ivy: add tranquil and fix ports
vi did:web:vt3e.cat
Tue, 05 May 2026 20:09:02 +0100
10 files changed,
106 insertions(+),
10 deletions(-)
M
flake.lock
→
flake.lock
@@ -150,12 +150,29 @@ "repo": "nixpkgs",
"type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1775888245, + "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "13043924aaa7375ce482ebe2494338e058282925", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "ironbar": "ironbar", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "tranquil": "tranquil" } }, "rust-analyzer-src": {@@ -173,6 +190,24 @@ "owner": "rust-lang",
"ref": "nightly", "repo": "rust-analyzer", "type": "github" + } + }, + "tranquil": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1777753977, + "narHash": "sha256-St0O1h5JIU+Rg0l7HzKHmk+MgoEDZ/TPIU8nAzpggOk=", + "ref": "refs/heads/main", + "rev": "f176f55862bc4c41472f8697cc2ca069c24d5e37", + "revCount": 339, + "type": "git", + "url": "https://tangled.org/tranquil.farm/tranquil-pds.git" + }, + "original": { + "type": "git", + "url": "https://tangled.org/tranquil.farm/tranquil-pds.git" } } },
M
hosts/common/users.nix
→
hosts/common/users.nix
@@ -6,7 +6,6 @@
users = { willow = { initialPassword = "pass"; - uid = 1001; isNormalUser = true; extraGroups = [ "wheel"
M
hosts/ivy/default.nix
→
hosts/ivy/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: +{ inputs, pkgs, ... }: { imports = [ ../common/default.nix@@ -7,6 +7,8 @@ ./ports.nix
./caddy ./services + + inputs.tranquil.nixosModules.tranquil-pds ]; nix.settings.trusted-users = [
A
hosts/ivy/services/at/tranquil.nix
@@ -0,0 +1,45 @@
+{ config, ... }: +let + PORT = config.svports.tranquil; +in +{ + services.tranquil-pds = { + enable = true; + + environmentFiles = [ "/var/lib/secrets/tranquil" ]; + database.createLocally = true; + + settings = { + server = { + hostname = "tranquil.at.vt3e.cat"; + port = PORT; + invite_code_required = true; + age_assurance_override = true; + }; + + email = { + from_address = "pds@mail.wlo.moe"; + from_name = "Tranquil PDS"; + + smarthost = { + host = "smtp.resend.com"; + port = 2587; + username = "resend"; + tls = "starttls"; + }; + }; + }; + }; + + services.caddy.virtualHosts."tranquil.at.vt3e.cat" = { + serverAliases = [ "*.tranquil.at.vt3e.cat" ]; + extraConfig = '' + encode zstd gzip + tls { + on_demand + } + + reverse_proxy 127.0.0.1:${toString PORT} + ''; + }; +}
M
hosts/ivy/services/default.nix
→
hosts/ivy/services/default.nix
@@ -1,6 +1,6 @@
{ imports = [ - # ./at + ./at ./vaultwarden.nix ./immich.nix ./navidrome.nix
M
hosts/ivy/services/immich.nix
→
hosts/ivy/services/immich.nix
@@ -1,9 +1,12 @@
{ config, ... }: +let + PORT = config.svports.immich; +in { services.immich = { enable = true; secretsFile = "/var/secrets/immich"; - port = config.svports.immich; + port = PORT; settings = { server = { externalDomain = "https://immich.vt3e.cat";@@ -14,7 +17,7 @@
services.caddy.virtualHosts."immich.vt3e.cat" = { extraConfig = '' encode zstd gzip - reverse_proxy localhost:8081 + reverse_proxy localhost:${toString PORT} ''; }; }
M
hosts/ivy/services/vaultwarden.nix
→
hosts/ivy/services/vaultwarden.nix
@@ -1,4 +1,7 @@
{ config, ... }: +let + PORT = config.svports.vaultwarden; +in { services.vaultwarden = { enable = true;@@ -9,7 +12,7 @@ DOMAIN = "https://vaultwarden.vt3e.cat";
SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = config.svports.vaultwarden; + ROCKET_PORT = PORT; ROCKET_LOG = "critical"; SMTP_HOST = "smtp.resend.com";@@ -27,7 +30,7 @@ services.caddy.virtualHosts."vaultwarden.vt3e.cat" = {
hostName = "vaultwarden.vt3e.cat"; extraConfig = '' encode zstd gzip - reverse_proxy :8222 { + reverse_proxy :${toString PORT} { header_up X-Real-IP {remote_host} } '';