Compare commits
8 commits
fe75c68740
...
41fa538e30
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | 41fa538e30 | ||
Tigor Hutasuhut | 0f56e29da7 | ||
Tigor Hutasuhut | b566cdb15c | ||
Tigor Hutasuhut | 57fa4724dd | ||
Tigor Hutasuhut | 13938b108c | ||
Tigor Hutasuhut | 534ed89730 | ||
Tigor Hutasuhut | eb2b08a587 | ||
Tigor Hutasuhut | 9e9906819d |
|
@ -27,27 +27,31 @@ in
|
||||||
if cfg.autoAttach then
|
if cfg.autoAttach then
|
||||||
/*bash*/
|
/*bash*/
|
||||||
''
|
''
|
||||||
if [[ -z "$ZELLIJ" ]]; then
|
if [[ ! -z "$SSH_CLIENT" ]]; then
|
||||||
ZJ_SESSIONS=$(zellij list-sessions --no-formatting)
|
if [[ -z "$ZELLIJ" ]]; then
|
||||||
NO_SESSIONS=$(echo "$ZJ_SESSIONS" | wc -l)
|
ZJ_SESSIONS=$(zellij list-sessions --no-formatting)
|
||||||
if [ "$NO_SESSIONS" -ge 2 ]; then
|
NO_SESSIONS=$(echo "$ZJ_SESSIONS" | wc -l)
|
||||||
SELECTED_SESSION=$(echo "$ZJ_SESSIONS" | ${pkgs.skim}/bin/sk | awk '{print $1}')
|
if [ "$NO_SESSIONS" -ge 2 ]; then
|
||||||
if [[ -n "''${SELECTED_SESSION// /}" ]]; then
|
SELECTED_SESSION=$(echo "$ZJ_SESSIONS" | ${pkgs.skim}/bin/sk | awk '{print $1}')
|
||||||
zellij attach -c "$SELECTED_SESSION"
|
if [[ -n "''${SELECTED_SESSION// /}" ]]; then
|
||||||
else
|
zellij attach -c "$SELECTED_SESSION"
|
||||||
zellij attach -c --index 0
|
else
|
||||||
fi
|
zellij attach -c --index 0
|
||||||
else
|
fi
|
||||||
zellij attach -c
|
else
|
||||||
fi
|
zellij attach -c
|
||||||
exit
|
fi
|
||||||
|
exit
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
''
|
''
|
||||||
else
|
else
|
||||||
/*bash*/ ''
|
/*bash*/ ''
|
||||||
if [[ -z "$ZELLIJ" ]]; then
|
if [[ ! -z "$SSH_CLIENT" ]]; then
|
||||||
zellij attach -c default
|
if [[ -z "$ZELLIJ" ]]; then
|
||||||
exit
|
zellij attach -c default
|
||||||
|
exit
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
''
|
''
|
||||||
);
|
);
|
||||||
|
|
|
@ -23,6 +23,12 @@ in
|
||||||
photoprism.enable = mkEnableOption "photoprism";
|
photoprism.enable = mkEnableOption "photoprism";
|
||||||
navidrome.enable = mkEnableOption "navidrome";
|
navidrome.enable = mkEnableOption "navidrome";
|
||||||
|
|
||||||
|
ntfy-sh.enable = mkEnableOption "ntfy-sh";
|
||||||
|
ntfy-sh.client.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.ntfy-sh.enable;
|
||||||
|
};
|
||||||
|
|
||||||
telemetry = {
|
telemetry = {
|
||||||
enable = mkEnableOption "telemetry";
|
enable = mkEnableOption "telemetry";
|
||||||
grafana.enable = mkOption {
|
grafana.enable = mkOption {
|
||||||
|
|
|
@ -96,5 +96,6 @@ in
|
||||||
programs.easyeffects.enable = true;
|
programs.easyeffects.enable = true;
|
||||||
programs.wezterm.enable = true;
|
programs.wezterm.enable = true;
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
|
services.ntfy-sh.client.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
user = {
|
user = {
|
||||||
name = "homeserver";
|
name = "homeserver";
|
||||||
fullName = "Homeserver";
|
fullName = "Homeserver";
|
||||||
getty.autoLogin = true;
|
getty.autoLogin = false;
|
||||||
};
|
};
|
||||||
system.stateVersion = "24.05";
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
@ -70,6 +70,7 @@
|
||||||
photoprism.enable = true;
|
photoprism.enable = true;
|
||||||
navidrome.enable = true;
|
navidrome.enable = true;
|
||||||
telemetry.enable = true;
|
telemetry.enable = true;
|
||||||
|
ntfy-sh.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
24
secrets/ntfy.yaml
