dotfiles/container/proxitok/default.nix

68 lines
1.6 KiB
Nix
Raw Normal View History

2023-07-16 22:17:50 +00:00
{ config, ... }:
2023-02-28 13:55:57 +00:00
{
virtualisation.oci-containers.containers = {
proxitok-web = {
image = "ghcr.io/pablouser1/proxitok:master";
dependsOn = [ "proxitok-signer" ];
2023-08-29 12:04:17 +00:00
ports = [ "127.0.0.1:8005:8080" ];
environmentFiles = [ config.age.secrets.proxitok-environment.path ];
volumes = [
"/etc/container-proxitok/cache:/cache"
];
extraOptions = [
"--label=com.centurylinklabs.watchtower.enable=true"
"--label=io.containers.autoupdate=registry"
];
};
2023-02-28 13:55:57 +00:00
proxitok-signer = {
image = "ghcr.io/pablouser1/signtok:master";
extraOptions = [
"--label=com.centurylinklabs.watchtower.enable=true"
"--label=io.containers.autoupdate=registry"
];
2023-02-28 13:55:57 +00:00
};
};
2023-06-23 18:08:22 +00:00
systemd.services.podman-proxitok-web.restartTriggers = [
"${config.age.secrets.proxitok-environment.file}"
];
2023-02-28 14:22:22 +00:00
systemd.tmpfiles.rules = [
2023-09-04 10:45:06 +00:00
"d /etc/container-proxitok/cache 0755 nobody nogroup"
2023-02-28 14:22:22 +00:00
];
services.redis.servers.proxitok = {
enable = true;
bind = "10.88.0.1";
port = 6381;
databases = 1;
save = [ ];
appendFsync = "no";
settings = {
protected-mode = "no";
};
};
2023-06-22 18:57:21 +00:00
systemd.services.redis-proxitok.after = [ "podman-wait-for-host-interface.service" ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];
services.nginx.virtualHosts."tictac.daniel.sx" = {
listenAddresses = [ "100.64.10.2" "[fd7a:115c:a1e0:1010::2]" ];
2023-04-03 13:03:52 +00:00
quic = true;
http3 = true;
2023-03-06 09:21:34 +00:00
onlySSL = true;
useACMEHost = "daniel.sx";
2023-02-28 13:55:57 +00:00
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8005";
2023-02-28 13:55:57 +00:00
};
};
}