diff --git a/nixos/hosts/phantom-ship.nix b/nixos/hosts/phantom-ship.nix index 3a673ca..1d138f1 100644 --- a/nixos/hosts/phantom-ship.nix +++ b/nixos/hosts/phantom-ship.nix @@ -48,11 +48,11 @@ in }; networking.firewall.trustedInterfaces = [ "enp0s31f6" ]; - # Shelfish (:8081) and Scuttle (:8082) are reachable only over the - # ZeroTier mesh — the vps-relay Caddy reverse-proxies into them. Same - # pattern as sunken-ship's bbbot. Not in global allowedTCPPorts, so - # the WAN side stays closed. - networking.firewall.interfaces."zt+".allowedTCPPorts = [ 8081 8082 ]; + # Shelfish (:8081), Scuttle (:8082), Bananasimulator (:8083) are + # reachable only over the ZeroTier mesh — the vps-relay Caddy + # reverse-proxies into them. Same pattern as sunken-ship's bbbot. + # Not in global allowedTCPPorts, so the WAN side stays closed. + networking.firewall.interfaces."zt+".allowedTCPPorts = [ 8081 8082 8083 ]; hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware @@ -173,6 +173,7 @@ in "d /var/lib/openclaw/repos 0750 openclaw openclaw - -" "d /home/danny/.local/share/shelfish 0755 danny users - -" "d /home/danny/.local/share/scuttle 0755 danny users - -" + "d /home/danny/.local/share/bananasimulator 0755 danny users - -" ]; # Hara Gmail MCP server (path 1: IMAP+SMTP). Replaced by an OAuth2 @@ -325,6 +326,36 @@ in }; }; + # Bananasimulator — the actual project at https://bananasimulator.dannydannydanny.me + # (was a placeholder in shipyard's apps.json for ages). You ARE a banana. + # Code rsync'd from ~/python-projects/26_bananasimulator/ to /home/danny/bananasimulator/ + systemd.services.bananasimulator = let + pythonEnv = pkgs.python3.withPackages (ps: with ps; [ + fastapi + uvicorn + httpx + python-telegram-bot + ]); + in { + description = "Bananasimulator FastAPI server"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pythonEnv ]; + environment = { + SHIPYARD_BOT_TOKEN_FILE = "/home/danny/.secrets/telegram-bot-token-shipyard"; + BS_DB_PATH = "/home/danny/.local/share/bananasimulator/bananasimulator.db"; + BS_RIPE_MIN_PER_STAGE = "2"; # 2 min/stage → 30 min to compost in production + }; + serviceConfig = { + WorkingDirectory = "/home/danny/bananasimulator"; + ExecStart = "${pythonEnv}/bin/python -m uvicorn server:app --host :: --port 8083"; + Restart = "on-failure"; + RestartSec = 10; + User = "danny"; + }; + }; + # Auto-rebuild service/timer + safe.directory provided by the # shared dotfiles-rebuild NixOS module (see nixos/modules/dotfiles-rebuild.nix). } diff --git a/nixos/hosts/vps-relay.nix b/nixos/hosts/vps-relay.nix index bedf32e..70ec646 100644 --- a/nixos/hosts/vps-relay.nix +++ b/nixos/hosts/vps-relay.nix @@ -110,6 +110,10 @@ "scuttle.dannydannydanny.me".extraConfig = '' reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8082 ''; + # Bananasimulator — same backend, port 8083. + "bananasimulator.dannydannydanny.me".extraConfig = '' + reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8083 + ''; }; };