Normal file
24
secrets/ntfy.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
ntfy:
|
||||||
|
default:
|
||||||
|
user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQXV1QXNCZmFFWGJzUXM2
|
||||||
|
TWNvd1ppeUNFMitFK0dUd1UvYmpOeS9xK0RNClAydkMvQm1ZbEJTbUZnVmN1TDJ2
|
||||||
|
NEI3L25FWlExaSt2bWg2ekRxNVZGcGMKLS0tIFVzMXdDMXZWdXZkZ1lrZE5obmMw
|
||||||
|
VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
|
||||||
|
k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-05T02:52:58Z"
|
||||||
|
mac: ENC[AES256_GCM,data:CCLd4p+6V4P2ioE2lKoPctbQ9/d/DcS7m895l3+ty48JT0iZMx32gBubn0TGvdjp6x705uSYZySkM2YACFMhkifuLMxeGLGJu1rBfrXO2bYuHDAhni5fLP/XIsC+FlPbHEOXAnYpAO0y1TLBw7xKz8Tjl3yAC0L00LzIS6URir0=,iv:akFHjwnO9gtZ73NMI8pj0J87q5D6U9SiNLzfRfJUE90=,tag:CMNqOnREytCrEo+bh2l1BA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -6,6 +6,11 @@ spotify:
|
||||||
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
||||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||||
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
|
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
|
||||||
|
caddy:
|
||||||
|
basic_auth:
|
||||||
|
username: ENC[AES256_GCM,data:EB17m1q/RVK9RA==,iv:5tZm640K3X44otNB85UVGTJrDd/hwpS7lPhnzvDdqps=,tag:E0u1KjM2XP7c1h3SkPxN1g==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:uATOQMrhNQTWWtE3vIo4QnCM/W55eAUKQk1t,iv:RP/MYFWahIie1m7TJgr7QXWgeTi4g/qLp0IdJNILQWk=,tag:UsJzYRaJjha9xNc0+5kzvQ==,type:comment]
|
||||||
|
password: ENC[AES256_GCM,data:CNquBB3XWlcIgsXp7Emt9i1Oz0Bws4J6mRszWeNh5HJ11ccTAbiPN2fJSISybHY0J2Rzeuzy+FvX5Ccx,iv:1oX9MTU13FUarX0DRlfsPNS6qT5xz5GpGxlMH5UsANA=,tag:TUmFfJR9WAoX/fXgRRvdQw==,type:str]
|
||||||
docker:
|
docker:
|
||||||
config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
|
config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -23,8 +28,8 @@ sops:
|
||||||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-13T09:09:57Z"
|
lastmodified: "2024-09-04T13:29:44Z"
|
||||||
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
|
mac: ENC[AES256_GCM,data:zzOhlLYUtfietpg6Rszbv8/D0vJ0ghbA00ce+U1CJQZ1z7fbK9K7gjrapCl3CzLQLLfIClad+aUYhtHrNxSbq4W+VbtBtUtXdCgOsnF7+3MMPk+LcngPKuO25AgfS7EZQ8EYoazJB2lmlU+9Cd84k6RHvmaFSCJ8o0PSA77Kuk0=,iv:pphrY5oOAPLyCeGhaqg28G7xGN7Y4vkJBcJBjtFMI30=,tag:ZSlEkZsaDWwSwBQtQ/Xt3w==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
soulseek:
|
soulseek:
|
||||||
env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
|
env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
|
||||||
|
caddy:
|
||||||
|
username: ENC[AES256_GCM,data:c6yEVdiFjKt3pA==,iv:Wf+OSRliVuDicFcbqDFGn/KjRUQeF3DNx7P/sDXV8wA=,tag:9eepU589jS9HhQ7I7SsOsg==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:ulRtu2Yg41GuclGqJJehbZgYdtdxtFv+LHeC,iv:64IncaTWsU9wcL1HNAMYDVMXelJuDUzeXGqx1FMHeag=,tag:B9bGHIQlEKV44it90KKZKg==,type:comment]
|
||||||
|
password: ENC[AES256_GCM,data:mOWu5RcnVKne3uLFdidI53F/6h4q22aST9Eo3n96IHBf2Y0+KSOhdlWSqQECTcTYqUb/GD6luA/tjgUV,iv:JAAF/vWUJ3yTAYLwaZT2GPqeZ9NCkXDct8Alxpt7tWw=,tag:6n2WrY5ZAbPNTDEhJ/6wVQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +19,8 @@ sops:
|
||||||
M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
|
M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
|
||||||
dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
|
dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-08-20T12:21:42Z"
|
lastmodified: "2024-09-04T13:21:43Z"
|
||||||
mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str]
|
mac: ENC[AES256_GCM,data:s+d/Y+Rgyaut70WVHWL0P/XORW6d5lZSeCZOlQhGL1/M10VH4wADGK08JSqdUoUsD3kWmAw0ARrnEiNeqX3daTATkgYIq6mTiAP51bDX6d0qlvi5qddYjgq0AjEyHL6GGQVeFel7bZ/fGT7Q+BTLMq+A/YJkhk+EgFVSVywSTbc=,iv:8u2o4KhSSf/XaLaR24n0aloAdtbz87wbECmFKf9R8Z4=,tag:B+ONOjbtPdraV28PvEbdYg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -11,13 +11,45 @@ let
|
||||||
user = config.profile.user;
|
user = config.profile.user;
|
||||||
uid = toString user.uid;
|
uid = toString user.uid;
|
||||||
gid = toString user.gid;
|
gid = toString user.gid;
|
||||||
|
basic_auth = {
|
||||||
|
username = "soulseek/caddy/username";
|
||||||
|
password = "soulseek/caddy/password";
|
||||||
|
template = "soulseek/caddy/basic_auth";
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
@require_auth not remote_ip private_ranges
|
||||||
|
|
||||||
|
basicauth @require_auth {
|
||||||
|
{$SOULSEEK_USERNAME} {$SOULSEEK_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
reverse_proxy ${ip}:6080
|
reverse_proxy ${ip}:6080
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
secrets =
|
||||||
|
let
|
||||||
|
opts = { sopsFile = ../../secrets/soulseek.yaml; };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${basic_auth.username} = opts;
|
||||||
|
${basic_auth.password} = opts;
|
||||||
|
};
|
||||||
|
templates = {
|
||||||
|
${basic_auth.template}.content = /*sh*/ ''
|
||||||
|
SOULSEEK_USERNAME=${config.sops.placeholder.${basic_auth.username}}
|
||||||
|
SOULSEEK_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# systemd.services."caddy".serviceConfig = {
|
||||||
|
# EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||||
|
# };
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
system.activationScripts."podman-${name}" = ''
|
||||||
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
||||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
||||||
|
@ -32,6 +64,9 @@ in
|
||||||
serviceName = "podman-${name}-autorestart";
|
serviceName = "podman-${name}-autorestart";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
services."caddy".serviceConfig = {
|
||||||
|
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||||
|
};
|
||||||
services.${serviceName} = {
|
services.${serviceName} = {
|
||||||
description = "Podman container ${name} autorestart";
|
description = "Podman container ${name} autorestart";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
|
|
@ -10,10 +10,37 @@ let
|
||||||
user = config.profile.user;
|
user = config.profile.user;
|
||||||
uid = toString user.uid;
|
uid = toString user.uid;
|
||||||
gid = toString user.gid;
|
gid = toString user.gid;
|
||||||
|
basic_auth = {
|
||||||
|
username = "caddy/basic_auth/username";
|
||||||
|
password = "caddy/basic_auth/password";
|
||||||
|
template = "caddy/basic_auth";
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||||
|
sops = {
|
||||||
|
secrets =
|
||||||
|
let
|
||||||
|
opts = { };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
${basic_auth.username} = opts;
|
||||||
|
${basic_auth.password} = opts;
|
||||||
|
};
|
||||||
|
templates = {
|
||||||
|
${basic_auth.template}.content = /*sh*/ ''
|
||||||
|
YTPTUBE_USERNAME=${config.sops.placeholder.${basic_auth.username}}
|
||||||
|
YTPTUBE_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
@require_auth not remote_ip private_ranges
|
||||||
|
|
||||||
|
