From 74751550be39033d871540e3e6383491ad117061 Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 26 Jun 2026 03:53:04 +0000 Subject: [PATCH] fix: restore D518 Sub2API api2 source truth --- config/platform-db/postgres-pk01.yaml | 13 +++ config/platform-infra/sub2api.yaml | 79 +++++++++++++++++++ scripts/src/platform-infra/actions.ts | 2 +- scripts/src/platform-infra/apply-script.ts | 4 +- scripts/src/platform-infra/entry.ts | 6 +- .../platform-infra/pk01-public-exposure.ts | 4 +- 6 files changed, 102 insertions(+), 6 deletions(-) diff --git a/config/platform-db/postgres-pk01.yaml b/config/platform-db/postgres-pk01.yaml index 9af4c4c2..07967058 100644 --- a/config/platform-db/postgres-pk01.yaml +++ b/config/platform-db/postgres-pk01.yaml @@ -90,6 +90,9 @@ postgres: - id: G14-public cidr: 202.98.17.68/32 purpose: platform-infra-runtime + - id: D518-public + cidr: 202.98.13.68/32 + purpose: platform-infra-sub2api-active tuning: maxConnections: 50 sharedBuffers: 512MB @@ -140,6 +143,16 @@ postgres: user: sub2api address: 36.49.29.0/24 method: scram-sha-256 + - type: hostssl + database: sub2api + user: sub2api + address: 202.98.13.68/32 + method: scram-sha-256 + - type: hostssl + database: postgres + user: sub2api + address: 202.98.13.68/32 + method: scram-sha-256 - type: hostssl database: langbot user: langbot diff --git a/config/platform-infra/sub2api.yaml b/config/platform-infra/sub2api.yaml index 412143a9..a8478e52 100644 --- a/config/platform-infra/sub2api.yaml +++ b/config/platform-infra/sub2api.yaml @@ -173,6 +173,85 @@ targets: - 74.48.78.17 - hyueapi.com - .hyueapi.com + - id: D518 + route: D518:k3s + namespace: platform-infra + role: active + enabled: true + databaseMode: external-active + redisMode: local-ephemeral + appReplicas: 1 + redisReplicas: 1 + image: + repository: weishaw/sub2api + tag: 0.1.138 + pullPolicy: IfNotPresent + dependencyImages: + postgres: docker.m.daocloud.io/library/postgres:18-alpine + redis: docker.m.daocloud.io/library/redis:8-alpine + publicExposure: + enabled: true + publicBaseUrl: https://api2.pikapython.com + dns: + hostname: api2.pikapython.com + expectedA: 82.156.23.220 + resolvers: [1.1.1.1, 8.8.8.8, 223.5.5.5, 114.114.114.114] + frpc: + deploymentName: sub2api-frpc + secretName: sub2api-frpc-secrets + secretKey: frpc.toml + image: ghcr.io/fatedier/frpc:v0.68.1 + serverAddr: 82.156.23.220 + serverPort: 22000 + proxyName: platform-infra-sub2api-d518-api + remotePort: 22094 + localIP: sub2api.platform-infra.svc.cluster.local + localPort: 8080 + tokenSourceRef: platform-infra/pk01-frp.env + tokenSourceKey: FRP_TOKEN + pk01: + route: PK01 + caddyBinaryPath: /usr/local/bin/caddy + caddyDownloadUrl: https://caddyserver.com/api/download?os=linux&arch=amd64 + caddyDownloadProxyUrl: http://127.0.0.1:18789 + caddyConfigPath: /etc/caddy/Caddyfile + caddyServiceName: caddy + caddyStorageDir: /var/lib/caddy + caddyEmail: ops@pikapython.com + pikanodeRoot: /home/ubuntu/pikanode + pikanodeContainerName: pikanode + pikanodeImage: pikanode + pikanodeHttpHostPort: 18888 + responseHeaderTimeoutSeconds: 600 + egressProxy: + enabled: true + deploymentName: sub2api-egress-proxy + serviceName: sub2api-egress-proxy + secretName: sub2api-egress-proxy-config + secretKey: config.json + image: ghcr.io/sagernet/sing-box:latest + imagePullPolicy: IfNotPresent + listenPort: 10808 + sourceRef: platform-infra/master-vpn-subscription.env + sourceKey: MASTER_VPN_SUBSCRIPTION_URL + sourceType: subscription-url + preferredOutbound: hysteria2 + applyToSub2Api: true + applyToSentinel: true + healthProbeUrl: https://www.gstatic.com/generate_204 + noProxy: + - localhost + - 127.0.0.1 + - ::1 + - .svc + - .cluster.local + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + - 82.156.23.220 + - 74.48.78.17 + - hyueapi.com + - .hyueapi.com runtime: database: mode: external diff --git a/scripts/src/platform-infra/actions.ts