proxitok: init

2023-02-28 14:55:57 +01:00 · 2023-02-28 14:55:57 +01:00 · 6f4c6c8072
commit 6f4c6c8072
parent 3f0050d785
6 changed files with 81 additions and 0 deletions
--- a/agenix/hosts/sail/config.nix
+++ b/agenix/hosts/sail/config.nix
@ -99,5 +99,16 @@
      owner = "nginx";
      group = "nginx";
    };
+
+    proxitok-environment = {
+      file = ./proxitok/environment.age;
+      mode = "444";
+    };
+
+    proxitok-auth = {
+      file = ./proxitok/auth.age;
+      owner = "nginx";
+      group = "nginx";
+    };
  };
 }
--- a/agenix/hosts/sail/proxitok/auth.age
+++ b/agenix/hosts/sail/proxitok/auth.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g UsWqApJ+OzlhjmqFPWX+9lYH8WiGLGiRb9ljd2aoE0s
+2QnM7xKexxWwDaP/dkIPn4t62cl0SYgFwJmPjP4qmQg
+-> ssh-ed25519 NbV4hw Jxe6FiuxaJ3976a9J3iGFB4voOABKtxOFjjiV5lJg1E
+jYiki61pPUnvcXM0p4zTW/SAdXpdirEPaBVB8qQFSGI
+-> SZ+-grease 7`Z3we,h O2THy w@-G^,*
+pING13NREsxJOhDYbGGmh6M
+--- YYugx3x05vCiO23wzFQH3E7/HkehfSZJZ4I1Hhn7gCI
+—Õß[ŒŽïJë™Þ:KBKŽöçS‰ãÈVMœ
×<><C397>Š˜ÛJkù$ÿn‡D„KN±ä4áù.<™,à.¿iÆ48§ôF¤8¹kŠû](&nÁ—‹úêš‰‘Œ31þìj<07>r]ñv[Ë•âË=ôhÓ›‘
--- a/agenix/hosts/sail/proxitok/environment.age
+++ b/agenix/hosts/sail/proxitok/environment.age
--- a/container/proxitok/default.nix
+++ b/container/proxitok/default.nix
@ -0,0 +1,57 @@
+{ config, ... }:
+
+{
+  virtualisation.arion.projects.proxitok.settings = {
+    services = {
+      proxitok-web = {
+        service = {
+          image = "ghcr.io/pablouser1/proxitok:master";
+          container_name = "proxitok-web";
+          restart = "unless-stopped";
+          depends_on = [ "proxitok-signer" ];
+          ports = [ "127.0.0.1:8005:80" ];
+          env_file = [ config.age.secrets.proxitok-environment.path ];
+          labels = {
+            "com.centurylinklabs.watchtower.enable" = "true";
+          };
+        };
+      };
+
+      proxitok-signer = {
+        service = {
+          image = "ghcr.io/pablouser1/signtok:master";
+          container_name = "proxitok-signer";
+          restart = "unless-stopped";
+          labels = {
+            "com.centurylinklabs.watchtower.enable" = "true";
+          };
+        };
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedBrotliSettings = true;
+
+    virtualHosts."proxitok.only.internal" = {
+      listen = [
+        {
+          addr = "127.0.0.1";
+          port = 80;
+        }
+      ];
+
+      forceSSL = false;
+      enableACME = false;
+
+      locations."/" = {
+        basicAuthFile = config.age.secrets.proxitok-auth.path;
+        recommendedProxySettings = true;
+        proxyPass = "http://127.0.0.1:8005";
+      };
+    };
+  };
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -31,4 +31,7 @@ in

  "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail;
  "agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail;
+
+  "agenix/hosts/sail/proxitok/environment.age".publicKeys = sail;
+  "agenix/hosts/sail/proxitok/auth.age".publicKeys = sail;
 }
--- a/system/hosts/sail.nix
+++ b/system/hosts/sail.nix
@ -39,6 +39,7 @@ in
    ../nixos/arion.nix
    ../../container/webserver
    ../../container/matrix
+    ../../container/proxitok
  ];

  system.stateVersion = "22.11";