64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
virtualisation.arion.projects.proxitok.settings = {
|
|
services = {
|
|
proxitok-web = {
|
|
service = {
|
|
image = "ghcr.io/pablouser1/proxitok:master";
|
|
container_name = "proxitok-web";
|
|
restart = "unless-stopped";
|
|
depends_on = [ "proxitok-signer" ];
|
|
ports = [ "127.0.0.1:8005:80" ];
|
|
env_file = [ config.age.secrets.proxitok-environment.path ];
|
|
volumes = [
|
|
"/etc/container-proxitok/cache:/cache"
|
|
];
|
|
labels = {
|
|
"com.centurylinklabs.watchtower.enable" = "true";
|
|
};
|
|
};
|
|
};
|
|
|
|
proxitok-signer = {
|
|
service = {
|
|
image = "ghcr.io/pablouser1/signtok:master";
|
|
container_name = "proxitok-signer";
|
|
restart = "unless-stopped";
|
|
labels = {
|
|
"com.centurylinklabs.watchtower.enable" = "true";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /etc/container-proxitok/cache 0755 33 33"
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
|
|
virtualHosts."proxitok.only.internal" = {
|
|
listen = [
|
|
{
|
|
addr = "127.0.0.1";
|
|
port = 80;
|
|
}
|
|
];
|
|
|
|
forceSSL = false;
|
|
enableACME = false;
|
|
|
|
locations."/" = {
|
|
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://127.0.0.1:8005";
|
|
};
|
|
};
|
|
};
|
|
}
|