commit 9bd682fcd2258d0299a69e654ef3948161ccd8cd · soopy.moe/gensokyo

+6 -2

creds/sops/koumakan/default.yaml

···

       78
       78
        
           root_user: ENC[AES256_GCM,data:q+w4FgnCA2QxWsxM,iv:NojzSMmZ2yq7VyPn7fOYauLpgMOE0NGCyTUQ6slGN2Q=,tag:5FfjO4KH8XfLuymxDgV2iA==,type:str]

     

       79
       79
        
           root_pass: ENC[AES256_GCM,data:oh/VQDU1dR9YLribrhZeVJxMoY9/7Ri8bloM650j6Ut/vHF6BB4NYY94RngkBYRVkHplF9oKx+Ey13kMyIPvC+EvPczoWKCHJ4pJqq3GgWigFp7ufUDdvY4hBjW7SU7fk0wYOjZYH2JlLqjmU0MsVKSqt66Rq9Si0MU7VACNrJzYDe6KbCbL/YT3DmTvBpPR6ysLCE525rH7Tg2LVyn775Si+vo+KGC5gqGMlw==,iv:8pbJMeuDIcvkI8Uda30i8ote/PRUSSAmaua22gQmbHc=,tag:6hNvVytKXbjrKZMKkQ5pEA==,type:str]

     

       80
       80
        
           vmetrics_token: ENC[AES256_GCM,data:ZZcCBpLlyjMOh55H44WKVSIcNgU+GVpQf9ApMfNV7Tg7dXtP0gF4Cy0RkgKT5hp2arO23HZB/jZGxAY60IDOr9nHVFih5+e2OaXeu5RPGlqsgpp6EZeBDcFvLBtJvx/3qmijuB92HdUXP8/x4Gr0d52xID9YXr3w/To50fMvK8UPFVwkh3Ck4tU7tYLWrhwNOmLu3jZCRMq47Adn7Gu090Zekie4S+LijB1pJvz9h3n36R1M5NOkEpLVb2MjMxtLLTQkoordLq82Vsvpd704VkZohTU=,iv:hiCRdE7dFGHcWjDEc3ZkXFIiTC+YkvCus3tbwVe8aBc=,tag:HflQTi3SuSgibEGKT0Zi1Q==,type:str]

     

       81
       81
       +
       whitelisted-web:

     

       82
       82
       +
           entra_secret: ENC[AES256_GCM,data:h5tiggV5MgUby5tZ7oLqxAiJReB9L07XfEzfBWoSkgxJFm3mTDH3jg==,iv:xBi9pBWmyg+KGcGMxTXsabzK/uqcNpHdXdJ36UtiET4=,tag:OFyuvZuXvE/L/jBJSU3Vpw==,type:str]

     

       83
       83
       +
           turnstile_key: ENC[AES256_GCM,data:r60Jgabtrkx9vYenlb0u+IM00PbD+v+V4/Vb0JT8Y/7lcoQ=,iv:GfcCLWI+mRlbOr2DDDs6nzWKpABJUP0xtrAyK4xhP9g=,tag:J9MO8UULfIT7nhf7/icuoA==,type:str]

     

       84
       84
       +
           ipc_token: ENC[AES256_GCM,data:Klu5jBDkvCSY3b0+MDQNSer6FQqUPOltjS8tYmu2VwL3q0QqRDtfzejJA6rqpsW1hboeTNrYLlZu6VP/NpV8NqH/0NR/C60S/X9JsMADeyiwrWqGw1YRHhFnd+5f8n1C/m6AhfV4OnAHNtWOx7EF9tTPzU4fJf6yU7h+xK828/TnE7PMie1en+TKbaGGyaTr/6cv/ciCzY6GTFkZcB7uokhXs/rJJ1an4KsfTQ==,iv:KsFwwr2uzVa88+42gZCGRjfxuVLFlJ/kIi9KQn4e8GY=,tag:WNOE3y1HgIaILPnLqSgDEQ==,type:str]

     

       81
       85
        
       sops:

     

       82
       86
        
           age:

     

       83
       87
        
               - recipient: age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk

     
···

       107
       111
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       108
       112
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       109
       113
        
                   -----END AGE ENCRYPTED FILE-----

     

