From 8995e950410e983ac7c30ba426afef0708cfd33b Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@gleipnir.technology>
Date: Mon, 13 Oct 2025 17:06:15 +0000
Subject: [PATCH] Add the sovr role and initial frps deployment

---
 configs/frps/frps.toml     |  7 +++++++
 flake.nix                  |  5 ++++-
 modules/system/default.nix |  1 +
 modules/system/frps.nix    |  8 ++++++++
 roles/sovr.nix             |  4 ++++
 secrets/frps.env           | 23 +++++++++++++++++++++++
 6 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 configs/frps/frps.toml
 create mode 100644 modules/system/frps.nix
 create mode 100644 roles/sovr.nix
 create mode 100644 secrets/frps.env

diff --git a/configs/frps/frps.toml b/configs/frps/frps.toml
new file mode 100644
index 0000000..79baf0e
--- /dev/null
+++ b/configs/frps/frps.toml
@@ -0,0 +1,7 @@
+# frps.toml
+auth.method = "token"
+auth.token = "{{ .Envs.FRP_AUTH_TOKEN }}"
+bindAddr = "{{ .Envs.FRP_BIND_ADDRESS }}"
+bindPort = {{ .Envs.FRP_BIND_PORT }}
+vhostHTTPPort = {{ .Envs.FRP_VHOST_HTTP_PORT }}
+
diff --git a/flake.nix b/flake.nix
index d9c7d63..c63d852 100644
--- a/flake.nix
+++ b/flake.nix
@@ -49,7 +49,10 @@
 				};
 				"nocix-amd-legacy-sexcore" = import ./system.nix {
 					configuration = ./host/nocix/amd-legacy-sexcore;
-					roles = [ ./roles/nidus-sync.nix ];
+					roles = [
+						./roles/nidus-sync.nix
+						./roles/sovr.nix
+					];
 					inherit configFiles disko home-manager inputs nixpkgs nixvim sops-nix system timecard-bot;
 				};
 				"sync.nidus.cloud" = import ./system.nix {
diff --git a/modules/system/default.nix b/modules/system/default.nix
index 7f9b1de..334f373 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -8,6 +8,7 @@
 		./collabora.nix
 		./cloudreve.nix
 		./do-agent.nix
+		./frps.nix
 		./glitchtip
 		./element-web.nix
 		./fieldseeker-sync.nix
diff --git a/modules/system/frps.nix b/modules/system/frps.nix
new file mode 100644
index 0000000..2cf0d3e
--- /dev/null
+++ b/modules/system/frps.nix
@@ -0,0 +1,8 @@
+{ config, configFiles, inputs, lib, pkgs, ... }:
+with lib;
+{
+	options.myModules.frps.enable = mkEnableOption "custom frps configuration";
+	config = mkIf config.myModules.frps.enable {
+		environment.etc."frps.toml".source = "${configFiles}/frps/frps.toml";
+	};
+}
diff --git a/roles/sovr.nix b/roles/sovr.nix
new file mode 100644
index 0000000..aae8cbe
--- /dev/null
+++ b/roles/sovr.nix
@@ -0,0 +1,4 @@
+{ config, lib, pkgs, ... }: {
+	myModules.caddy.enable = true;
+	myModules.frps.enable = true;
+}
diff --git a/secrets/frps.env b/secrets/frps.env
new file mode 100644
index 0000000..4207165
--- /dev/null
+++ b/secrets/frps.env
@@ -0,0 +1,23 @@
+#ENC[AES256_GCM,data:QYNVUKixhz/gVUD8Ca+qQ0dgBUl5W9PzcA==,iv:Xo4td1iW3OC9NgyhDam/deN+pfQ2XAyKjY5I+DgwGQ4=,tag:2RCk46oN4x97YvMlZYKqyA==,type:comment]
+FRPS_AUTH_TOKEN=ENC[AES256_GCM,data:TQ0Zir+fee/Brj13SOgFQrmeYLC3xqmjyFhFB6p3UEry+Kqm,iv:Ew7BOjG+GfSuCLwQsQsv+PXe5AAU2oJbbEMRcl3b7lQ=,tag:UkuuqsTgF+sVfcymy5MZ5Q==,type:str]
+FRPS_BIND_ADDRESS=ENC[AES256_GCM,data:oWYIwYY6ldzjQAiBdlaDBSVIOP1wtol/vnA=,iv:uw53Bz5ZzdREYoaN8X3QgtRPiqrBXQMbiP/mXWIZ4Ss=,tag:/FY8XGzsiyLpY1NbXeml6w==,type:str]
+FRPS_BIND_PORT=ENC[AES256_GCM,data:a08ImA==,iv:7lQuMRCMm7wE6/SIzlAZUKGV8Q/GlvHyiGxplDeRhGw=,tag:zIQeBWu+vncn2z6LHhsE2w==,type:str]
