proxitok: init
This commit is contained in:
parent
3f0050d785
commit
6f4c6c8072
6 changed files with 81 additions and 0 deletions
|
@ -99,5 +99,16 @@
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
proxitok-environment = {
|
||||||
|
file = ./proxitok/environment.age;
|
||||||
|
mode = "444";
|
||||||
|
};
|
||||||
|
|
||||||
|
proxitok-auth = {
|
||||||
|
file = ./proxitok/auth.age;
|
||||||
|
owner = "nginx";
|
||||||
|
group = "nginx";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
9
agenix/hosts/sail/proxitok/auth.age
Normal file
9
agenix/hosts/sail/proxitok/auth.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g UsWqApJ+OzlhjmqFPWX+9lYH8WiGLGiRb9ljd2aoE0s
|
||||||
|
2QnM7xKexxWwDaP/dkIPn4t62cl0SYgFwJmPjP4qmQg
|
||||||
|
-> ssh-ed25519 NbV4hw Jxe6FiuxaJ3976a9J3iGFB4voOABKtxOFjjiV5lJg1E
|
||||||
|
jYiki61pPUnvcXM0p4zTW/SAdXpdirEPaBVB8qQFSGI
|
||||||
|
-> SZ+-grease 7`Z3we,h O2THy w@-G^,*
|
||||||
|
pING13NREsxJOhDYbGGmh6M
|
||||||
|
--- YYugx3x05vCiO23wzFQH3E7/HkehfSZJZ4I1Hhn7gCI
|
||||||
|
—Õß[ŒŽïJë™Þ:KBKŽöçS‰ãÈVMœ
×<><C397>Š˜ÛJkù$ÿn‡D„KN±ä4áù.<™,à.¿iÆ48§ôF¤8¹kŠû](&nÁ—‹úꚉ‘Œ31þìj<07>r]ñv[Ë•âË=ôhÓ›‘
|
BIN
agenix/hosts/sail/proxitok/environment.age
Normal file
BIN
agenix/hosts/sail/proxitok/environment.age
Normal file
Binary file not shown.
57
container/proxitok/default.nix
Normal file
57
container/proxitok/default.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
virtualisation.arion.projects.proxitok.settings = {
|
||||||
|
services = {
|
||||||
|
proxitok-web = {
|
||||||
|
service = {
|
||||||
|
image = "ghcr.io/pablouser1/proxitok:master";
|
||||||
|
container_name = "proxitok-web";
|
||||||
|
restart = "unless-stopped";
|
||||||
|
depends_on = [ "proxitok-signer" ];
|
||||||
|
ports = [ "127.0.0.1:8005:80" ];
|
||||||
|
env_file = [ config.age.secrets.proxitok-environment.path ];
|
||||||
|
labels = {
|
||||||
|
"com.centurylinklabs.watchtower.enable" = "true";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
proxitok-signer = {
|
||||||
|
service = {
|
||||||
|
image = "ghcr.io/pablouser1/signtok:master";
|
||||||
|
container_name = "proxitok-signer";
|
||||||
|
restart = "unless-stopped";
|
||||||
|
labels = {
|
||||||
|
"com.centurylinklabs.watchtower.enable" = "true";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedBrotliSettings = true;
|
||||||
|
|
||||||
|
virtualHosts."proxitok.only.internal" = {
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "127.0.0.1";
|
||||||
|
port = 80;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
forceSSL = false;
|
||||||
|
enableACME = false;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
proxyPass = "http://127.0.0.1:8005";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -31,4 +31,7 @@ in
|
||||||
|
|
||||||
"agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
|
"agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
|
||||||
"agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail;
|
"agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail;
|
||||||
|
|
||||||
|
"agenix/hosts/sail/proxitok/environment.age".publicKeys = sail;
|
||||||
|
"agenix/hosts/sail/proxitok/auth.age".publicKeys = sail;
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,6 +39,7 @@ in
|
||||||
../nixos/arion.nix
|
../nixos/arion.nix
|
||||||
../../container/webserver
|
../../container/webserver
|
||||||
../../container/matrix
|
../../container/matrix
|
||||||
|
../../container/proxitok
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
Loading…
Reference in a new issue