dotfiles/container/proxitok/default.nix

{ config, ... }:

{
  virtualisation.oci-containers.containers = {
    proxitok-web = {
      image = "ghcr.io/pablouser1/proxitok:master";
      dependsOn = [ "proxitok-signer" ];
      ports = [ "127.0.0.1:8005:80" ];
      environmentFiles = [ config.age.secrets.proxitok-environment.path ];
      volumes = [
        "/etc/container-proxitok/cache:/cache"
      ];
      extraOptions = [
        "--label=com.centurylinklabs.watchtower.enable=true"
        "--label=io.containers.autoupdate=registry"
      ];
    };

    proxitok-signer = {
      image = "ghcr.io/pablouser1/signtok:master";
      extraOptions = [
        "--label=com.centurylinklabs.watchtower.enable=true"
        "--label=io.containers.autoupdate=registry"
      ];
    };
  };

  systemd.services.podman-proxitok-web.restartTriggers = [
    "${config.age.secrets.proxitok-environment.file}"
  ];

  systemd.tmpfiles.rules = [
    "d /etc/container-proxitok/cache 0755 33 33"
  ];

  services.redis.servers.proxitok = {
    enable = true;
    bind = "10.88.0.1";
    port = 6381;

    databases = 1;
    save = [ ];
    appendFsync = "no";

    settings = {
      protected-mode = "no";
    };
  };

  systemd.services.redis-proxitok.after = [ "podman-wait-for-host-interface.service" ];

  networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];

  services.nginx.virtualHosts."tictac.daniel.sx" = {
    listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];
    quic = true;
    http3 = true;

    onlySSL = true;
    useACMEHost = "daniel.sx";

    locations."/" = {
      recommendedProxySettings = true;
      proxyPass = "http://127.0.0.1:8005";
    };
  };
}
Introduce pre-commit-hooks.nix 2023-07-16 22:17:50 +00:00			`{ config, ... }:`
proxitok: init 2023-02-28 13:55:57 +00:00
			`{`
proxitok: Switch to oci-containers config 2023-03-18 23:28:41 +00:00			`virtualisation.oci-containers.containers = {`
			`proxitok-web = {`
			`image = "ghcr.io/pablouser1/proxitok:master";`
			`dependsOn = [ "proxitok-signer" ];`
			`ports = [ "127.0.0.1:8005:80" ];`
			`environmentFiles = [ config.age.secrets.proxitok-environment.path ];`
			`volumes = [`
			`"/etc/container-proxitok/cache:/cache"`
			`];`
			`extraOptions = [`
			`"--label=com.centurylinklabs.watchtower.enable=true"`
			`"--label=io.containers.autoupdate=registry"`
			`];`
			`};`
proxitok: init 2023-02-28 13:55:57 +00:00
proxitok: Switch to oci-containers config 2023-03-18 23:28:41 +00:00			`proxitok-signer = {`
			`image = "ghcr.io/pablouser1/signtok:master";`
			`extraOptions = [`
			`"--label=com.centurylinklabs.watchtower.enable=true"`
			`"--label=io.containers.autoupdate=registry"`
			`];`
proxitok: init 2023-02-28 13:55:57 +00:00			`};`
			`};`

Update deps 2023-06-23 18:08:22 +00:00			`systemd.services.podman-proxitok-web.restartTriggers = [`
			`"${config.age.secrets.proxitok-environment.file}"`
			`];`

proxitok: add cache folder 2023-02-28 14:22:22 +00:00			`systemd.tmpfiles.rules = [`
			`"d /etc/container-proxitok/cache 0755 33 33"`
			`];`

tanker: init system and consolidate attic and sail 2023-06-21 12:21:40 +00:00			`services.redis.servers.proxitok = {`
			`enable = true;`
			`bind = "10.88.0.1";`
			`port = 6381;`

			`databases = 1;`
			`save = [ ];`
			`appendFsync = "no";`

			`settings = {`
			`protected-mode = "no";`
			`};`
			`};`

Updates and fixes 2023-06-22 18:57:21 +00:00			`systemd.services.redis-proxitok.after = [ "podman-wait-for-host-interface.service" ];`

tanker: init system and consolidate attic and sail 2023-06-21 12:21:40 +00:00			`networking.firewall.interfaces."podman+".allowedTCPPorts = [ 6381 ];`

sail: Expose certain services only via SSL 2023-03-12 20:03:36 +00:00			`services.nginx.virtualHosts."tictac.daniel.sx" = {`
tanker: init system and consolidate attic and sail 2023-06-21 12:21:40 +00:00			`listenAddresses = [ "100.108.165.26" "[fd7a:115c:a1e0:ab12:4843:cd96:626c:a51a]" ];`
nginx: re-enable quic/http3 2023-04-03 13:03:52 +00:00			`quic = true;`
sail: Expose certain services only via SSL 2023-03-12 20:03:36 +00:00			`http3 = true;`
sail: Enable HTTP3 2023-03-06 09:21:34 +00:00
sail: Expose certain services only via SSL 2023-03-12 20:03:36 +00:00			`onlySSL = true;`
			`useACMEHost = "daniel.sx";`
proxitok: init 2023-02-28 13:55:57 +00:00
sail: Expose certain services only via SSL 2023-03-12 20:03:36 +00:00			`locations."/" = {`
			`recommendedProxySettings = true;`
			`proxyPass = "http://127.0.0.1:8005";`
proxitok: init 2023-02-28 13:55:57 +00:00			`};`
			`};`
			`}`