+FRPS_VHOST_HTTP_PORT=ENC[AES256_GCM,data:y4kUxw==,iv:Fn2lqZJOCL8xdANf9DClYQZZ5jrpD0tfCIShdtYosZo=,tag:W7o5cPxVNZjVdAgXlXPv1w==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOEpSMkNncVUwYjJ0bXN6\nMWNZTVI0VGZwVXpPRTgwSGp5R2pFYy9ra0RJCm9NQ2xpQzY4MHZEZkxKWWtsZ0tZ\nSjFqUGFjSHVBRzViOE41TUhHRjNEMncKLS0tIFB0bnQvblN1ZjBvTEQrVUJMR2Q4\nL1hSMXlqVzBwdG9Pdm1qU1l0VUx0SmcKzVKJK5K0Pf3E64oZ4WC9FeUkPZJhWBtl\n7/DRkqkbk1/HdZBHH9dGh3/DUQ+SgVcB0lr2cUqsWVUxrQFuzkgyvg==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz
+sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VFk3QkFJdDFaUzdZRGM0\nL2NNMUtmVEN1amJhM2RZNEFwN1dISGNRc3hFCnlRVUxoUCtnc2RNWjQwazVSSkxJ\nVHdSYkFvOXp4dE5DNXdVS2x5VDlEUTAKLS0tIFVsMzduOXVBU1pOY01FdmJYNFdR\nQTlLZmtmOGFlYm1iY1F2V09jdzlWbWMKKKfL1fAC1+cTrg55juf19+XHdOFP8W8M\n6DRpsiHpJ6c/dgsMGPHZJD5t32xpMATFADvch1MAxCp4qgwtpD8T/w==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_1__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8
+sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaUtBMGhTNWpXdXNSQmFR\nUDJjRkNiQkdoUTl0bVdNejQvb3JlRHpYV1UwCjRiUTkzRFRaaGhwWWo4a3FxOU9q\nem95cWhMZDVxV05ja3NWMVdaYlE2VXcKLS0tIERSVGZqbVVVRXhYTFJUZHh1YStr\nc1o1ckhUQ2FMeFhGZEt1R3UrdjNuMTQKKATBbqE7GIhItN0Dg4rhDR3Ni1f4FvSj\nH0IUBBdEWB1nxIBzscCevdmizk01WAeXQ7roQeAXjUkTFI5IN5+a0A==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_2__map_recipient=age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx
+sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQTBXUDhVVE9kdlhnUjZ5\nZmRVblJOdDZZZTRRUXJTWk1DS2t2cGhUNW1VCi9ZbVAwK3ZQSU9QcEkxbnZWRDVu\nNzdSTVVlUUlYb0g1TVI5R2VhMi9RemcKLS0tIDc3dFFlQzBWQTIvVEtiL3ZPZ05a\ncU5xY3h0b25iV3AxckVWN1FZbEFpbXMKX8Txov09BU+XtLp7i4t4rfjvItbwSOcj\nojG+GpwvccY5pNntI5pxLVGg/923vjICAGE1DRmHgv512JAPa1yojA==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_3__map_recipient=age1ck44jqpuz3zlthquvuh7wsemrjrgfzhn462sk7rlfetwxpgy0uqs79xn2h
+sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcUtEaWtya0JyVUZaeDEv\ncGdFOWNJeXc0eUZSb1VrcEt1b3RBcmFNcWpnCkxkTjQrR3NzTy9vaDVJbXNpQ2NZ\nZ3hGenN1NVJUR1UzMDNJOUhLTTNSMGsKLS0tIE1wVkcxelhxQXQwendHOTZHdkNU\nd2VaUWg1OWQ1YXUxczRnMldzeElwMkEKS37hQ2SMQ2NdeaYGJ82d7D4hD6SlPWlV\nY48/IND9Dp3wIKNiW7r1Uz12TSQlUknfTHV12+G3L/bzNTF1cKe/rQ==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_4__map_recipient=age1z87rm3qrrspv44nsg73ntn9zys5g498lry4t4cy6x9hffapug5cqfprntm
+sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNUpnQ0Y0YjJ0ZmR1NGkv\neVBjVTFjVVBCeHpDRDFQRnFZNndsQ1JVNDFBCnJKUFNxRC92SGw3QnVYc1RIcENu\nWWFvRE42UnhESGhkM1NUeUZBWjEyVFEKLS0tIFJ4UUdGNjZUaVhBTlZPdHlGS3FZ\nbWl6VmZRVHJleStrOFhaVkpObXd5cWsKe0h2eBWL/K9chhsfCx7xD98CtNCpNK7L\nu2y7OlrOLhPXaKawcZ0+7A+uUN6AndU/8kgS9caT1srX9CpCvUPRWg==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_5__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
+sops_age__list_6__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5SENucVlxVzViSm1pWGZq\nMTNNZWROQzIyaXV6Z2JmY0Ivb2QrWlZvaWdNCnhGUEVHdnhMczFxdUJVQ3VxK2Vn\nWVJrMi84K1R5N2N5QytwOWl2R0xhSUEKLS0tIDFaVHlnTGoxUUpmWnJ4VmZkWW9C\nRWhZV0tieDhBNXhjMnZEeUJxdHNHMDQK4jAP8OeQd4Bg7feyNimsePe9ZBFg63eV\n0zQy6C99VEGspfNPVrCHf9+UuacwNVuYmwGO2LyOxATsuuMI+t67rw==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_6__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7
+sops_lastmodified=2025-10-10T13:54:56Z
+sops_mac=ENC[AES256_GCM,data:Uq1Qg3UObcIqloVoewRluiWBGSVJXCk+imlgz7m+8Ju5elDzOmk/p3FvWUfW54i0+63Xu5+s7hnJiGBfLzagHeCManhqCNDrgkGmUWnhzmvottMXRqFDSpy+QR5T13GSzZC2q05DdPQ1Ifnr1dGEV05CP6BY3/Pvd/dknsp7yBs=,iv:xieywO8zf7Qa0rGKAQJ/BNJM6o3QlKwUdGbL/aGdZD0=,tag:ZkDe4dbN8ryl9LNAckGmGQ==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2