this repo has no description
feat(wolumonde): add tangled spindle [skip ci]
+67
-12
+1
dns/dnsconfig.js
+1
dns/dnsconfig.js
···
16
16
A("webhook", WOLUMONDE_IP, CF_PROXY_OFF),
17
17
A("dash", WOLUMONDE_IP, CF_PROXY_OFF), // perses
18
18
A("knot", WOLUMONDE_IP, CF_PROXY_OFF),
19
+
A("spindle", WOLUMONDE_IP, CF_PROXY_OFF),
19
20
A("skeetdeck", WOLUMONDE_IP, CF_PROXY_OFF),
20
21
A("likes", WOLUMONDE_IP, CF_PROXY_OFF),
21
22
// A("bird", WOLUMONDE_IP, CF_PROXY_OFF),
+7
-7
flake.lock
+7
-7
flake.lock
···
310
310
"htmx-ws-src": {
311
311
"flake": false,
312
312
"locked": {
313
-
"narHash": "sha256-XbUFiv94ZPB6VVULoTWOsje5Gq1I+IT72lMc4CpUYrY=",
313
+
"narHash": "sha256-2fg6KyEJoO24q0fQqbz9RMaYNPQrMwpZh29tkSqdqGY=",
314
314
"type": "file",
315
-
"url": "https://unpkg.com/htmx.org@2.0.4/dist/ext/ws.js"
315
+
"url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"
316
316
},
317
317
"original": {
318
318
"type": "file",
319
-
"url": "https://unpkg.com/htmx.org@2.0.4/dist/ext/ws.js"
319
+
"url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"
320
320
}
321
321
},
322
322
"ibm-plex-mono-src": {
···
817
817
"sqlite-lib-src": "sqlite-lib-src"
818
818
},
819
819
"locked": {
820
-
"lastModified": 1750884686,
821
-
"narHash": "sha256-MP+xB3iSmyrQJLW0ulDhT+vY8WOlVP0Tur0394cYWFk=",
820
+
"lastModified": 1751979681,
821
+
"narHash": "sha256-W8RKBKsLvfUsLeqUulwj3+yqH2hqxUewH9ktcqoe20s=",
822
822
"ref": "refs/heads/master",
823
-
"rev": "a3bce1c10a4ee29a820bac14ea9604d2bdfb3f1a",
824
-
"revCount": 874,
823
+
"rev": "e3e0c95d1a1c163ee812af7caef95309a12083b3",
824
+
"revCount": 890,
825
825
"type": "git",
826
826
"url": "https://tangled.sh/@tangled.sh/core"
827
827
},
+1
hosts/wolumonde/modules/nginx.nix
+1
hosts/wolumonde/modules/nginx.nix
+58
-5
hosts/wolumonde/modules/tangled.nix
+58
-5
hosts/wolumonde/modules/tangled.nix
···
1
-
{ config, inputs, ... }:
1
+
{ lib, config, inputs, ... }:
2
2
let
3
-
cfg = config.services.tangled-knot;
3
+
knotCfg = config.services.tangled-knot;
4
+
spindleCfg = config.services.tangled-spindle;
4
5
in
5
6
{
6
-
imports = [ inputs.tangled.nixosModules.knot ];
7
+
imports = [ inputs.tangled.nixosModules.knot inputs.tangled.nixosModules.spindle ];
7
8
8
9
age.secrets.tangledKnot.file = ../../../secrets/tangledKnot.age;
9
10
···
17
18
};
18
19
};
19
20
20
-
services.nginx.virtualHosts.${cfg.server.hostname} = {
21
+
services.nginx.virtualHosts.${knotCfg.server.hostname} = {
22
+
useACMEHost = "gaze.systems";
23
+
forceSSL = true;
24
+
quic = true;
25
+
kTLS = true;
26
+
locations."/" = {
27
+
proxyPass = "http://${knotCfg.server.listenAddr}";
28
+
extraConfig = ''
29
+
proxy_set_header Upgrade $http_upgrade;
30
+
proxy_set_header Connection $connection_upgrade;
31
+
proxy_set_header id $request_id;
32
+
'';
33
+
};
34
+
};
35
+
36
+
services.tangled-spindle = {
37
+
enable = true;
38
+
server = {
39
+
listenAddr = "0.0.0.0:7391";
40
+
hostname = "spindle.gaze.systems";
41
+
owner = "did:plc:dfl62fgb7wtjj3fcbb72naae";
42
+
};
43
+
};
44
+
users.users.spindle = {
45
+
group = "spindle";
46
+
isSystemUser = true;
47
+
};
48
+
users.groups.spindle = {};
49
+
users.groups.podman.members = ["spindle"];
50
+
systemd.services.spindle = {
51
+
after = lib.mkForce ["network.target"];
52
+
serviceConfig = {
53
+
User = "spindle";
54
+
Group = "spindle";
55
+
};
56
+
};
57
+
58
+
services.nginx.virtualHosts.${spindleCfg.server.hostname} = {
21
59
useACMEHost = "gaze.systems";
22
60
forceSSL = true;
23
61
quic = true;
24
62
kTLS = true;
25
-
locations."/".proxyPass = "http://${cfg.server.listenAddr}";
63
+
locations."/" = {
64
+
proxyPass = "http://${spindleCfg.server.listenAddr}";
65
+
extraConfig = ''
66
+
proxy_set_header Upgrade $http_upgrade;
67
+
proxy_set_header Connection $connection_upgrade;
68
+
proxy_set_header id $request_id;
69
+
'';
70
+
};
71
+
};
72
+
73
+
virtualisation.docker.enable = lib.mkForce false;
74
+
virtualisation.podman = {
75
+
enable = true;
76
+
autoPrune.enable = true;
77
+
dockerCompat = true;
78
+
dockerSocket.enable = true;
26
79
};
27
80
}