From 082529dac95d4e05b070b9abd4dbf5ee0ca8af58 Mon Sep 17 00:00:00 2001 From: Danny Date: Thu, 7 May 2026 22:12:03 +0200 Subject: [PATCH] phantom-ship + vps-relay: declare bon service + vhost (port 8091) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bon — receipt scanner Mini App. Snap a receipt with the device camera, upload, list. MVP only captures + stores; OCR/categorization later. phantom-ship.nix - systemd.services.bon on port 8091, binds :: for ZT - 8091 added to zt+ allowedTCPPorts - tmpfiles for /home/danny/.local/share/bon/{,images} - python env adds python-multipart (form upload) + pillow (image validate + downscale to 2400px JPEG) vps-relay.nix - Caddy vhost bon.dannydannydanny.me → ZT [::]:8091 --- nixos/hosts/phantom-ship.nix | 43 +++++++++++++++++++++++++++++++----- nixos/hosts/vps-relay.nix | 5 +++++ 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/nixos/hosts/phantom-ship.nix b/nixos/hosts/phantom-ship.nix index 5e267b6..9bed76e 100644 --- a/nixos/hosts/phantom-ship.nix +++ b/nixos/hosts/phantom-ship.nix @@ -49,11 +49,11 @@ in networking.firewall.trustedInterfaces = [ "enp0s31f6" ]; # KomTolk (:8080), Shelfish (:8081), Scuttle (:8082), Bananasimulator - # (:8083), Forgejo (:3000), Escape Hormuz (:8090) are reachable only - # over the ZeroTier mesh — the vps-relay Caddy reverse-proxies into - # them. Same pattern as sunken-ship's bbbot. Not in global - # allowedTCPPorts, so the WAN side stays closed. - networking.firewall.interfaces."zt+".allowedTCPPorts = [ 3000 8080 8081 8082 8083 8090 ]; + # (:8083), Forgejo (:3000), Escape Hormuz (:8090), bon (:8091) are + # reachable only over the ZeroTier mesh — the vps-relay Caddy + # reverse-proxies into them. Same pattern as sunken-ship's bbbot. Not + # in global allowedTCPPorts, so the WAN side stays closed. + networking.firewall.interfaces."zt+".allowedTCPPorts = [ 3000 8080 8081 8082 8083 8090 8091 ]; hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware @@ -178,6 +178,8 @@ in "d /home/danny/.local/share/komtolk 0755 danny users - -" "d /home/danny/.local/share/escape_hormuz 0755 danny users - -" "d /home/danny/.local/share/scuttle/tiles 0755 danny users - -" + "d /home/danny/.local/share/bon 0755 danny users - -" + "d /home/danny/.local/share/bon/images 0755 danny users - -" ]; # Hara Gmail MCP server (path 1: IMAP+SMTP). Replaced by an OAuth2 @@ -392,6 +394,37 @@ in }; }; + # bon — receipt scanner Mini App (camera capture + gallery). + # Code rsync'd from ~/python-projects/26_bon/ to /home/danny/bon/ + # Images on disk under /home/danny/.local/share/bon/images// + systemd.services.bon = let + pythonEnv = pkgs.python3.withPackages (ps: with ps; [ + fastapi + uvicorn + python-telegram-bot + python-multipart + pillow + ]); + in { + description = "bon FastAPI server (receipt scanner)"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pythonEnv ]; + environment = { + SHIPYARD_BOT_TOKEN_FILE = "/home/danny/.secrets/telegram-bot-token-shipyard"; + BON_DB_PATH = "/home/danny/.local/share/bon/bon.db"; + BON_IMAGES_DIR = "/home/danny/.local/share/bon/images"; + }; + serviceConfig = { + WorkingDirectory = "/home/danny/bon"; + ExecStart = "${pythonEnv}/bin/python -m uvicorn server:app --host :: --port 8091"; + Restart = "on-failure"; + RestartSec = 10; + User = "danny"; + }; + }; + # KomTolk (formerly translate-platform) — Copenhagen translation gigs Mini App. # Code rsync'd from ~/python-projects/26_komtolk/ to /home/danny/komtolk/ systemd.services.komtolk = let diff --git a/nixos/hosts/vps-relay.nix b/nixos/hosts/vps-relay.nix index 24c4d73..3d34a1a 100644 --- a/nixos/hosts/vps-relay.nix +++ b/nixos/hosts/vps-relay.nix @@ -127,6 +127,11 @@ "escapehormuz.dannydannydanny.me".extraConfig = '' reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8090 ''; + # bon — receipt scanner Mini App, port 8091. Camera capture in + # the WebView needs HTTPS, which Caddy terminates here. + "bon.dannydannydanny.me".extraConfig = '' + reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8091 + ''; }; };