       74
        
           TXT("@", "v=spf1 include:spf.messagingengine.com ?all"),

     

       40
       40
       -
           TXT("_dmarc", "v=DMARC1; p=none;"),

     

       75
       75
       +
           TXT("_dmarc", "v=DMARC1; p=reject;"),

     

       41
       76
        
           // resend

     

       42
       77
        
           MX("send.poke", 10, "feedback-smtp.us-east-1.amazonses.com."),

     

       43
       78
        
           TXT(

     
···

       48
       83
        
           // atproto

     

       49
       84
        
           TXT("_atproto.eris", "did=did:plc:bxjnsrfzozl365rsdo5yvuz5", TTL(60)),

     

       50
       85
        
           TXT("_atproto.drew", "did=did:plc:vo6ie3kd6xvpjlof4pnb2zzp", TTL(60)),

     

       86
       86
       +
           IGNORE_ACME(),

     

       51
       87
        
       );

     

       52
       88
        
       

     

       53
       89
        
       D(

     
···

       55
       91
        
           REG_NONE,

     

       56
       92
        
           DnsProvider(DSP_CLOUDFLARE),

     

       57
       93
        
           DefaultTTL(1),

     

       58
       58
       -
           A("@", TRIMOUNTS_IP, CF_PROXY_ON),

     

       94
       94
       +
           TRIMOUNTS("@", CF_PROXY_ON),

     

       59
       95
        
           TXT("@", "a data endpoint for entity with serial id /90008/."),

     

       60
       96
        
           TXT(

     

       61
       97
        
               "@",

     
···

       69
       105
        
               "@",

     

       70
       106
        
               "try connecting to https://gaze.systems/about for more information.",

     

       71
       107
        
           ),

     

       72
       72
       -
           // atproto

     

       73
       73
       -
           // TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae"),

     

       74
       74
       -
           IGNORE_NAME("_acme-challenge"),

     

       108
       108
       +
           IGNORE_ACME(),

     

       75
       109
        
       );

     

       76
       110
        
       

     

       77
       111
        
       D(

     

       78
       112
        
           "poor.dog",

     

       79
       113
        
           REG_NONE,

     

       80
       80
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       114
       114
       +
           DnsProvider(DSP_BUNNY),

     

       81
       115
        
           DefaultTTL(1),

     

       82
       82
       -
           A("@", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       116
       116
       +
           TRIMOUNTS("@", CF_PROXY_OFF),

     

       83
       117
        
           TXT("@", "v=spf1 -all"),

     

       84
       118
        
           TXT("_dmarc", "v=DMARC1; p=reject;"),

     

       85
       119
        
           TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae", TTL(60)),

     

       86
       86
       -
           IGNORE_NAME("_acme-challenge"),

     

       120
       120
       +
           IGNORE_ACME(),

     

       87
       121
        
       );

     

       88
       122
        
       

     

       89
       123
        
       var EMAIL_TTL = 86400;

     
···

       91
       125
        
       D(

     

       92
       126
        
           "ptr.pet",

     

       93
       127
        
           REG_NONE,

     

       94
       94
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       128
       128
       +
           DnsProvider(DSP_BUNNY),

     

       95
       129
        
           DefaultTTL(1),

     

       96
       96
       -
           A("@", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       97
       97
       -
           A("nucleus", DZWONEK_IP, CF_PROXY_OFF),

     

       98
       98
       -
           A("trill", DZWONEK_IP, CF_PROXY_OFF),

     

       130
       130
       +
           TRIMOUNTS("@", CF_PROXY_OFF),

     

       131
       131
       +
           DZWONEK(["nucleus", "trill"], CF_PROXY_OFF),

     

       99
       132
        
           // atproto

     

       100
       133
        
           TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae"),

     

       101
       134
        
           TXT("_atproto.nil", "did=did:plc:dumbmutt4po52ept2tczimje"),

     
···

       152
       185
        
           ),

     

       153
       186
        
       

     

       154
       187
        
           // mta-sts

     