basicauth @require_auth {
|
||||||
|
{$YTPTUBE_USERNAME} {$YTPTUBE_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
reverse_proxy ${ip}:8081
|
reverse_proxy ${ip}:8081
|
||||||
'';
|
'';
|
||||||
system.activationScripts."podman-${name}" = ''
|
system.activationScripts."podman-${name}" = ''
|
||||||
|
@ -21,6 +48,10 @@ in
|
||||||
chown -R ${uid}:${gid} ${volume}
|
chown -R ${uid}:${gid} ${volume}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
systemd.services."caddy".serviceConfig = {
|
||||||
|
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||||
|
};
|
||||||
|
|
||||||
environment.etc."podman/${name}/ytdlp.json" = {
|
environment.etc."podman/${name}/ytdlp.json" = {
|
||||||
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
|
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
|
||||||
source = (pkgs.formats.json { }).generate "config.json" {
|
source = (pkgs.formats.json { }).generate "config.json" {
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.caddy;
|
cfg = config.profile.services.caddy;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf attrsets strings lists;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -16,5 +16,36 @@ in
|
||||||
|
|
||||||
reverse_proxy 192.168.100.1
|
reverse_proxy 192.168.100.1
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."hosts.tigor.web.id".extraConfig =
|
||||||
|
let
|
||||||
|
domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts;
|
||||||
|
sortedDomains = lists.sort (a: b: a < b) domains;
|
||||||
|
list = map (domain: /*html*/ ''<div class="col col-sm-6 col-md-4 col-lg-3"><a href="https://${domain}">${domain}</a></div>'') sortedDomains;
|
||||||
|
items = strings.concatStringsSep "\n" list;
|
||||||
|
html = /*html*/ ''<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Hosted Sites</title>
|
||||||
|
<link
|
||||||
|
rel="stylesheet"
|
||||||
|
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
|
||||||
|
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
|
||||||
|
crossorigin="anonymous">
|
||||||
|
</head>
|
||||||
|
<body class="container">
|
||||||
|
<h1 class="text-center">Hosted Sites</h1>
|
||||||
|
<div class="row g-2">
|
||||||
|
${items}
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>'';
|
||||||
|
in
|
||||||
|
''
|
||||||
|
header Content-Type text/html
|
||||||
|
respond <<EOF
|
||||||
|
${html}
|
||||||
|
EOF 200
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,5 +17,6 @@
|
||||||
./syncthing.nix
|
./syncthing.nix
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./photoprism.nix
|
./photoprism.nix
|
||||||
|
./ntfy-sh.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
77
system/services/ntfy-sh.nix
Normal file
77
system/services/ntfy-sh.nix
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.ntfy-sh;
|
||||||
|
client = cfg.client;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
domain = "ntfy.tigor.web.id";
|
||||||
|
listenAddress = "0.0.0.0:15150";
|
||||||
|
in
|
||||||
|
lib.mkMerge [
|
||||||
|
(mkIf cfg.enable {
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy ${listenAddress}
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.ntfy-sh = {
|
||||||
|
enable = true;
|
||||||
|
settings =
|
||||||
|
let
|
||||||
|
base-dir = "/var/lib/ntfy-sh";
|
||||||
|
in
|
||||||
|
rec {
|
||||||
|
listen-http = listenAddress;
|
||||||
|
behind-proxy = true;
|
||||||
|
base-url = "https://${domain}";
