From a81a62032128e7e13229f1221f0cce3830165500 Mon Sep 17 00:00:00 2001
From: Shane <chown_tee@proton.me>
Date: Sun, 11 Jan 2026 11:27:16 +0000
Subject: [PATCH] add klaus as more full front-end

---
 Makefile                         |  17 +++++++++++++
 etc/nginx/conf.d/git-http.conf   |   2 --
 etc/nginx/conf.d/klaus.conf      |  41 +++++++++++++++++++++++++++++++
 etc/systemd/system/klaus.service | Bin 0 -> 573 bytes
 4 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 etc/nginx/conf.d/klaus.conf
 create mode 100644 etc/systemd/system/klaus.service

diff --git a/Makefile b/Makefile
index 511059b..d91b17a 100644
--- a/Makefile
+++ b/Makefile
@@ -62,6 +62,23 @@ test/nginx: ##H @Remote Test staged configuration without deploying
 	@echo "Testing staged config on $(VPS_HOST)..."
 	ssh -t $(VPS) "bash ~/.nginx-staging/deploy.sh test"
 
+.PHONY: deploy/klaus
+deploy/klaus: ##H @Remote Deploy Klaus (systemd + nginx) and install deps
+	@echo "Uploading deployment bundle..."
+	tar cz -C etc/systemd/system klaus.service -C ../../nginx/conf.d klaus.conf | ssh $(VPS) "cat > /tmp/klaus-deploy.tgz"
+	@echo "Installing on $(VPS_HOST)..."
+	ssh -t $(VPS) "cd /tmp && tar xz -f klaus-deploy.tgz && \
+		sudo pip3 install klaus gunicorn && \
+		sudo mv klaus.service /etc/systemd/system/klaus.service && \
+		sudo systemctl daemon-reload && \
+		sudo systemctl enable --now klaus && \
+		sudo mv /etc/nginx/conf.d/git-http.conf /etc/nginx/conf.d/git-http.conf.disabled 2>/dev/null || true && \
+		sudo mv klaus.conf /etc/nginx/conf.d/klaus.conf && \
+		sudo nginx -t && \
+		sudo systemctl reload nginx && \
+		rm klaus-deploy.tgz"
+	@echo "Klaus deployed!"
+
 .PHONY: certbot/nginx
 certbot/nginx: ##H @Remote Run certbot on remote VPS
 	@echo "Running certbot on $(VPS_HOST)..."
diff --git a/etc/nginx/conf.d/git-http.conf b/etc/nginx/conf.d/git-http.conf
index 4696b79..4c330b6 100644
--- a/etc/nginx/conf.d/git-http.conf
+++ b/etc/nginx/conf.d/git-http.conf
@@ -66,8 +66,6 @@ server {
     http2 on;
     http3 on;
 
-    server_name git.nutra.tk;
-
     # Advertise HTTP/3 availability to browsers
     add_header Alt-Svc 'h3=":443"; ma=86400' always;
 
diff --git a/etc/nginx/conf.d/klaus.conf b/etc/nginx/conf.d/klaus.conf
new file mode 100644
index 0000000..a4691d4
--- /dev/null
+++ b/etc/nginx/conf.d/klaus.conf
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name git.nutra.tk;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    listen 443 quic;
+    listen [::]:443 ssl;
+    listen [::]:443 quic;
+    http2 on;
+    http3 on;
+    add_header Alt-Svc 'h3=":443"; ma=86400' always;
+    server_name git.nutra.tk;
+
+    ssl_certificate /etc/letsencrypt/live/earthyenergy.mooo.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/earthyenergy.mooo.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    
+    # Password Protection (Uncomment to enable)
+    # sudo apt-get install apache2-utils
+    # sudo htpasswd -c /etc/nginx/.htpasswd username
+    # auth_basic "Restricted Access";
+    # auth_basic_user_file /etc/nginx/.htpasswd;
+    
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Optional: Serve static files directly if we locate where klaus installed them
+    # location /static {
+    #     alias /usr/local/lib/python3.x/dist-packages/klaus/static;
+    # }
+}
diff --git a/etc/systemd/system/klaus.service b/etc/systemd/system/klaus.service
new file mode 100644
index 0000000000000000000000000000000000000000..61c9a8c63b0c85a08319bf68597501c7cf9570f5
GIT binary patch
literal 573
zcmV-D0>b?OM@dveQdv+`00Xu;87POBx{0BQJ+fnL5=um$f6EJmAw7~2atqyauyjAF
zi4RWeQo%k!PVcgd1xhumsrsl+2b>?V*WN>NPAbutzcDInJ>)+CpIhl-!TIClb!Ea{
zbFhz#+bGxr!-Jlqb;v~SXs-sG&PorkR>fSPvNAYw;X_8cM@K<ZPKx$*iq5i{#Aw7&
zMGq6)3bqZV%6${qKe^0Hwxuh#^AWIq>mG);{IN5!6ox4DtcO^86MZINhf<DP=_&Gd
zXl;%u9`ApeV9i9cw|(HwSWThPdGvHxy>XRt!h)3Tm<nkpA?G`J{@W_G3XvUe=5Bc}
zBuFjG&Q&wcy*h&=IbNp7&;>A?G*yq8P$*M_av8Wi3|P_9qNYVI4L0uKqxU8NHhd?y
zohcEnGsY_$K%r#M_lwoNy14c^;|}DrHSl%41td%X#eBLo1-k{@mxuA4)1Io@l{*)n
z-!}ePCCoP5WhpUpzOC2lLP+0DZ9ofFrF1incbrbl`cY@uUtRaZUrRy^Um_tlw)0CY
z%#j%%-h)e#pdn5DB*BHdyHGZ3C>?`TZ2_iSduNBbZ83bM-d<=<=)^nBVAos)-08yx
zactz+lRBNUR)LTJT0>6h<!luq!#7!^vlK8L-0T^8UZGzHVw+}r#wu=sY2JG%EMAIr
zlmQey&O}h`ZdNBQ(wRg*vuhaW0=(TSZ+f*Z^vr&mCb|N6j&9PcBx~C%RY0m%1P&04
L0EWFRTfvmc^l%PE

literal 0
HcmV?d00001

-- 
2.52.0