       155
       155
       -
           A("mta-sts", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       188
       188
       +
           TRIMOUNTS("mta-sts", CF_PROXY_OFF),

     

       156
       189
        
           TXT("_mta-sts", "v=STSv1; id=20250930T1945", TTL(EMAIL_TTL)),

     

       157
       190
        
       

     

       158
       191
        
           // autoconfig

     

       159
       159
       -
           A("autoconfig", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       160
       160
       -
           A("autodiscover", TRIMOUNTS_IP, CF_PROXY_OFF),

     

       192
       192
       +
           TRIMOUNTS(["autoconfig", "autodiscover"], CF_PROXY_OFF),

     

       161
       193
        
       

     

       162
       194
        
           // autodiscovery

     

       163
       195
        
           SRV(

     
···

       172
       204
        
           SRV("_imaps._tcp", 0, 1, 993, "imap.migadu.com.", TTL(EMAIL_TTL)),

     

       173
       205
        
           SRV("_pop3s._tcp", 0, 1, 995, "pop.migadu.com.", TTL(EMAIL_TTL)),

     

       174
       206
        
       

     

       175
       175
       -
           IGNORE_NAME("_acme-challenge"),

     

       207
       207
       +
           IGNORE_ACME(),

     

       176
       208
        
       );

+3 -3

hosts/trimounts/modules/nginx.nix

···

       38
       38
        
       

     

       39
       39
        
         users.users.nginx.extraGroups = [ "acme" ];

     

       40
       40
        
       

     

       41
       41
       -
         age.secrets.cfDnsEditToken.file = ../../../secrets/cloudflareDnsEdit.age;

     

       41
       41
       +
         age.secrets.bunnyApiKey.file = ../../../secrets/bunnyApiKey.age;

     

       42
       42
        
         security.acme = {

     

       43
       43
        
           acceptTerms = true;

     

       44
       44
        
           defaults = {

     

       45
       45
        
             group = "nginx";

     

       46
       46
        
             email = (import "${inputs.self}/personal.nix").emails.primary;

     

       47
       47
       -
             dnsProvider = "cloudflare";

     

       47
       47
       +
             dnsProvider = "bunny";

     

       48
       48
        
             credentialFiles = {

     

       49
       49
       -
               CF_DNS_API_TOKEN_FILE = config.age.secrets.cfDnsEditToken.path;

     

       49
       49
       +
               BUNNY_API_KEY_FILE = config.age.secrets.bunnyApiKey.path;

     

       50
       50
        
             };

     

       51
       51
        
           };

     

       52
       52
        
           certs."poor.dog" = { };

+21

secrets/bunnyApiKey.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-rsa Abmvag

     

       3
       3
       +
       XNh6H/W0srZXbGmkLGQ/YpXfamisyK/duLeSftkcrXU67b5s8x40HUv1NaKr/QQt

     

       4
       4
       +
       7ZBvKfm+8YsKcmmXaIINOHl6/LQ6GTpWprN91VDxTGOGzpO/GmD8MOUk8zfJYh+D

     

       5
       5
       +
       3soDoZuuk1gr8Q7+f8AIrfT+x3QwHA2h3hCm3un3MqhmAicTTip2C3NFQhlsEwHi

     

       6
       6
       +
       DhgOJ1Wy9/lSXwIzhg62s8KDOQ4cBETA8PRvspWh8GsV1oLU/brk2itwUaj0P8xA

     

       7
       7
       +
       uQrQzo71rbUttXeGnW4yBZjzzGMJe5iHY3H4aQxjklC1yGpInDf3HGaO6X/yaZBx

     

       8
       8
       +
       vRx2YxwCH4AdhgVpllbZo2++uGX8mye6fu5Lap04+dXU+ubglEvDQ1uRDrbXML9/

     

       9
       9
       +
       PpRszgmu5z7k9u+qWI/aBywUChvVSy4TDWKcj2JAqvCuU7QYiEi6SKhIiDLNd/BQ

     

