diff --git a/agenix/hosts/sail/anonymous-overflow/auth.age b/agenix/hosts/sail/anonymous-overflow/auth.age deleted file mode 100644 index cb5b10b..0000000 Binary files a/agenix/hosts/sail/anonymous-overflow/auth.age and /dev/null differ diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index 4751f07..6db1536 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -95,42 +95,12 @@ file = ./nitter/config.age; }; - nitter-auth = { - file = ./nitter/auth.age; - owner = "nginx"; - group = "nginx"; - }; - - libreddit-auth = { - file = ./libreddit/auth.age; - owner = "nginx"; - group = "nginx"; - }; - - rimgo-auth = { - file = ./rimgo/auth.age; - owner = "nginx"; - group = "nginx"; - }; - anonymous-overflow-config = { file = ./anonymous-overflow/config.age; }; - anonymous-overflow-auth = { - file = ./anonymous-overflow/auth.age; - owner = "nginx"; - group = "nginx"; - }; - proxitok-environment = { file = ./proxitok/environment.age; }; - - proxitok-auth = { - file = ./proxitok/auth.age; - owner = "nginx"; - group = "nginx"; - }; }; } diff --git a/agenix/hosts/sail/libreddit/auth.age b/agenix/hosts/sail/libreddit/auth.age deleted file mode 100644 index 7b6a359..0000000 Binary files a/agenix/hosts/sail/libreddit/auth.age and /dev/null differ diff --git a/agenix/hosts/sail/nitter/auth.age b/agenix/hosts/sail/nitter/auth.age deleted file mode 100644 index b99bc54..0000000 --- a/agenix/hosts/sail/nitter/auth.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g TlltW6mwuZE7iaKfHK128JI0R6Mj4yu1Yq1Hy0YWJRY -ZRS8nBzX39RHYDeEMnlKepVDuaXjLw1N0WRtP3cvBPY --> ssh-ed25519 NbV4hw +HmaRasZJ0E+lTm8CYBoHrB/u+7bdfwroLzSHrsCgRw -xoz0PRPOFIfwMvmJGC1PGS2PsUe+v0aG7E8BIY4yUH8 --> ;r1<;&A-grease sHb XfT4F 4xh];sA@ -IIIGYPwXy4uHMkFV ---- HN3r/Qy0NfVWSwIlgHwT9mR8YlR07VhSABEE1AyZQvM - ^9A`Ku".f.8;%H$#*m /T"hP.%8TsaN٠KfP|;O7(ȥ")* \ No newline at end of file diff --git a/agenix/hosts/sail/proxitok/auth.age b/agenix/hosts/sail/proxitok/auth.age deleted file mode 100644 index a0a08cd..0000000 --- a/agenix/hosts/sail/proxitok/auth.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MtGp6g UsWqApJ+OzlhjmqFPWX+9lYH8WiGLGiRb9ljd2aoE0s -2QnM7xKexxWwDaP/dkIPn4t62cl0SYgFwJmPjP4qmQg --> ssh-ed25519 NbV4hw Jxe6FiuxaJ3976a9J3iGFB4voOABKtxOFjjiV5lJg1E -jYiki61pPUnvcXM0p4zTW/SAdXpdirEPaBVB8qQFSGI --> SZ+-grease 7`Z3we,h O2THy w@-G^,* -pING13NREsxJOhDYbGGmh6M ---- YYugx3x05vCiO23wzFQH3E7/HkehfSZJZ4I1Hhn7gCI -[J:KBKSVM אJk$nDK N4.<,.i48 F8k](&n31jr]v[˕=hӛ \ No newline at end of file diff --git a/agenix/hosts/sail/rimgo/auth.age b/agenix/hosts/sail/rimgo/auth.age deleted file mode 100644 index 207c66f..0000000 --- a/agenix/hosts/sail/rimgo/auth.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyAySTBM -aFBCMXFLc0JJeHlSMjBEM0pqeElpZ3FOYmd6WFI4bndMcGluMWxVCmJ6aHBYNFlW -RFlyTjhGYkluMWJ3bmRjaU55QWthYUZaWVpnZ081NUxYdDQKLT4gc3NoLWVkMjU1 -MTkgTmJWNGh3IFN2SWJ6ZFloZkk4YVI3NXFFUkJsQnMwemV0czQ0L3Q3d0ZxQkZP -aXRFQUEKWWRSV2hQOC8zMFZ4aUFack9DcjM0SEg5VmVDdnZoUUdKb1FoTzMvclhI -YwotPiBtc017cmNSNy1ncmVhc2UgO191L2tOfSAuX2sKYjlmMEpJSTJKbFpNb1h0 -U2s2K1U0NnAyejBjbHhyTDJaUG85dCtORDdMME1iTmFNTWlTZGdpRi90emVVT0ZL -RgpLemUyVXJHR1ZyNEJCbExuN3cxQWw4Q1ZvKzAzZ1l5bTJ6ekh1N2VtbWhsUAot -LS0gZDZuVXliZXRqeHpEa24vbTdLRjY2RkdReUgrVk4yRXJVam82ZklCUER5dwoi -onrE2i7Culh6zYX79xMkJOuhSXlTpX2q4LQin5RA8O0b6lVui5lGR+K+wTkfYvKw -D92KqHxvQbCpYECM5QrEued9+3ujmRjd5Zh9YBCdmoM1P7BlyTYaMIduUenN7VjP -LjqdajKkDcu8Jf7p27Qob0A= ------END AGE ENCRYPTED FILE----- diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index c088ad7..5167c25 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -39,11 +39,11 @@ ]; services.nginx.virtualHosts."tictac.daniel.sx" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; onlySSL = true; useACMEHost = "daniel.sx"; - basicAuthFile = config.age.secrets.proxitok-auth.path; locations."