focaccia: init tangled appview · pluie.me/flake@0de06b6

+85 -6

flake.lock

··· 1 1 { 2 2 "nodes": { 3 + "actor-typeahead-src": { 4 + "flake": false, 5 + "locked": { 6 + "lastModified": 1771017033, 7 + "narHash": "sha256-Kf+FtgGcX1HIqVjZtCKNdQMeqmbk4uiOWd/W39I+Aew=", 8 + "ref": "refs/heads/main", 9 + "rev": "720317cf4773f73dd27b84b0fbf38ad49302f34a", 10 + "revCount": 12, 11 + "type": "git", 12 + "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead" 13 + }, 14 + "original": { 15 + "type": "git", 16 + "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead" 17 + } 18 + }, 3 19 "deploy-rs": { 4 20 "inputs": { 5 21 "flake-compat": "flake-compat", ··· 281 297 "owner": "nix-community", 282 298 "repo": "home-manager", 283 299 "type": "github" 300 + } 301 + }, 302 + "htmx-src": { 303 + "flake": false, 304 + "locked": { 305 + "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=", 306 + "type": "file", 307 + "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js" 308 + }, 309 + "original": { 310 + "type": "file", 311 + "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js" 312 + } 313 + }, 314 + "htmx-ws-src": { 315 + "flake": false, 316 + "locked": { 317 + "narHash": "sha256-2fg6KyEJoO24q0fQqbz9RMaYNPQrMwpZh29tkSqdqGY=", 318 + "type": "file", 319 + "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2" 320 + }, 321 + "original": { 322 + "type": "file", 323 + "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2" 324 + } 325 + }, 326 + "ibm-plex-mono-src": { 327 + "flake": false, 328 + "locked": { 329 + "lastModified": 1731402384, 330 + "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=", 331 + "type": "tarball", 332 + "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip" 333 + }, 334 + "original": { 335 + "type": "tarball", 336 + "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip" 337 + } 338 + }, 339 + "inter-fonts-src": { 340 + "flake": false, 341 + "locked": { 342 + "lastModified": 1731658560, 343 + "narHash": "sha256-5vdKKvHAeZi6igrfpbOdhZlDX2/5+UvzlnCQV6DdqoQ=", 344 + "type": "tarball", 345 + "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip" 346 + }, 347 + "original": { 348 + "type": "tarball", 349 + "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip" 350 + } 351 + }, 352 + "lucide-src": { 353 + "flake": false, 354 + "locked": { 355 + "lastModified": 1754044466, 356 + "narHash": "sha256-+exBR2OToB1iv7ZQI2S4B0lXA/QRvC9n6U99UxGpJGs=", 357 + "type": "tarball", 358 + "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip" 359 + }, 360 + "original": { 361 + "type": "tarball", 362 + "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip" 284 363 } 285 364 }, 286 365 "mermaid-src": { ··· 707 786 }, 708 787 "tangled": { 709 788 "inputs": { 710 - "actor-typeahead-src": [], 789 + "actor-typeahead-src": "actor-typeahead-src", 711 790 "fenix": "fenix", 712 791 "flake-compat": [], 713 792 "gomod2nix": "gomod2nix", 714 - "htmx-src": [], 715 - "htmx-ws-src": [], 716 - "ibm-plex-mono-src": [], 793 + "htmx-src": "htmx-src", 794 + "htmx-ws-src": "htmx-ws-src", 795 + "ibm-plex-mono-src": "ibm-plex-mono-src", 717 796 "indigo": [], 718 - "inter-fonts-src": [], 719 - "lucide-src": [], 797 + "inter-fonts-src": "inter-fonts-src", 798 + "lucide-src": "lucide-src", 720 799 "mermaid-src": "mermaid-src", 721 800 "nixpkgs": [ 722 801 "nixpkgs"