       10
       10
       +
       7aa/GHSUpUu6TnpRwuBF4l2g5+jO27hsNWb3nAm/SV5YHEVCn+Tr5PiRPxBK8Fa0

     

       11
       11
       +
       ngJjBK5r4ra+uGulwGn1uoM0jYVCl6EtjtKgLeP5cvbdLylKWRXRYxyL7XTxqmHb

     

       12
       12
       +
       oLJsVvxuF1pFiaUkAmMBctaYdMw9EVwV8vTp4/eebVe6pU0Lmxv5B0u5nDiWar5o

     

       13
       13
       +
       RQzfwfGhtOaE0PUQNqVz7VfdoIzCcUjqnJMwInh+XwU

     

       14
       14
       +
       -> ssh-ed25519 y5W/qA rZ2rTM2n2bPULAefeeUvEFwskCNIEh5KdkC7uEnBcXM

     

       15
       15
       +
       P75OaqdeAt3BVa/xprDvJ/bLoGLkU6qdteVvwD9fO8M

     

       16
       16
       +
       -> ssh-ed25519 LaQclg Bnt8Z3Cve0gG6ItbJq+1+fUT/ykFsngstap8ymEr1m4

     

       17
       17
       +
       filHMr3njOkRpbu4UwutvqxVLf8joTBvqs3JT1gu7kk

     

       18
       18
       +
       --- pkIfClG050A3Kp8c+HUQJDwlxM1BbFaCRx8Vp0++xbI

     

       19
       19
       +
       4�dc���/\�ڦ �@:e��:e�o;�

     

       20
       20
       +
       �E�d\W�#m

     

       21
       21
       +
       ��WA��#�uaJ��T�<���X�R���X�X"9
���)�'U:7��+�,�hNϏ�Ul\�FSP8c

+5 -6

secrets/secrets.nix

···

       1
       1
        
       let

     

       2
       2
        
         yusdacra = builtins.readFile ./yusdacra.key.pub;

     

       3
       3
       -
         wolumonde = builtins.readFile ./wolumonde.key.pub;

     

       4
       3
        
         dzwonek = builtins.readFile ./dzwonek.key.pub;

     

       5
       4
        
         trimounts = builtins.readFile ./trimounts.key.pub;

     

       6
       5
        
         develMobi = builtins.readFile ./develMobi.key.pub;

     
···

       9
       8
        
         "nixGithubAccessToken.age".publicKeys = [ yusdacra ];

     

       10
       9
        
         "websiteConfig.age".publicKeys = [

     

       11
       10
        
           yusdacra

     

       12
       12
       -
           wolumonde

     

       13
       11
        
           trimounts

     

       14
       12
        
         ];

     

       15
       13
        
         "pdsConfig.age".publicKeys = [

     

       16
       14
        
           yusdacra

     

       17
       17
       -
           wolumonde

     

       18
       15
        
           trimounts

     

       19
       16
        
         ];

     

       20
       17
        
         "clickeeProxyConfig.age".publicKeys = [

     

       21
       18
        
           yusdacra

     

       22
       22
       -
           wolumonde

     

       23
       19
        
           trimounts

     

       24
       20
        
         ];

     

       25
       21
        
         "persesSecret.age".publicKeys = [

     

       26
       22
        
           yusdacra

     

       27
       27
       -
           wolumonde

     

       28
       23
        
           trimounts

     

       29
       24
        
         ];

     

       30
       25
        
         "headscaleOidcSecret.age".publicKeys = [

     
···

       38
       33
        
         "cloudflareDnsEdit.age".publicKeys = [

     

       39
       34
        
           yusdacra

     

       40
       35
        
           dzwonek

     

       41
       41
       -
           wolumonde

     

       36
       36
       +
           trimounts

     

       37
       37
       +
         ];

     

       38
       38
       +
         "bunnyApiKey.age".publicKeys = [

     

       39
       39
       +
           yusdacra

     

       40
       40
       +
           dzwonek

     

       42
       41
        
           trimounts

     

       43
       42
        
         ];

     

       44
       43
        
       }

Compare changes