commit bd8d5aa8e61e2ccf88bf1f1067eb310cbc33194e · soopy.moe/gensokyo

+4 -2

creds/sops/ryo/default.yaml

···

       1
       1
        
       vmetrics:

     

       2
       2
        
           auth: ENC[AES256_GCM,data:D+EKKAsDVIrTdXyxhQQ65rkgbOUlTfbMqYn3a1GWYwHQDAplb1lAqY7yPbvrLhC7QJRagMMfMxN1q39dsz5eBiUZU3YORrt/Eo3sjlZGT5HcZo7ASnGWO62FarjAZOk2dFk6Qj3TtZ+z8OOnmW4JpoaILKBA3KTb5PQKRmrF7iEJwjr3w8ojqmRjt/nGn6CE5xU6Fpq3tuwSHNmfGiK9hpVRig9WyzDv6Ii+Fg==,iv:BVNHFOmGisiiEvX4+qyFrY/kfF9lhFh+iLXO3lLVIbE=,tag:H7N5XPqr1wjAZeKnBjCH8Q==,type:str]

     

       3
       3
       +
       lego:

     

       4
       4
       +
           cf_token: ENC[AES256_GCM,data:rH9al1jeSY/FsyQ2dDsjyi39m4VKjouBydo85wTxE3qTKDNLY/anhQ==,iv:XssbI1d82KkP0OLK4hHe2a4UwCdT+4TZX51JalSRZ2c=,tag:bqOCrxg6+HX6hDRn4xLOhQ==,type:str]

     

       3
       5
        
       sops:

     

       4
       6
        
           kms: []

     

       5
       7
        
           gcp_kms: []

     
···

       33
       35
        
                   emlNZ1dUT2J6TlNRVjJsZlJDeWZOQ3MKEj9zpAX8PJ1wWuokrXJf0tkwPJx3zZAD

     

       34
       36
        
                   MTy/t6dddmzfrltmZnE+MdsS9U5Dol/TdGOR7YhjdvsWfHcCT6g2TA==

     

       35
       37
        
                   -----END AGE ENCRYPTED FILE-----

     

       36
       36
       -
           lastmodified: "2025-01-18T16:33:50Z"

     

       37
       37
       -
           mac: ENC[AES256_GCM,data:6twftanA8IZwvmFvMoRHcrD5p7fa3CDTGntb1dYXZqx2wKhJ0LGKsCmWx/g4SYnRDFcKTr0BIQUm9r0n0AIiCXM2T9ZOJ5qW9k5cf5/VSFzbg3CUjkqHTHO1KmMGTcv9qvhLZsRd1ltbynrxVajpEZwNl+qGiq1V1wjjm0aL1QE=,iv:odSFhKTBU5Ap88F55FOCEsnHMW6iSuUnGMz0i0/IXbk=,tag:8kQbfjASESvv6MLvCMZMsA==,type:str]

     

       38
       38
       +
           lastmodified: "2025-01-20T13:19:18Z"

     

       39
       39
       +
           mac: ENC[AES256_GCM,data:vSZDS9yqyQNiBbqvI4fCsPU/vEbxjX22E6d+N2Dz2oa+/0OP1X7aQiT4JJ2g5HRGo4ziGUrE8fZLR32s7V3VEErx6AETotwnzVMRYbfw+rHbjaWWb4kjgMOiJRO1iYa28t+0FnEXdFICDw/DB9unJT2Vtj55Og1p8sp3UqBGef4=,iv:HPisIwKptZSPkgIhzPnVbRa9aInOTZWrN38aIVpWC+c=,tag:YM8sZFee7RTKHkaYC07mzQ==,type:str]

     

       38
       40
        
           pgp: []

     

       39
       41
        
           unencrypted_suffix: _unencrypted

     

       40
       42
        
           version: 3.9.2

+5

systems/ryo/certificates/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./ryo.nix

     

       4
       4
       +
         ];

     

       5
       5
       +
       }

+5

systems/ryo/certificates/ryo.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         security.acme.certs."ryo.soopy.moe" = {

     

       3
       3
       +
           group = "nginx";

     

       4
       4
       +
         };

     

       5
       5
       +
       }

+9 -2

systems/ryo/configuration.nix

···

       1
       1
        
       # ryo because empty-headed. also btr naming scheme.

     

       2
       2
        
       # DO NOT copy anything done on this host, it's insecure by design.

     

       3
       3
        
       {...}: {

     

       4
       4
       -
         imports = [];

     

       4
       4
       +
         imports = [

     

       5
       5
       +
           ./certificates

     

       6
       6
       +
           ./services

     

       7
       7
       +
         ];

     

       5
       8
        
       

     

       6
       6
       -
         gensokyo.presets.vmetrics = true;

     

       9
       9
       +
         gensokyo.presets = {

     

       10
       10
       +
           vmetrics = true;

     

       11
       11
       +
           certificates = true;

     

       12
       12
       +
           nginx = true;

     

       13
       13
       +
         };

     

       7
       14
        
         zramSwap.enable = true;

     

       8
       15
        
         system.stateVersion = "23.11";

     

       9
       16
        
       }

+6

systems/ryo/services/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./novnc.nix

     

       4
       4
       +
           # ./thefunny.nix

     

       5
       5
       +
         ];

     

       6
       6
       +
       }

+17

systems/ryo/services/novnc.nix

···

       1
       1
       +
       {_utils, pkgs, lib, ...}: {

     

       2
       2
       +
         services.nginx.virtualHosts."ryo.soopy.moe" = _utils.mkSimpleProxy {

     

       3
       3
       +
           port = 6080;

     

       4
       4
       +
           websockets = true;

     

       5
       5
       +
           extraConfig = {

     

       6
       6
       +
             locations."= /".return = "303 /vnc_lite.html";

     

       7
       7
       +
             useACMEHost = "ryo.soopy.moe";

     

       8
       8
       +
           };

     

       9
       9
       +
         };

     

       10
       10
       +
       

     

       11
       11
       +
         systemd.services."novnc" = {

     

       12
       12
       +
           serviceConfig = {

     

       13
       13
       +
             DynamicUser = true;

     

       14
       14
       +
             ExecStart = "${lib.getExe pkgs.novnc} --file-only";

     

       15
       15
       +
           };

     

       16
       16
       +
         };

     

       17
       17
       +
       }