dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

phantom-ship + vps-relay: KomTolk service + vhost (was translate-platform)

Browse source 
KomTolk is the rebranded translate-platform — same Copenhagen
translation gigs Mini App, new name. Service on port 8080, mirrors
shelfish/scuttle/banana setup. New tmpfiles dir + zt+ firewall
opening + caddy vhost.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Danny 2026-05-03 18:56:52 +02:00
parent 08495161ae
commit f419fed7eb
2 changed files with 37 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

37
nixos/hosts/phantom-ship.nix
View file

@ -48,11 +48,11 @@ in
}; };
networking.firewall.trustedInterfaces = [ "enp0s31f6" ]; networking.firewall.trustedInterfaces = [ "enp0s31f6" ];
# Shelfish (:8081), Scuttle (:8082), Bananasimulator (:8083) are # KomTolk (:8080), Shelfish (:8081), Scuttle (:8082), Bananasimulator
# reachable only over the ZeroTier mesh — the vps-relay Caddy # (:8083) are reachable only over the ZeroTier mesh — the vps-relay
# reverse-proxies into them. Same pattern as sunken-ship's bbbot. # Caddy reverse-proxies into them. Same pattern as sunken-ship's bbbot.
# Not in global allowedTCPPorts, so the WAN side stays closed. # Not in global allowedTCPPorts, so the WAN side stays closed.
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 8081 8082 8083 ]; networking.firewall.interfaces."zt+".allowedTCPPorts = [ 8080 8081 8082 8083 ];
hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware hardware.enableRedistributableFirmware = true; # iwlwifi (Intel 8260) + GPU + BT firmware
@ -174,6 +174,7 @@ in
"d /home/danny/.local/share/shelfish 0755 danny users - -" "d /home/danny/.local/share/shelfish 0755 danny users - -"
"d /home/danny/.local/share/scuttle 0755 danny users - -" "d /home/danny/.local/share/scuttle 0755 danny users - -"
"d /home/danny/.local/share/bananasimulator 0755 danny users - -" "d /home/danny/.local/share/bananasimulator 0755 danny users - -"
"d /home/danny/.local/share/komtolk 0755 danny users - -"
]; ];
# Hara Gmail MCP server (path 1: IMAP+SMTP). Replaced by an OAuth2 # Hara Gmail MCP server (path 1: IMAP+SMTP). Replaced by an OAuth2
@ -356,6 +357,34 @@ in
}; };
}; };
# KomTolk (formerly translate-platform) — Copenhagen translation gigs Mini App.
# Code rsync'd from ~/python-projects/26_komtolk/ to /home/danny/komtolk/
systemd.services.komtolk = let
pythonEnv = pkgs.python3.withPackages (ps: with ps; [
fastapi
uvicorn
httpx
python-telegram-bot
]);
in {
description = "KomTolk FastAPI server (Copenhagen translation gigs)";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pythonEnv ];
environment = {
SHIPYARD_BOT_TOKEN_FILE = "/home/danny/.secrets/telegram-bot-token-shipyard";
KT_DB_PATH = "/home/danny/.local/share/komtolk/komtolk.db";
};
serviceConfig = {
WorkingDirectory = "/home/danny/komtolk";
ExecStart = "${pythonEnv}/bin/python -m uvicorn server:app --host :: --port 8080";
Restart = "on-failure";
RestartSec = 10;
User = "danny";
};
};
# Auto-rebuild service/timer + safe.directory provided by the # Auto-rebuild service/timer + safe.directory provided by the
# shared dotfiles-rebuild NixOS module (see nixos/modules/dotfiles-rebuild.nix). # shared dotfiles-rebuild NixOS module (see nixos/modules/dotfiles-rebuild.nix).
} }

4
nixos/hosts/vps-relay.nix
View file

@ -114,6 +114,10 @@
"bananasimulator.dannydannydanny.me".extraConfig = '' "bananasimulator.dannydannydanny.me".extraConfig = ''
reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8083 reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8083
''; '';
# KomTolk (formerly translate-platform) — same backend, port 8080.
"komtolk.dannydannydanny.me".extraConfig = ''
reverse_proxy http://[fdd5:53a2:de33:d269:6499:936c:48a:bbdc]:8080
'';
}; };
}; };