Set up tranquil PDS · ngp.computer/nixos@729cd4b

+5 -1

common.nix

··· 24 24 # Automatic Garbage Collection 25 25 nix.gc.automatic = true; 26 26 nix.gc.options = "--delete-older-than 8d"; 27 - nix.settings.trusted-users = [ "@wheel" ]; 27 + nix.settings = { 28 + substituters = [ "https://tranquil.cachix.org" ]; 29 + trusted-public-keys = [ "tranquil.cachix.org-1:PoO+mGL6a6LcJiPakMDHN4E218/ei/7v2sxeDtNkSRg=" ]; 30 + trusted-users = [ "@wheel" ]; 31 + }; 28 32 29 33 # I don't care that much about free vs unfree 30 34 nixpkgs.config.allowUnfree = true;

+21

flake.lock

··· 659 659 "nixpkgs-unstable": "nixpkgs-unstable", 660 660 "pre-commit-hooks": "pre-commit-hooks", 661 661 "tangled": "tangled", 662 + "tranquil-pds": "tranquil-pds", 662 663 "valheim-server": "valheim-server" 663 664 } 664 665 }, ··· 789 790 "ref": "refs/tags/v1.13.0-alpha", 790 791 "type": "git", 791 792 "url": "https://tangled.org/@tangled.org/core" 793 + } 794 + }, 795 + "tranquil-pds": { 796 + "inputs": { 797 + "nixpkgs": [ 798 + "nixpkgs" 799 + ] 800 + }, 801 + "locked": { 802 + "lastModified": 1777536688, 803 + "narHash": "sha256-byoX4I3K2ZwOVKL7/AWvbx1cpA4uSe9ThQ1meooXQZc=", 804 + "ref": "refs/heads/main", 805 + "rev": "9b2cfb3a7e1db54df2e1f3cf3c0fd468caba0c9f", 806 + "revCount": 333, 807 + "type": "git", 808 + "url": "https://tangled.org/tranquil.farm/tranquil-pds" 809 + }, 810 + "original": { 811 + "type": "git", 812 + "url": "https://tangled.org/tranquil.farm/tranquil-pds" 792 813 } 793 814 }, 794 815 "valheim-server": {

+5

flake.nix

··· 29 29 url = "git+https://tangled.org/@tangled.org/core?ref=refs/tags/v1.13.0-alpha"; 30 30 inputs.nixpkgs.follows = "nixpkgs"; 31 31 }; 32 + tranquil-pds = { 33 + url = "git+https://tangled.org/tranquil.farm/tranquil-pds"; 34 + inputs.nixpkgs.follows = "nixpkgs"; 35 + }; 32 36 claude-code = { 33 37 url = "github:sadjow/claude-code-nix"; 34 38 inputs.nixpkgs.follows = "nixpkgs"; ··· 54 58 pre-commit-hooks, 55 59 agenix, 56 60 tangled, 61 + tranquil-pds, 57 62 claude-code, 58 63 valheim-server, 59 64 nixpkgs-search,

+2

host-specific/misaki/coredns/ngp.computer.hosts

··· 8 8 192.168.1.3 stats.ngp.computer 9 9 192.168.1.3 traces.ngp.computer 10 10 192.168.1.3 nixery.ngp.computer 11 + 192.168.1.3 pds.ngp.computer 11 12 192.168.1.6 odin.ngp.computer 12 13 13 14 fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer ··· 20 21 fe80::9ab7:85ff:fe1e:dfe8 stats.ngp.computer 21 22 fe80::9ab7:85ff:fe1e:dfe8 traces.ngp.computer 22 23 fe80::9ab7:85ff:fe1e:dfe8 nixery.ngp.computer 24 + fe80::9ab7:85ff:fe1e:dfe8 pds.ngp.computer 23 25 fe80::3af7:cdff:fec7:54f odin.ngp.computer