-6

flake.nix

··· 70 70 # We don't need any of these 71 71 flake-compat.follows = ""; 72 72 indigo.follows = ""; 73 - htmx-src.follows = ""; 74 - htmx-ws-src.follows = ""; 75 - lucide-src.follows = ""; 76 - inter-fonts-src.follows = ""; 77 - actor-typeahead-src.follows = ""; 78 - ibm-plex-mono-src.follows = ""; 79 73 }; 80 74 }; 81 75

+1

systems/focaccia/configuration.nix

··· 13 13 ./services/hysteria.nix 14 14 ./services/knot.nix 15 15 ./services/pds.nix 16 + ./services/tangled-appview.nix 16 17 ./services/ente.nix 17 18 ]; 18 19

+23

systems/focaccia/secrets/tangled-appview.env

··· 1 + TANGLED_COOKIE_SECRET=ENC[AES256_GCM,data:gNlroc49AW+v9L3d4RP4oM8aXB1uxnIryZhUxSf4KPg=,iv:P9g7f4jrsUe+Q/ylqJaUWnpoIa950SkqI+Q4S1za0b4=,tag:U1jBiB6QpeS4LjvW2pPgHA==,type:str] 2 + TANGLED_OAUTH_CLIENT_SECRET=ENC[AES256_GCM,data:43KWU7jz8ZCvkswBAkxmWsB4FVc4IoTEJCCFP+vb1nABe1nM8fKG14jKy9iyKhIc,iv:Uz5xm+DahGA1JBeyR49M1ELa6E1wjeDnLReSED4a2Ig=,tag:0dPa1iXlqTZ5KSZcYwwSuQ==,type:str] 3 + TANGLED_OAUTH_CLIENT_KID=ENC[AES256_GCM,data:4RloxNSPocWHpw==,iv:IYjgEuFvjLWEdgm32UJnzsaZ8OZxOCBbCm4wK6yBcQA=,tag:f7ysi6ZuTyOG27FDbrP0JQ==,type:str] 4 + TANGLED_RESEND_API_KEY= 5 + TANGLED_CAMO_SHARED_SECRET= 6 + TANGLED_AVATAR_SHARED_SECRET= 7 + TANGLED_REDIS_PASS= 8 + TANGLED_PDS_ADMIN_SECRET=ENC[AES256_GCM,data:7PJvIeuPl/kWAyTJbWVlZxlx85oZjfre7eOZqtoEr7c=,iv:0qz/hgrUF14YwUnpeCWm2cAG0SqluTHzgrNyg5igOPY=,tag:KLE7blp2tmatlKsmtKB3FQ==,type:str] 9 + TANGLED_CLOUDFLARE_API_TOKEN= 10 + TANGLED_CLOUDFLARE_ZONE_ID= 11 + TANGLED_CLOUDFLARE_TURNSTILE_SITE_KEY= 12 + TANGLED_CLOUDFLARE_TURNSTILE_SECRET_KEY= 13 + TANGLED_POSTHOG_API_KEY= 14 + TANGLED_APP_PASSWORD=ENC[AES256_GCM,data:QPzgoC8dUUhhHnKXh8kdrisAV1g=,iv:ZZ+0FSgabzmpwZKGGk+qP++3NLTrKKFRRb0k9PPjTAs=,tag:c9va5ob+P3NJuE9QcAVhRA==,type:str] 15 + TANGLED_ALT_APP_PASSWORD= 16 + sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpS2UvMm1ienAzOWlyMW5X\naEUrK0hRTU1UdWVWTW1ULzR4RFlsV3RsbFc4Cll1amhOb2txVmsyOWp3cVlMOFpE\nRDVFc3VvV1lOYS9CUlJSbG8xd2psc3cKLS0tIGRXWW44REI2M0Y3SUZFek5qNHZC\ndVl0ZnlaRktKcHRrNm9YdzYyNHU3eGcKFUUs1F30q2XPyZ5XKN4Xf/ZlTHmyQ8Su\nk9wP+/2VnliWrK10rqNFG3KOjsJmn0RxJXE7WnG23PguN+F3SHX0gw==\n-----END AGE ENCRYPTED FILE-----\n 17 + sops_age__list_0__map_recipient=age1lh4sn2s9gxj2s3naqdl4wpmz3uhpd3p8l0jfy6k5hu6cu34uyygsdwadd5 18 + sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwSmp1N1h6YkpMWEgwOWhI\namNzWG1sZUw2TWY0MjMrNERTSVNOSVNCRkZZCkNabHdTdGxNY3JMbXJzaFJkeWpG\nY2lHbmRITzlrZm5ISVY3Z1IvdXh2UEEKLS0tIFNPVUVxR3prQjJJMXJIdkk4eExz\nQmNIYi8wUGFKRDNKYmVSU3hYYndIVUUK9ZDGvFiNEYJDxnnpAGt7KBahclPSdLEl\n7PRNqXKPHS4CH9xbTTWiqvkIac7aWu4PVh/EWzqoagI+exKaTNoU5w==\n-----END AGE ENCRYPTED FILE-----\n 19 + sops_age__list_1__map_recipient=age1wtr58sze4sxjjzq9jmsq7ztkvkjakvnfzuqzn025p92htz7zsdesjpc2c8 20 + sops_lastmodified=2026-04-30T18:55:57Z 21 + sops_mac=ENC[AES256_GCM,data:hzRedndtpKlB+POPYailOJ52iuYA6t3SujADujYMkNJNi/t78JxBo7qGNAwqGZc9jdAZTNf/9MB1aJEGQZ+tndRmxrFPp9bQzrQfSfkxn2xb21vNCJggoR0qAn8098c8BGTHQJNYPOMDvWKnQlpCBBNH5lm8m2+1aWAhtEAFjlo=,iv:TCWi5noJNi5rZyDMfAUrvdR69/O0uAdehGkEFC8pT9M=,tag:0ToP7TPwh3VDS+n2qDNK5Q==,type:str] 22 + sops_unencrypted_suffix=_unencrypted 23 + sops_version=3.12.2

