From 6f4c6c807224c11a0778f556b29739b1b6882a09 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Tue, 28 Feb 2023 14:55:57 +0100 Subject: [PATCH] proxitok: init --- agenix/hosts/sail/config.nix | 11 ++++ agenix/hosts/sail/proxitok/auth.age | 9 ++++ agenix/hosts/sail/proxitok/environment.age | Bin 0 -> 557 bytes container/proxitok/default.nix | 57 +++++++++++++++++++++ secrets.nix | 3 ++ system/hosts/sail.nix | 1 + 6 files changed, 81 insertions(+) create mode 100644 agenix/hosts/sail/proxitok/auth.age create mode 100644 agenix/hosts/sail/proxitok/environment.age create mode 100644 container/proxitok/default.nix diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index c6298d7..3f0ce65 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -99,5 +99,16 @@ owner = "nginx"; group = "nginx"; }; + + proxitok-environment = { + file = ./proxitok/environment.age; + mode = "444"; + }; + + proxitok-auth = { + file = ./proxitok/auth.age; + owner = "nginx"; + group = "nginx"; + }; }; } diff --git a/agenix/hosts/sail/proxitok/auth.age b/agenix/hosts/sail/proxitok/auth.age new file mode 100644 index 0000000..a0a08cd --- /dev/null +++ b/agenix/hosts/sail/proxitok/auth.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g UsWqApJ+OzlhjmqFPWX+9lYH8WiGLGiRb9ljd2aoE0s +2QnM7xKexxWwDaP/dkIPn4t62cl0SYgFwJmPjP4qmQg +-> ssh-ed25519 NbV4hw Jxe6FiuxaJ3976a9J3iGFB4voOABKtxOFjjiV5lJg1E +jYiki61pPUnvcXM0p4zTW/SAdXpdirEPaBVB8qQFSGI +-> SZ+-grease 7`Z3we,h O2THy w@-G^,* +pING13NREsxJOhDYbGGmh6M +--- YYugx3x05vCiO23wzFQH3E7/HkehfSZJZ4I1Hhn7gCI +[J:KBKSVM אJk$nDK N4.<,.i48 F8k](&n31jr]v[˕=hӛ \ No newline at end of file diff --git a/agenix/hosts/sail/proxitok/environment.age b/agenix/hosts/sail/proxitok/environment.age new file mode 100644 index 0000000000000000000000000000000000000000..cbbaa62819db842888584391dcc25fd805825c58 GIT binary patch literal 557 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlEpaa}OII+>33du{ zjxtC|_II+VDtB}@j>t6CPtP;E*LL?ebS~G=apg)iPYFv&Ej2GS_14Y} zN-nR+$}%*{GAj12$}%+Y_VLMdax*tF4fYEzcSX0&FDc9Kw70|YNm^` zWtd@-xqqQ)SczdlT6TCrX+Tm+QhthYu1}U@REa@=XS#EGW|@&`q+6A?FPE;au0nEz zbAf4@X_{w%m%G1dQEsKBX|6$Wa)E`rwwGm*zkW%Mm$|97tBZk)0oVNRNe5?`1%LGy zkWT&l(7C!!Io!SMDigzox;rM8_lml=1pc`9bH(b{yLOsRTCKUnlzFL3Y}$X{@Ar5N z12wE>DXp*m;`Th{w$;_5NGdDgE m`CnPd$nE|=h`YtXCiqK;=eB+C=B6Bre*8v4PUXVQ<6;2y?9(m) literal 0 HcmV?d00001 diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix new file mode 100644 index 0000000..1bba301 --- /dev/null +++ b/container/proxitok/default.nix @@ -0,0 +1,57 @@ +{ config, ... }: + +{ + virtualisation.arion.projects.proxitok.settings = { + services = { + proxitok-web = { + service = { + image = "ghcr.io/pablouser1/proxitok:master"; + container_name = "proxitok-web"; + restart = "unless-stopped"; + depends_on = [ "proxitok-signer" ]; + ports = [ "127.0.0.1:8005:80" ]; + env_file = [ config.age.secrets.proxitok-environment.path ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + }; + }; + }; + + proxitok-signer = { + service = { + image = "ghcr.io/pablouser1/signtok:master"; + container_name = "proxitok-signer"; + restart = "unless-stopped"; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + }; + }; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + + virtualHosts."proxitok.only.internal" = { + listen = [ + { + addr = "127.0.0.1"; + port = 80; + } + ]; + + forceSSL = false; + enableACME = false; + + locations."/" = { + basicAuthFile = config.age.secrets.proxitok-auth.path; + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:8005"; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 124a460..46943e2 100644 --- a/secrets.nix +++ b/secrets.nix @@ -31,4 +31,7 @@ in "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail; "agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail; + + "agenix/hosts/sail/proxitok/environment.age".publicKeys = sail; + "agenix/hosts/sail/proxitok/auth.age".publicKeys = sail; } diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix index 4ad97a7..604d56f 100644 --- a/system/hosts/sail.nix +++ b/system/hosts/sail.nix @@ -39,6 +39,7 @@ in ../nixos/arion.nix ../../container/webserver ../../container/matrix + ../../container/proxitok ]; system.stateVersion = "22.11";