+19

hosts/ivy/caddy.nix

··· 21 21 reverse_proxy localhost:8082 22 22 ''; 23 23 }; 24 24 + 25 25 + "bbell.vt3e.cat" = { 26 26 + extraConfig = '' 27 27 + encode zstd gzip 28 28 + root * /var/www/bbell 29 29 + try_files {path} /index.html 30 30 + file_server 31 31 + ''; 32 32 + }; 33 33 + 34 34 + "http://localhost:9005" = { 35 35 + extraConfig = '' 36 36 + encode zstd gzip 37 37 + root * /home/willow/web 38 38 + try_files {path} /index.txt 39 39 + file_server 40 40 + ''; 41 41 + }; 42 42 + 24 43 }; 25 44 26 45 globalConfig = ''

+6

hosts/ivy/default.nix

··· 39 39 }; 40 40 }; 41 41 42 42 + nix.settings.trusted-users = [ 43 43 + "root" 44 44 + "@wheel" 45 45 + "willow" 46 46 + ]; 47 47 + 42 48 boot = { 43 49 loader = { 44 50 systemd-boot.enable = true;

+90 -2

hosts/ivy/services/ddns.nix

··· 1 1 + { pkgs, config, ... }: 2 2 + 3 3 + let 4 4 + src = pkgs.fetchgit { 5 5 + url = "https://tangled.org/wlo.moe/ddns-updater.git"; 6 6 + hash = "sha256-WbmfGHiJ+8d82qlkJo97yKra6weTh4HuDSIQVHCiiRQ="; 7 7 + }; 8 8 + 9 9 + node_modules = pkgs.stdenv.mkDerivation { 10 10 + pname = "ddns-updater-modules"; 11 11 + version = "1.0.1"; 12 12 + inherit src; 13 13 + 14 14 + nativeBuildInputs = [ pkgs.bun ]; 15 15 + 16 16 + outputHashAlgo = "sha256"; 17 17 + outputHashMode = "recursive"; 18 18 + outputHash = "sha256-kcCJbrtEbFu1nt04gvEYet3HZtQSnS6jYyU61cVRSbQ=="; 19 19 + 20 20 + dontConfigure = true; 21 21 + dontFixup = true; 22 22 + dontPatchShebangs = true; 23 23 + 24 24 + buildPhase = '' 25 25 + export HOME=$(mktemp -d) 26 26 + bun install --no-progress --frozen-lockfile 27 27 + ''; 28 28 + 29 29 + installPhase = '' 30 30 + mkdir -p $out 31 31 + cp -r node_modules/. $out/ 32 32 + ''; 33 33 + }; 34 34 + 35 35 + ddns-updater = pkgs.stdenv.mkDerivation { 36 36 + pname = "ddns-updater"; 37 37 + version = "1.0.1"; 38 38 + inherit src; 39 39 + 40 40 + nativeBuildInputs = [ pkgs.bun ]; 41 41 + dontStrip = true; 42 42 + 43 43 + buildPhase = '' 44 44 + runHook preBuild 45 45 + export HOME=$(mktemp -d) 46 46 + 47 47 + cp -r ${node_modules} node_modules 48 48 + chmod -R +w node_modules 49 49 + 50 50 + bun build src/bin.ts --outfile=ddns --compile 51 51 + runHook postBuild 52 52 + ''; 53 53 + 54 54 + installPhase = '' 55 55 + runHook preInstall 56 56 + mkdir -p $out/bin 57 57 + cp ddns $out/bin/ddns 58 58 + runHook postInstall 59 59 + ''; 60 60 + }; 61 61 + 62 62 + in 1 63 { 2 2 - services.ddns-updater = { 3 3 - enable = true; 64 64 + systemd.services.ddns-updater = { 65 65 + description = "ddns updater"; 66 66 + after = [ "network-online.target" ]; 67 67 + wants = [ "network-online.target" ]; 68 68 + wantedBy = [ "multi-user.target" ]; 69 69 + 70 70 + serviceConfig = { 71 71 + Type = "oneshot"; 72 72 + ExecStart = "${ddns-updater}/bin/ddns --config /var/lib/secrets/ddns.json"; 73 73 + 74 74 + DynamicUser = true; 75 75 + ProtectSystem = "strict"; 76 76 + ProtectHome = true; 77 77 + BindReadOnlyPaths = [ "/var/lib/secrets/ddns.json" ]; 78 78 + 79 79 + StateDirectory = "ddns-updater"; 80 80 + Environment = "HOME=%S/ddns-updater"; 81 81 + }; 82 82 + }; 83 83 + 84 84 + systemd.timers.ddns-updater = { 85 85 + description = "ddns updater every five minutes"; 86 86 + wantedBy = [ "timers.target" ]; 87 87 + timerConfig = { 88 88 + OnBootSec = "1m"; 89 89 + OnUnitActiveSec = "5m"; 90 90 + Unit = "ddns-updater.service"; 91 91 + }; 4 92 }; 5 93 }

+9 -7

hosts/ivy/services/pds.nix

··· 28 28 respond `{ "lastInitiatedAt": "2025-07-14T14:22:43.912Z", "status": "assured" }` 200 29 29 } 30 30 31 31 - @backend { 32 32 - path /xrpc/* /.well-known/* /robots.txt /oauth/* /@* 33 33 - } 34 31 35 35 - handle @backend { 36 36 - reverse_proxy localhost:8090 32 32 + @static { 33 33 + path / /assets/* /index.html /posts /profile/* 37 34 } 38 35 39 39 - handle { 40 40 - reverse_proxy localhost:8090 36 36 + handle @static { 37 37 + root * /var/www/pds.wlo.moe/ 38 38 + file_server 39 39 + try_files {path} /index.html 41 40 } 41 41 + 42 42 + reverse_proxy localhost:8090 43 43 + 42 44 ''; 43 45 }; 44 46 }