+47

host-specific/misaki/services.nix

··· 9 9 10 10 imports = [ 11 11 inputs.tangled.nixosModules.knot 12 + inputs.tranquil-pds.nixosModules.tranquil-pds 12 13 ]; 13 14 14 15 services.zfs = { ··· 518 519 }; 519 520 }; 520 521 522 + services.tranquil-pds = { 523 + enable = true; 524 + dataDir = "/srv/shokuhou/applications/tranquil"; 525 + database.createLocally = true; 526 + settings = { 527 + server = { 528 + host = "127.0.0.1"; 529 + port = 3030; 530 + hostname = "pds.ngp.computer"; 531 + }; 532 + storage = { 533 + backend = "filesystem"; 534 + path = "/srv/shokuhou/applications/tranquil/blobs"; 535 + }; 536 + tranquil_store.data_dir = "/srv/shokuhou/applications/tranquil/store"; 537 + }; 538 + }; 539 + age.secrets.tranquil-pds-env = { 540 + file = ../../secrets/tranquil-pds-env.age; 541 + owner = "tranquil-pds"; 542 + group = "tranquil-pds"; 543 + }; 544 + systemd.services.tranquil-pds.serviceConfig = { 545 + EnvironmentFile = config.age.secrets.tranquil-pds-env.path; 546 + ReadWritePaths = [ 547 + "/srv/shokuhou/applications/tranquil" 548 + ]; 549 + }; 550 + 521 551 age.secrets.acme = { 522 552 file = ../../secrets/porkbun-api-key.age; 523 553 owner = "root"; ··· 542 572 "coder.ngp.computer" 543 573 "stats.ngp.computer" 544 574 "nixery.ngp.computer" 575 + "pds.ngp.computer" 545 576 ] 546 577 (_: { 547 578 group = "httpd"; ··· 843 874 acmeRoot = null; 844 875 http2 = true; 845 876 locations."/".proxyPass = "http://localhost:1411/"; 877 + }; 878 + virtualHosts."pds.ngp.computer" = { 879 + forceSSL = true; 880 + enableACME = true; 881 + acmeRoot = null; 882 + http2 = true; 883 + locations."/" = { 884 + proxyPass = "http://127.0.0.1:${toString config.services.tranquil-pds.settings.server.port}"; 885 + proxyWebsockets = true; 886 + extraConfig = '' 887 + client_max_body_size 50000M; 888 + proxy_read_timeout 600s; 889 + proxy_send_timeout 600s; 890 + send_timeout 600s; 891 + ''; 892 + }; 846 893 }; 847 894 virtualHosts."coder.ngp.computer" = { 848 895 forceSSL = true;

+1

secrets/secrets.nix

··· 33 33 "victoriatraces-write-pass.age".publicKeys = [ misaki ] ++ noah; 34 34 "obsidian-auth-token.age".publicKeys = [ misaki ] ++ noah; 35 35 "pocket-id-encryption-key.age".publicKeys = [ misaki ] ++ noah; 36 + "tranquil-pds-env.age".publicKeys = [ misaki ] ++ noah; 36 37 "coder-client-secret.age".publicKeys = [ odin ] ++ noah; 37 38 "github-actions-token.age".publicKeys = [ odin ] ++ noah; 38 39 "influxdb-user-password.age".publicKeys = [ misaki ] ++ noah;

+11

secrets/tranquil-pds-env.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g tw9TRc25kIdvKXXeFteNcXYoEQfPZhJrYgAC6pCbd0Q 3 + r90v/aFTA9GaZoXJNIzh7WmmKnOmgi0og7buXwQ1CCQ 4 + -> ssh-ed25519 QBbeMw 78+X4piP60xCDxPl1q6jCkN3MqDtu75bWrTr6yDrfDg 5 + yiizv/j/606jSbzRae9RM6SEeowFgoO6GEw5FdvCeig 6 + -> ssh-ed25519 Wv0Urw CZwTS93hVskCLUT7QV4OE8OWnmbDT0btJkIYURTfG3o 7 + eR/hQHzoHK/iyyXEutzESF4epPZmDqPSA13nKhUvlhQ 8 + -> ssh-ed25519 WVNCXA Da4SBjxpijnGX/r2HGqA8X80SPicqblmXXUk6ZiSIGo 9 + DSOVLSfHTmV4+crXOr7vt4FX8xbiM1KbOQtRkzWFux0 10 + --- IMbxM+oJWVGtZviPSj5a+Pbup3NRFQE1e+2eDh2qjN8 11 + @8�R�cR�:ht��ƌ��2w��Cp��Y��I1��l"�WJ@G��m,b��O�'��-O!�,`Դ�P��a�{��Y��#��O�/a��fg�M� ��I��P86R�&��pwZCk�ke=jۥzWi�k�u��qL/�) �

Configure Feed

Configure Feed