|
||||||
|
|
||||||
|
# Performance. Cache and Batching.
|
||||||
|
cache-file = "${base-dir}/cache.db";
|
||||||
|
cache-duration = "24h";
|
||||||
|
cache-batch-size = 10;
|
||||||
|
cache-batch-timeout = "1s";
|
||||||
|
|
||||||
|
# Auth
|
||||||
|
auth-file = "${base-dir}/auth.db";
|
||||||
|
auth-default-access = "deny-all";
|
||||||
|
|
||||||
|
# Attachments
|
||||||
|
attachment-cache-dir = "${base-dir}/attachments";
|
||||||
|
attachment-expiry-duration = cache-duration;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(mkIf client.enable {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
# Access to `ntfy` cli tool
|
||||||
|
ntfy-sh
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.sessionVariables = {
|
||||||
|
NTFY_CONFIG = "/etc/ntfy/client.yml";
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
secrets =
|
||||||
|
let
|
||||||
|
opts = { sopsFile = ../../secrets/ntfy.yaml; };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"ntfy/default/user" = opts;
|
||||||
|
"ntfy/default/password" = opts;
|
||||||
|
};
|
||||||
|
|
||||||
|
templates =
|
||||||
|
let filename = "ntfy-client.yaml"; in
|
||||||
|
{
|
||||||
|
${filename} = {
|
||||||
|
content = builtins.readFile ((pkgs.formats.yaml { }).generate filename {
|
||||||
|
default-host = "https://${domain}";
|
||||||
|
default-user = config.sops.placeholder."ntfy/default/user";
|
||||||
|
default-password = config.sops.placeholder."ntfy/default/password";
|
||||||
|
});
|
||||||
|
path = "/etc/ntfy/client.yml";
|
||||||
|
owner = config.profile.user.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]
|
|
@ -39,6 +39,74 @@ in
|
||||||
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
systemd.tmpfiles.settings = {
|
||||||
|
"promtail-dir" = {
|
||||||
|
"/var/lib/promtail" = {
|
||||||
|
d = {
|
||||||
|
group = "promtail";
|
||||||
|
mode = "0755";
|
||||||
|
user = "promtail";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.promtail = {
|
||||||
|
enable = true;
|
||||||
|
configuration = {
|
||||||
|
server = {
|
||||||
|
http_listen_port = 3031;
|
||||||
|
grpc_listen_port = 0;
|
||||||
|
};
|
||||||
|
clients = [
|
||||||
|
{
|
||||||
|
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/loki/api/v1/push";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
positions = {
|
||||||
|
filename = "/var/lib/promtail/positions.yaml";
|
||||||
|
};
|
||||||
|
scrape_configs = [
|
||||||
|
{
|
||||||
|
job_name = "systemd-journal";
|
||||||
|
relabel_configs = [
|
||||||
|
{
|
||||||
|
source_labels = [ "__journal__hostname" ];
|
||||||
|
target_label = "host";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source_labels = [ "__journal__systemd_unit" ];
|
||||||
|
target_label = "systemd_unit";
|
||||||
|
regex = ''(.+)'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source_labels = [ "__journal__systemd_user_unit" ];
|
||||||
|
target_label = "systemd_user_unit";
|
||||||
|
regex = ''(.+)'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source_labels = [ "__journal__transport" ];
|
||||||
|
target_label = "transport";
|
||||||
|
regex = ''(.+)'';
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source_labels = [ "__journal_priority_keyword" ];
|
||||||
|
target_label = "severity";
|
||||||
|
regex = ''(.+)'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
journal = {
|
||||||
|
labels = {
|
||||||
|
job = "systemd-journal";
|
||||||
|
};
|
||||||
|
path = "/var/log/journal";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.loki =
|
services.loki =
|
||||||
let
|
let
|
||||||
dataDir = config.services.loki.dataDir;
|
dataDir = config.services.loki.dataDir;
|
||||||
|
|
Loading…
Reference in a new issue