commit d78a5bde58ba14b8bf35d63c71d3d423b195c83e · sapphic.moe/flake

+16

secrets/destiny-labeler.age

···

       1
       +
       -----BEGIN AGE ENCRYPTED FILE-----

     

       2
       +
       YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGN2U2dKQSBKUEJG

     

       3
       +
       S1RtWkR6aVZuUmtWci9tTy90L05ZbDZTbTZGaTZWeGJsVWRoQzNBCkd5cFlEYTVJ

     

       4
       +
       QVlzRTlidEJFallZTmMzTERLelNDaWZQM25aeVdnWTBVUTAKLT4gc3NoLWVkMjU1

     

       5
       +
       MTkgMUNUOTd3IG1XUHJ5NWk4UUk4Szc1TStxWnZCV1hiQ0JVMDB3OFV3eWZWM2Jj

     

       6
       +
       ZkZNU2sKOTBnZFFSYUovNFhxK21vL1cvY0FkMmlpeGJDZ0NGdWlWTElnL2MyTGFY

     

       7
       +
       SQotPiBzc2gtZWQyNTUxOSBlUDNUdFEgRjJmT1VCTVVjZk9MK0RMb3ByU1I0N2dk

     

       8
       +
       MkZQamVxdXBKL0gvR2JMaFJ6cwpnUkxrbDUweVg5c1FTdHZJbWsyWTdRNVo4U205

     

       9
       +
       amNsM3FNZEYrVVoranF3Ci0+IFspby4tZ3JlYXNlIG08I1tJOCBlI3dNXHUgMmAo

     

       10
       +
       czdZQwpCZVRBV1J1MDZWTjBhR3FlNlVyOGZ4SmYwcndpQUZXQlRSQkI0bzhnUTVt

     

       11
       +
       MzQ0ZTdtTlJKR2FBM00wNUhzbExhCmxFMlBnVm5SaEVyZnoyTGJUYVJ2QTI4Y3E1

     

       12
       +
       a3dOZU85a1lYaTRxZjdtWUdXdi9nL29peGZKdWRTeEtsOQotLS0gcTBWZlZKOG8y

     

       13
       +
       NW9LZmUrTWFLR3NKbEV0ZnlKNDYzNnhTWmx1Y0w4VnVmcwo6/NlBNJ3sHF7etQ0r

     

       14
       +
       K1VzsO6xG9dSwdp5Wj2+PCkqEq8Knd9xEePLw4/hd47pz8JKjaKFhZdo8+QleyyI

     

       15
       +
       ovi4czrf8Jc/X75TDASjLIf51EZ0l74en2n8nRPLusuvb8rO

     

       16
       +
       -----END AGE ENCRYPTED FILE-----

secrets/secrets.nix

···

       12
        
       {

     

       13
        
         "bluesky-pds.age".publicKeys = keys;

     

       14
        
         "caddy.age".publicKeys = keys;

     

       0
        
       
     

       15
        
         "glance.age".publicKeys = keys;

     

       16
        
         "lanyard.age".publicKeys = keys;

     

       17
        
         "minio.age".publicKeys = keys;

···

       12
        
       {

     

       13
        
         "bluesky-pds.age".publicKeys = keys;

     

       14
        
         "caddy.age".publicKeys = keys;

     

       15
       +
         "destiny-labeler.age".publicKeys = keys;

     

       16
        
         "glance.age".publicKeys = keys;

     

       17
        
         "lanyard.age".publicKeys = keys;

     

       18
        
         "minio.age".publicKeys = keys;

+38

services/destiny-labeler/default.nix

···

       1
       +
       { config, ... }:

     

       2
       +
       

     

       3
       +
       {

     

       4
       +
         age.secrets.destiny-labeler = {

     

       5
       +
           file = ../../secrets/destiny-labeler.age;

     

       6
       +
           mode = "600";

     

       7
       +
         };

     

       8
       +
       

     

       9
       +
         virtualisation.oci-containers.containers."destiny-labeler" = {

     

       10
       +
           image = "ghcr.io/SapphoSys/destiny-labeler:main";

     

       11
       +
           pull = "always";

     

       12
       +
           ports = [ "4001:4001" ];

     

       13
       +
           environment = {

     

       14
       +
             DID = "did:plc:zt2oycjggn5gwdtcgphdh4tn";

     

       15
       +
             SIGN_KEY = config.age.secrets.destiny-labeler.path;

     

       16
       +
             URL = "wss://jetstream.atproto.tools/subscribe";

     

       17
       +
             NODE_ENV = "production";

     

       18
       +
           };

     

       19
       +
           volumes = [

     

       20
       +
             "./data/cursor.txt:/app/cursor.txt"

     

       21
       +
             "./data/labels.db:/app/labels.db"

     

       22
       +
             "./data/labels.db-shm:/app/labels.db-shm"

     

       23
       +
             "./data/labels.db-wal:/app/labels.db-wal"

     

       24
       +
           ];

     

       25
       +
           extraOptions = [

     

       26
       +
             "--restart=always"

     

       27
       +
             "--network=host"

     

       28
       +
           ];

     

       29
       +
         };

     

       30
       +
       

     

       31
       +
         services.caddy.virtualHosts."labeler.sappho.systems" = {

     

       32
       +
           extraConfig = ''

     

       33
       +
             import common

     

       34
       +
             import tls_cloudflare

     

       35
       +
             reverse_proxy http://destiny-labeler:4001

     

       36
       +
           '';

     

       37
       +
         };

     

       38
       +
       }