Erich Blume
b97e37543f
## Summary - Add Snowflake proxy as a native systemd service on ringtail (NixOS) - Uses `pkgs.snowflake` from nixpkgs (v2.11.0) - Hardened systemd unit with DynamicUser, ProtectSystem=strict, 512MB memory limit - Prometheus metrics enabled on localhost:9999 ## What is Snowflake? A Tor pluggable transport that helps censored users reach the Tor network via WebRTC. **This is NOT a Tor exit node** — traffic exits through Tor exit nodes operated by others. The proxy operator cannot see traffic content (double-encrypted) and destination servers never see the proxy's IP. ## Changes - `nixos/ringtail/configuration.nix` — new systemd service definition - `docs/reference/services/snowflake-proxy.md` — service reference card - `docs/reference/infrastructure/ringtail.md` — updated systemd services section - `service-versions.yaml` — added entry (type: nixos) ## Deploy plan After review, deploy via `mise run provision-ringtail`. Service starts automatically. ## Test plan - [ ] `mise run provision-ringtail` succeeds - [ ] `ssh ringtail 'systemctl status snowflake-proxy'` shows active - [ ] `ssh ringtail 'journalctl -u snowflake-proxy --no-pager -n 20'` shows broker connections - [ ] `ssh ringtail 'curl -s localhost:9999/metrics'` returns Prometheus metrics Reviewed-on: #311 |
||
|---|---|---|
| .. | ||
| configmap-alerts.yaml | ||
| configmap-borgmatic.yaml | ||
| configmap-cv-apm.yaml | ||
| configmap-devpi.yaml | ||
| configmap-docs-apm.yaml | ||
| configmap-flyio.yaml | ||
| configmap-forgejo.yaml | ||
| configmap-frigate.yaml | ||
| configmap-jellyfin.yaml | ||
| configmap-kubernetes.yaml | ||
| configmap-loki.yaml | ||
| configmap-macos.yaml | ||
| configmap-postgresql.yaml | ||
| configmap-ringtail.yaml | ||
| configmap-sifaka-disks.yaml | ||
| configmap-snowflake-proxy.yaml | ||
| configmap-tempo.yaml | ||
| configmap-transmission.yaml | ||
| configmap-zot.yaml | ||