chore: update

2026-04-14 14:21:45 +04:00 · 2026-04-12 22:38:09 +09:00 · 2026-04-12 22:38:09 +09:00 · d3790a167b
commit d3790a167b
parent eaccf45596
27 changed files with 715 additions and 229 deletions
--- a/nix/server/nginx.nix
+++ b/nix/server/nginx.nix
@ -124,6 +124,16 @@ in lib.mkIf cfg.nginx {
 					root = cfg.sitePath;
 					tryFiles = "$uri $uri/ /index.html";
 				};
+
+				locations."/fs/" = {
+					root = cfg.sitePath;
+					tryFiles = "$uri $uri/ /fs/index.html";
+				};
+
+				locations."/view/" = {
+					root = cfg.sitePath;
+					tryFiles = "$uri $uri/ /view/index.html";
+				};
 			};
 		} // (if cfg.xray then {
 			# Xray fallback proxy servers
--- a/nix/server/secrets.nix
+++ b/nix/server/secrets.nix
@ -23,7 +23,7 @@ let
    fi

    # Decrypt and parse XRAY_UIDS
-    ${pkgs.openssl}/bin/openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -d -k "$KP2_DOTFILES_SECRET_KEY" -in "${./secrets.yaml}" | ${pkgs.yq}/bin/yq '.XRAY_UIDS[]' -r
+    ${pkgs.openssl}/bin/openssl enc -aes-256-cbc -pbkdf2 -iter 1000000 -base64 -d -k "$KP2_DOTFILES_SECRET_KEY" -in "${./secrets.yaml}" | ${pkgs.yq}/bin/yq '.XRAY_UIDS[].uid' -r
  '';

  xray-config-base = builtins.toFile "xray.json" (builtins.toJSON (
--- a/nix/server/secrets.yaml
+++ b/nix/server/secrets.yaml
@ -1,4 +1,6 @@
-U2FsdGVkX18N4BW9sin9kPVNkpbtVNoDqBAm+080vcYSS7qySHVOCfe94a7S8mh4
-G5tbvoRrOFxJ+RW/WYNMsEZ7wgsJM8b9AiKPaT30BMHXriTdtai80i6xKqv9zdCb
-moGUlBSgMtqEhvAnvpYBxHQ+NtDhxw7K9UjaO7eodNp+l9PR6z+IeL29rC2DMxQc
-jXAjbfPa3aeSikXF0g118HbUwVJQwlXq99n/fjkJ8XOhBo/S4tWbt0U8O97VKlA6
+U2FsdGVkX18Z/nFLuSfx9e8XYdUPqLO0NOAdKcPf+WkKg7exhD+p6p+pDzaHhdHP
+0JzWp5p8yz/sehmSoqrXJtS7G9Y5f9gj2dLwfxLobzx4TTR/s8Hz2qVyNKu+D8hP
+vBkNQaMJQNjPgJHsmKDnqT0zFGr0nz5GfchMbxepherBdysuwZKk7j7X0TKcgA0R
+c4v+QWYZH669dWij2Oq9P6IFE/aM420cmSXh2Ilr/MMirk/rZ3dr3Kx0JdVHaeFT
+VAHU243eV0++OpvL9td7r8L9BWBS2p/5nowN5mVcUmBBBF7FrYeDaYjkoi3IXLTb
+1EfrTOpIQfgm7qOqsfy1lClfrHaKPadqyIYxkuY+i/k=
--- a/nix/server/xray.nix
+++ b/nix/server/xray.nix
@ -13,9 +13,9 @@ in lib.mkIf cfg.xray {
  };

  # Ensure xray can read the certificates
-  users.users.xray.extraGroups = [ "nginx" ];
+  users.users.xray.extraGroups = [ "certreaders" ];

  # Ensure the xray service starts after ACME certificates are available
  systemd.services.xray.after = [ "acme-${cfg.hostname}.service" ];
  systemd.services.xray.wants = [ "acme-${cfg.hostname}.service" ];
-}
+}