dotfiles/container/proxitok/default.nix

{ config, lib, ... }:

{
  virtualisation.oci-containers.containers = {
    proxitok-web = {
      image = "ghcr.io/pablouser1/proxitok:master";
      dependsOn = [ "proxitok-signer" ];
      ports = [ "127.0.0.1:8005:80" ];
      environmentFiles = [ config.age.secrets.proxitok-environment.path ];
      volumes = [
        "/etc/container-proxitok/cache:/cache"
      ];
      extraOptions = [
        "--label=com.centurylinklabs.watchtower.enable=true"
        "--label=io.containers.autoupdate=registry"
      ];
    };

    proxitok-signer = {
      image = "ghcr.io/pablouser1/signtok:master";
      extraOptions = [
        "--label=com.centurylinklabs.watchtower.enable=true"
        "--label=io.containers.autoupdate=registry"
      ];
    };
  };

  systemd.services.podman-proxitok-web.serviceConfig = {
    TimeoutStopSec = lib.mkForce 5;
  };

  systemd.services.podman-proxitok-signer.serviceConfig = {
    TimeoutStopSec = lib.mkForce 5;
  };

  systemd.tmpfiles.rules = [
    "d /etc/container-proxitok/cache 0755 33 33"
  ];

  services.nginx.virtualHosts."tictac.daniel.sx" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;

    onlySSL = true;
    useACMEHost = "daniel.sx";

    locations."/" = {
      recommendedProxySettings = true;
      proxyPass = "http://127.0.0.1:8005";
    };
  };
}
proxitok: kill signer after 2 seconds 2023-03-20 17:06:11 +01:00			`{ config, lib, ... }:`
proxitok: init 2023-02-28 14:55:57 +01:00
			`{`
proxitok: Switch to oci-containers config 2023-03-19 00:28:41 +01:00			`virtualisation.oci-containers.containers = {`
			`proxitok-web = {`
			`image = "ghcr.io/pablouser1/proxitok:master";`
			`dependsOn = [ "proxitok-signer" ];`
			`ports = [ "127.0.0.1:8005:80" ];`
			`environmentFiles = [ config.age.secrets.proxitok-environment.path ];`
			`volumes = [`
			`"/etc/container-proxitok/cache:/cache"`
			`];`
			`extraOptions = [`
			`"--label=com.centurylinklabs.watchtower.enable=true"`
			`"--label=io.containers.autoupdate=registry"`
			`];`
			`};`
proxitok: init 2023-02-28 14:55:57 +01:00
proxitok: Switch to oci-containers config 2023-03-19 00:28:41 +01:00			`proxitok-signer = {`
			`image = "ghcr.io/pablouser1/signtok:master";`
			`extraOptions = [`
			`"--label=com.centurylinklabs.watchtower.enable=true"`
			`"--label=io.containers.autoupdate=registry"`
			`];`
proxitok: init 2023-02-28 14:55:57 +01:00			`};`
			`};`

proxitok: kill web after 2 seconds 2023-03-20 20:34:56 +01:00			`systemd.services.podman-proxitok-web.serviceConfig = {`
podman: Set TimeoutStopSec 2023-03-24 22:30:50 +01:00			`TimeoutStopSec = lib.mkForce 5;`
proxitok: kill web after 2 seconds 2023-03-20 20:34:56 +01:00			`};`

proxitok: kill signer after 2 seconds 2023-03-20 17:04:58 +01:00			`systemd.services.podman-proxitok-signer.serviceConfig = {`
podman: Set TimeoutStopSec 2023-03-24 22:30:50 +01:00			`TimeoutStopSec = lib.mkForce 5;`
proxitok: kill signer after 2 seconds 2023-03-20 17:04:58 +01:00			`};`

proxitok: add cache folder 2023-02-28 15:22:22 +01:00			`systemd.tmpfiles.rules = [`
			`"d /etc/container-proxitok/cache 0755 33 33"`
			`];`

sail: Expose certain services only via SSL 2023-03-12 21:03:36 +01:00			`services.nginx.virtualHosts."tictac.daniel.sx" = {`
Revert "all frontends: try removing ipv6 addr" This reverts commit 1408ac1b74b6f8f69a98ce8a1cb6ab508dcc1a5b. 2023-04-03 14:52:41 +02:00			`listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];`
nginx: re-enable quic/http3 2023-04-03 15:03:52 +02:00			`quic = true;`
sail: Expose certain services only via SSL 2023-03-12 21:03:36 +01:00			`http3 = true;`
sail: Enable HTTP3 2023-03-06 10:21:34 +01:00
sail: Expose certain services only via SSL 2023-03-12 21:03:36 +01:00			`onlySSL = true;`
			`useACMEHost = "daniel.sx";`
proxitok: init 2023-02-28 14:55:57 +01:00
sail: Expose certain services only via SSL 2023-03-12 21:03:36 +01:00			`locations."/" = {`
			`recommendedProxySettings = true;`
			`proxyPass = "http://127.0.0.1:8005";`
proxitok: init 2023-02-28 14:55:57 +01:00			`};`
			`};`
			`}`