dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

phantom-ship + vps-relay: declare notes service + vhosts (port 8092)

Browse source 
notes serves both notes.dannydannydanny.me (blog) and
dannydannydanny.me (apex landing) from the same FastAPI process,
switching on Host header. Source rsync'd from ~/python-projects/26_notes/
to /home/danny/notes/.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
DannyDannyDanny 2026-05-08 07:23:09 +02:00
parent 327bdc11fe
commit eee28d3e9a
2 changed files with 41 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

38
nixos/hosts/phantom-ship.nix
View file

@ -49,11 +49,12 @@ in
networking.firewall.trustedInterfaces = [ "enp0s31f6" ]; networking.firewall.trustedInterfaces = [ "enp0s31f6" ];
# KomTolk (:8080), Shelfish (:8081), Scuttle (:8082), Bananasimulator # KomTolk (:8080), Shelfish (:8081), Scuttle (:8082), Bananasimulator
# (:8083), Forgejo (:3000), Escape Hormuz (:8090), bon (:8091) are # (:8083), Forgejo (:3000), Escape Hormuz (:8090), bon (:8091),
# reachable only over the ZeroTier mesh — the vps-relay Caddy # notes (:8092) are reachable only over the ZeroTier mesh — the
# reverse-proxies into them. Same pattern as sunken-ship's bbbot. Not # vps-relay Caddy reverse-proxies into them. Same pattern as
# in global allowedTCPPorts, so the WAN side stays closed. # sunken-ship's bbbot. Not in global allowedTCPPorts, so the WAN side
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 3000 8080 8081 8082 8083 8090 8091 ]; # stays closed.
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 3000 8080 8081 8082 8083 8090 8091 8092 ];
hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware
@ -475,6 +476,33 @@ in
}; };
}; };
# notes — tiny markdown blog + apex landing page.
# One service serves two hostnames via Host-header switch:
# notes.dannydannydanny.me → blog
# dannydannydanny.me → landing
# Code rsync'd from ~/python-projects/26_notes/ to /home/danny/notes/
systemd.services.notes = let
pythonEnv = pkgs.python3.withPackages (ps: with ps; [
fastapi
uvicorn
markdown
jinja2
]);
in {
description = "notes markdown blog + landing page";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pythonEnv ];
serviceConfig = {
WorkingDirectory = "/home/danny/notes";
ExecStart = "${pythonEnv}/bin/python -m uvicorn server:app --host :: --port 8092";
Restart = "on-failure";
RestartSec = 10;
User = "danny";
};
};
# Hara morning heartbeat — daily email check + Telegram good-morning ping. # Hara morning heartbeat — daily email check + Telegram good-morning ping.
# Runs claude in print mode with the Gmail MCP, then sends output via Bot API. # Runs claude in print mode with the Gmail MCP, then sends output via Bot API.
# Token lives in ~/.claude/channels/telegram/.env (managed by the telegram plugin). # Token lives in ~/.claude/channels/telegram/.env (managed by the telegram plugin).

8
nixos/hosts/vps-relay.nix
View file

@ -132,6 +132,14 @@
"bon.dannydannydanny.me".extraConfig = '' "bon.dannydannydanny.me".extraConfig = ''
reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8091 reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8091
''; '';
# notes — markdown blog (notes.X) + apex landing (X). Same backend
# service on phantom :8092 routes by Host header.
"notes.dannydannydanny.me".extraConfig = ''
reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8092
'';
"dannydannydanny.me".extraConfig = ''
reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8092
'';
}; };
}; };