       110
       110
       -
           lastmodified: "2025-09-20T00:55:07Z"

     

       111
       111
       -
           mac: ENC[AES256_GCM,data:yz2jIOwMQumeCWOIWl3z+nYwDbPOZRVw+xV01ZfMZ+I7vi54EtVyjQIbjkcySvrrlztlCU5ysQrDxT5Pm3OczkuJ06mRZ3ICvfpmNZ2zc2OYc9NhGmpwbv3udEs5S/9my6hu7Pis0uJOuEzl7Zv6WUC3s3IUqxeKMuWrif5BAqI=,iv:1ApHTHumPpq3xDwz/QAoa+PLSaedlcH80Wz/+/UEjoA=,tag:/Lwy8042v3bxCHSURomF5Q==,type:str]

     

       114
       114
       +
           lastmodified: "2025-09-28T16:46:06Z"

     

       115
       115
       +
           mac: ENC[AES256_GCM,data:gWB+a7urGrcH81OoVCMANMRWvHihxXyg7S5IkxhnJ+OFNW+gTB0E7ZV35GOCTnBk0W+pUgL3Rqb63LZ7HSWkCx/iCHwKZXuYFKLsHPp7123E9QTUI1uTcfCiZE/mUT5MD0UQzfv4NwQqZMReMa4vJaodFz1tdvMrDHwbA9LP8eI=,iv:LWY0fMDtGvSLIoPsfm6c/hEFxytXZhXziA5OCa3sM+8=,tag:AF0SrnpyZdgiTMKYIMb/FQ==,type:str]

     

       112
       116
        
           unencrypted_suffix: _unencrypted

     

       113
       117
        
           version: 3.10.2

+20 -1

flake.lock

···

       730
       730
        
               "nixpkgs": "nixpkgs_6",

     

       731
       731
        
               "sops-nix": "sops-nix",

     

       732
       732
        
               "tangled-core": "tangled-core",

     

       733
       733
       -
               "treefmt-nix": "treefmt-nix_3"

     

       733
       733
       +
               "treefmt-nix": "treefmt-nix_3",

     

       734
       734
       +
               "whitelisted-web": "whitelisted-web"

     

       734
       735
        
             }

     

       735
       736
        
           },

     

       736
       737
        
           "rust-overlay": {

     
···

       907
       908
        
               "owner": "numtide",

     

       908
       909
        
               "repo": "treefmt-nix",

     

       909
       910
        
               "type": "github"

     

       911
       911
       +
             }

     

       912
       912
       +
           },

     

       913
       913
       +
           "whitelisted-web": {

     

       914
       914
       +
             "inputs": {

     

       915
       915
       +
               "nixpkgs": [

     

       916
       916
       +
                 "nixpkgs"

     

       917
       917
       +
               ]

     

       918
       918
       +
             },

     

       919
       919
       +
             "locked": {

     

       920
       920
       +
               "lastModified": 1759076896,

     

       921
       921
       +
               "narHash": "sha256-PrnYydY6FLsUbbUTqQ5qT5Jd7dO4aS+U+BgaULeCGyk=",

     

       922
       922
       +
               "rev": "4f73a4b5345bb47c4f1cd56b5dca7f4cac23d5b5",

     

       923
       923
       +
               "type": "tarball",

     

       924
       924
       +
               "url": "https://patchy.soopy.moe/api/v1/repos/soopyc/whitelisted-web/archive/4f73a4b5345bb47c4f1cd56b5dca7f4cac23d5b5.tar.gz"

     

       925
       925
       +
             },

     

       926
       926
       +
             "original": {

     

       927
       927
       +
               "type": "tarball",

     

       928
       928
       +
               "url": "https://patchy.soopy.moe/soopyc/whitelisted-web/archive/main.tar.gz"

     

       910
       929
        
             }

     

       911
       930
        
           },

     

       912
       931
        
           "zig": {

+5

flake.nix

···

       33
       33
        
             inputs.nixpkgs.follows = "nixpkgs";

     

       34
       34
        
           };

     

       35
       35
        
       

     

       36
       36
       +
           whitelisted-web = {

     

       37
       37
       +
             url = "https://patchy.soopy.moe/soopyc/whitelisted-web/archive/main.tar.gz";

     

       38
       38
       +
             inputs.nixpkgs.follows = "nixpkgs";

