daniel/dotfiles
1
0
Fork 0
Code Actions Activity

proxitok: init

Browse source
This commit is contained in:
Daniel Kempkens 2023-02-28 14:55:57 +01:00
parent 3f0050d785
commit 6f4c6c8072
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 81 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
agenix/hosts/sail/config.nix
View file

@ -99,5 +99,16 @@
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
}; };
proxitok-environment = {
file = ./proxitok/environment.age;
mode = "444";
};
proxitok-auth = {
file = ./proxitok/auth.age;
owner = "nginx";
group = "nginx";
};
}; };
} }

9
agenix/hosts/sail/proxitok/auth.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g UsWqApJ+OzlhjmqFPWX+9lYH8WiGLGiRb9ljd2aoE0s
2QnM7xKexxWwDaP/dkIPn4t62cl0SYgFwJmPjP4qmQg
-> ssh-ed25519 NbV4hw Jxe6FiuxaJ3976a9J3iGFB4voOABKtxOFjjiV5lJg1E
jYiki61pPUnvcXM0p4zTW/SAdXpdirEPaBVB8qQFSGI
-> SZ+-grease 7`Z3we,h O2THy w@-G^,*
pING13NREsxJOhDYbGGmh6M
--- YYugx3x05vCiO23wzFQH3E7/HkehfSZJZ4I1Hhn7gCI
—Õß[ŒŽïJë™Þ:KBKŽöçS‰ãÈVMœ ×<><C397>Š˜ÛJkù$ÿn‡D„K N±ä4áù.<™,à.¿iÆ48 §ôF¤8¹kŠû](&nÁ—úꚌ31þìj<07>r]ñv[Ë•âË=ôhÓ

BIN
agenix/hosts/sail/proxitok/environment.age Normal file
View file

Binary file not shown.

57
container/proxitok/default.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, ... }:
{
virtualisation.arion.projects.proxitok.settings = {
services = {
proxitok-web = {
service = {
image = "ghcr.io/pablouser1/proxitok:master";
container_name = "proxitok-web";
restart = "unless-stopped";
depends_on = [ "proxitok-signer" ];
ports = [ "127.0.0.1:8005:80" ];
env_file = [ config.age.secrets.proxitok-environment.path ];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
};
};
};
proxitok-signer = {
service = {
image = "ghcr.io/pablouser1/signtok:master";
container_name = "proxitok-signer";
restart = "unless-stopped";
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
};
};
};
};
};
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
virtualHosts."proxitok.only.internal" = {
listen = [
{
addr = "127.0.0.1";
port = 80;
}
];
forceSSL = false;
enableACME = false;
locations."/" = {
basicAuthFile = config.age.secrets.proxitok-auth.path;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8005";
};
};
};
}

3
secrets.nix
View file

@ -31,4 +31,7 @@ in
"agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail; "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
"agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail; "agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail;
"agenix/hosts/sail/proxitok/environment.age".publicKeys = sail;
"agenix/hosts/sail/proxitok/auth.age".publicKeys = sail;
} }

1
system/hosts/sail.nix
View file

@ -39,6 +39,7 @@ in
../nixos/arion.nix ../nixos/arion.nix
../../container/webserver ../../container/webserver
../../container/matrix ../../container/matrix
../../container/proxitok
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";