b/scripts/src/platform-infra/actions.ts index 9d990843..320b0817 100644 --- a/scripts/src/platform-infra/actions.ts +++ b/scripts/src/platform-infra/actions.ts @@ -152,7 +152,7 @@ export function plan(options: TargetOptions): Record { ? { mode: "pk01-caddy-frp-direct", dataPath: `client -> PK01 Caddy -> PK01 frps remotePort -> ${target.id} frpc -> Sub2API`, - pikanodeRole: "pikapython.com upstream only; api.pikapython.com does not pass through pikanode Express", + pikanodeRole: `pikapython.com upstream only; ${target.publicExposure.dns.hostname} does not pass through pikanode Express`, publicBaseUrl: target.publicExposure.publicBaseUrl, hostname: target.publicExposure.dns.hostname, expectedA: target.publicExposure.dns.expectedA, diff --git a/scripts/src/platform-infra/apply-script.ts b/scripts/src/platform-infra/apply-script.ts index e94b2bbf..3e975aa4 100644 --- a/scripts/src/platform-infra/apply-script.ts +++ b/scripts/src/platform-infra/apply-script.ts @@ -18,10 +18,10 @@ import type { EgressProxySecretMaterial, ExternalActiveSecretMaterial, PublicExp import { fieldManager, requiredSecretKeys, sub2apiCaddyManagedMarker } from "./entry"; import { managedResourceCleanupPlan } from "./manifest"; -export function renderPk01Caddyfile(exposure: Sub2ApiPublicExposureConfig): string { +export function renderPk01Caddyfile(target: Sub2ApiTargetConfig, exposure: Sub2ApiPublicExposureConfig): string { const apexHost = baseDomain(exposure.dns.hostname); const apiBlock = renderCaddyManagedBlock( - sub2apiCaddyManagedMarker, + sub2apiCaddyManagedMarker(target), renderSimpleReverseProxyCaddySiteBlock({ hostname: exposure.dns.hostname, upstream: `127.0.0.1:${exposure.frpc.remotePort}`, diff --git a/scripts/src/platform-infra/entry.ts b/scripts/src/platform-infra/entry.ts index c969dd80..bf9f13a0 100644 --- a/scripts/src/platform-infra/entry.ts +++ b/scripts/src/platform-infra/entry.ts @@ -27,7 +27,11 @@ export const configPath = rootPath("config", "platform-infra", "sub2api.yaml"); export const codexPoolConfigPath = rootPath("config", "platform-infra", "sub2api-codex-pool.yaml"); -export const sub2apiCaddyManagedMarker = "sub2api"; +export const legacySub2apiCaddyManagedMarker = "sub2api"; + +export function sub2apiCaddyManagedMarker(target: Sub2ApiTargetConfig): string { + return target.id.toUpperCase() === "D601" ? legacySub2apiCaddyManagedMarker : `${legacySub2apiCaddyManagedMarker}-${target.id.toLowerCase()}`; +} export const requiredSecretKeys = ["POSTGRES_PASSWORD", "ADMIN_PASSWORD", "JWT_SECRET", "TOTP_ENCRYPTION_KEY"] as const; diff --git a/scripts/src/platform-infra/pk01-public-exposure.ts b/scripts/src/platform-infra/pk01-public-exposure.ts index a5111c6d..9053f9ca 100644 --- a/scripts/src/platform-infra/pk01-public-exposure.ts +++ b/scripts/src/platform-infra/pk01-public-exposure.ts @@ -429,7 +429,7 @@ if [ -f "$download_cache" ]; then stat -c 'cache_bytes=%s cache_mtime=%y' "$down } export function pk01PublicExposureScript(target: Sub2ApiTargetConfig, exposure: Sub2ApiPublicExposureConfig): string { - const caddyfile = renderPk01Caddyfile(exposure); + const caddyfile = renderPk01Caddyfile(target, exposure); const serviceUnit = renderPk01CaddyService(exposure); const caddyfileB64 = Buffer.from(caddyfile, "utf8").toString("base64"); const serviceUnitB64 = Buffer.from(serviceUnit, "utf8").toString("base64"); @@ -606,7 +606,7 @@ payload = { "hostname": "${exposure.dns.hostname}", "expectedA": "${exposure.dns.expectedA}", "dataPath": "client -> PK01 Caddy -> PK01 frps remotePort -> ${target.id} frpc -> Sub2API", - "pikanodeRole": "pikapython.com upstream only; api.pikapython.com does not pass through pikanode Express", + "pikanodeRole": "pikapython.com upstream only; ${exposure.dns.hostname} does not pass through pikanode Express", "caddy": { "binaryPath": "${exposure.pk01.caddyBinaryPath}", "configPath": "${exposure.pk01.caddyConfigPath}",