     

       39
       39
       +
           };

     

       40
       40
       +
       

     

       36
       41
        
           lanzaboote = {

     

       37
       42
        
             url = "github:nix-community/lanzaboote/v0.4.2";

     

       38
       43
        
             inputs.nixpkgs.follows = "nixpkgs";

+1

systems/koumakan/configuration.nix

···

       5
       5
        
           inputs.mystia.nixosModules.vmauth

     

       6
       6
        
           inputs.mystia.nixosModules.bsky-pds

     

       7
       7
        
           inputs.hydra.nixosModules.hydra

     

       8
       8
       +
           inputs.whitelisted-web.nixosModules.default

     

       8
       9
        
           inputs.knotserver-module.nixosModules.default

     

       9
       10
        
       

     

       10
       11
        
           ./hardware-configuration.nix

+1

systems/koumakan/services/default.nix

···

       17
       17
        
       

     

       18
       18
        
           ./ci

     

       19
       19
        
           ./databases

     

       20
       20
       +
           ./games

     

       20
       21
        
           ./mirror

     

       21
       22
        
           ./proxies

     

       22
       23
        
           ./scm

+3

systems/koumakan/services/games/default.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         imports = [ ./whitelisted-web.nix ];

     

       3
       3
       +
       }

+44

systems/koumakan/services/games/whitelisted-web.nix

···

       1
       1
       +
       { _utils, config, ... }:

     

       2
       2
       +
       let

     

       3
       3
       +
         secrets = _utils.setupSecrets config {

     

       4
       4
       +
           namespace = "whitelisted-web";

     

       5
       5
       +
           secrets = [

     

       6
       6
       +
             "entra_secret"

     

       7
       7
       +
             "turnstile_key"

     

       8
       8
       +
             "ipc_token"

     

       9
       9
       +
           ];

     

       10
       10
       +
         };

     

       11
       11
       +
       in

     

       12
       12
       +
       {

     

       13
       13
       +
         imports = [

     

       14
       14
       +
           secrets.generate

     

       15
       15
       +
           (secrets.mkTemplate "whitelisted-web.env" ''

     

       16
       16
       +
             ENTRA_CLIENT_SECRET="${secrets.placeholder "entra_secret"}"

     

       17
       17
       +
             TURNSTILE_SECRET_KEY="${secrets.placeholder "turnstile_key"}"

     

       18
       18
       +
             SHARED_IPC_TOKEN="${secrets.placeholder "ipc_token"}"

     

       19
       19
       +
           '')

     

       20
       20
       +
         ];

     

       21
       21
       +
       

     

       22
       22
       +
         gensokyo.services.whitelisted-web = {

     

       23
       23
       +
           enable = true;

     

       24
       24
       +
       

     

       25
       25
       +
           buildConfig = {

     

       26
       26
       +
             PUBLIC_STATIC_CONTACT_INFO = ''{"Email": "mailto:Sophie Cheung <me@soopy.moe>"}'';

     

       27
       27
       +
           };

     

       28
       28
       +
       

     

       29
       29
       +
           settings = {

     

       30
       30
       +
             PORT = "30274";

     

       31
       31
       +
             PUBLIC_URL = "https://renko.mist-nessie.ts.net:5173";

     

       32
       32
       +
             PUBLIC_TOS_URI_TEMPLATE = "/tos/%LANG%.md";

     

       33
       33
       +
             PUBLIC_SERVER_IP = "mc.soopy.moe"; # the public minecraft server IP

     

       34
       34
       +
             PUBLIC_TURNSTILE_SITEID = "0x4AAAAAABifUhFToAkxeZDM";

     

       35
       35
       +
             PUBLIC_ENTRA_CLIENT_ID = "807b9c9e-69c9-4b9f-b020-01dbf256623b";

     

       36
       36
       +
           };

     

       37
       37
       +
       

     

       38
       38
       +
           environmentFile = secrets.getTemplate "whitelisted-web.env";

     

       39
       39
       +
         };

     

       40
       40
       +
       

     

       41
       41
       +
         services.nginx.virtualHosts."mc.soopy.moe" = _utils.mkSimpleProxy {

     

       42
       42
       +
           port = 30274;

     

       43
       43
       +
         };

     

       44
       44
       +
       }