/" = { recommendedProxySettings = true; diff --git a/secrets.nix b/secrets.nix index 98275a3..c44f0b7 100644 --- a/secrets.nix +++ b/secrets.nix @@ -32,15 +32,8 @@ in "agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/nitter/config.age".publicKeys = sail; - "agenix/hosts/sail/nitter/auth.age".publicKeys = sail; - - "agenix/hosts/sail/libreddit/auth.age".publicKeys = sail; - - "agenix/hosts/sail/rimgo/auth.age".publicKeys = sail; "agenix/hosts/sail/anonymous-overflow/config.age".publicKeys = sail; - "agenix/hosts/sail/anonymous-overflow/auth.age".publicKeys = sail; "agenix/hosts/sail/proxitok/environment.age".publicKeys = sail; - "agenix/hosts/sail/proxitok/auth.age".publicKeys = sail; } diff --git a/system/nixos/anonymous-overflow.nix b/system/nixos/anonymous-overflow.nix index 00aca94..68b801c 100644 --- a/system/nixos/anonymous-overflow.nix +++ b/system/nixos/anonymous-overflow.nix @@ -39,12 +39,12 @@ in }; services.nginx.virtualHosts."overflow.daniel.sx" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/"; onlySSL = true; useACMEHost = "daniel.sx"; - basicAuthFile = config.age.secrets.anonymous-overflow-auth.path; locations."/" = { tryFiles = "$uri @proxy"; diff --git a/system/nixos/libreddit.nix b/system/nixos/libreddit.nix index 88993d7..03b8d4e 100644 --- a/system/nixos/libreddit.nix +++ b/system/nixos/libreddit.nix @@ -9,11 +9,11 @@ }; services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; onlySSL = true; useACMEHost = "daniel.sx"; - basicAuthFile = config.age.secrets.libreddit-auth.path; locations."/" = { recommendedProxySettings = true; diff --git a/system/nixos/nitter.nix b/system/nixos/nitter.nix index 2d9da29..a21c394 100644 --- a/system/nixos/nitter.nix +++ b/system/nixos/nitter.nix @@ -2,11 +2,6 @@ let nitter-pkg = pkgs.nitter-unstable; - - proxy-no-auth = { - recommendedProxySettings = true; - proxyPass = "http://127.0.0.1:8001"; - }; in { # Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/nitter.nix @@ -53,6 +48,7 @@ in }; services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; root = "${nitter-pkg}/share/nitter/public/"; @@ -63,11 +59,7 @@ in tryFiles = "$uri @proxy"; }; - locations."/pic/" = proxy-no-auth; - locations."/video/" = proxy-no-auth; - locations."@proxy" = { - basicAuthFile = config.age.secrets.nitter-auth.path; recommendedProxySettings = true; proxyPass = "http://127.0.0.1:8001"; }; diff --git a/system/nixos/rimgo.nix b/system/nixos/rimgo.nix index ed1ccad..931853e 100644 --- a/system/nixos/rimgo.nix +++ b/system/nixos/rimgo.nix @@ -41,11 +41,11 @@ in }; services.nginx.virtualHosts."ringo.daniel.sx" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; onlySSL = true; useACMEHost = "daniel.sx"; - basicAuthFile = config.age.secrets.rimgo-auth.path; locations."/" = { recommendedProxySettings = true;