-2

systems/focaccia/services/knot.nix

··· 8 8 in 9 9 { 10 10 imports = [ 11 - 12 - 13 11 inputs.tangled.nixosModules.knot 14 12 ]; 15 13

+13 -1

systems/focaccia/services/pds.nix

··· 23 23 }; 24 24 25 25 services.caddy.virtualHosts.${cfg.PDS_HOSTNAME}.extraConfig = '' 26 - reverse_proxy :${toString cfg.PDS_PORT} 26 + handle /oauth/* { 27 + # HACK: For some reason the PDS only accepts cross-site, same-origin 28 + # or none for Sec-Fetch-Site for the initial AppView -> PDS flow, 29 + # meaning that you cannot put an AppView and a PDS under two subdomains 30 + # in the same domain. I think that's dumb and buggy, so let's hack 31 + # around this 32 + request_header Sec-Fetch-Site same-origin 33 + 34 + reverse_proxy :${toString cfg.PDS_PORT} 35 + } 36 + handle { 37 + reverse_proxy :${toString cfg.PDS_PORT} 38 + } 27 39 ''; 28 40 29 41 # services.postgresql = {

+30

systems/focaccia/services/tangled-appview.nix

··· 1 + { 2 + inputs, 3 + config, 4 + ... 5 + }: 6 + let 7 + cfg = config.services.tangled.appview; 8 + in 9 + { 10 + imports = [ 11 + inputs.tangled.nixosModules.appview 12 + ]; 13 + 14 + sops.secrets.tangled-appview = { 15 + # Has to be a separate file since it's a .env file 16 + sopsFile = ../secrets/tangled-appview.env; 17 + format = "dotenv"; 18 + }; 19 + 20 + services.tangled.appview = { 21 + enable = true; 22 + appviewHost = "git.pluie.me"; 23 + appviewName = "pluie's code"; 24 + pds.host = "pds.pluie.me"; 25 + environmentFile = config.sops.secrets.tangled-appview.path; 26 + }; 27 + services.caddy.virtualHosts.${cfg.appviewHost}.extraConfig = '' 28 + reverse_proxy :${toString cfg.port} 29 + ''; 30 + }

Configure Feed

Configure Feed