From ca831ff3e51a71bd8211e003bde101e1208c9d47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Sun, 13 Apr 2025 12:12:30 +0000 Subject: [PATCH] fwminex: +plik --- data.nix | 1 + hosts/fwminex/configuration.nix | 17 ++++++++++++++++- secrets.nix | 1 + secrets/fwminex/up.jakstys.lt.env.age | Bin 0 -> 717 bytes 4 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 secrets/fwminex/up.jakstys.lt.env.age diff --git a/data.nix b/data.nix index 681a645..5d3aaf4 100644 --- a/data.nix +++ b/data.nix @@ -31,6 +31,7 @@ rec { ssh8022 = 8022; vaultwarden = 8222; headscale = 8080; + plik = 8099; hass = 8123; prometheus = 9001; tailscale = 41641; diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index cda5f14..08457a7 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -28,6 +28,7 @@ in syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age; frigate.file = ../../secrets/frigate.age; timelapse.file = ../../secrets/timelapse.age; + plik.file = ../../secrets/fwminex/up.jakstys.lt.env.age; r1-htpasswd = { file = ../../secrets/r1-htpasswd.age; owner = "nginx"; @@ -137,8 +138,8 @@ in bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt"; in { + preStart = "ln -sf $CREDENTIALS_DIRECTORY/up.jakstys.lt.env /run/caddy/up.jakstys.lt.env"; serviceConfig = { - # 2025-02-11 blocks system from upgrading during reload ExecReload = lib.mkForce ""; @@ -151,7 +152,10 @@ in "grafana.jakstys.lt-key.pem:${grafana.keyFile}" "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}" "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}" + "up.jakstys.lt.env:${config.age.secrets.plik.path}" ]; + RuntimeDirectory = "caddy"; + EnvironmentFile = [ "-/run/caddy/up.jakstys.lt.env" ]; }; after = [ "nsd-acme-r1.jakstys.lt.service" @@ -228,6 +232,11 @@ in powerKeyLongPress = "poweroff"; }; + plikd = { + enable = true; + settings.ListenPort = myData.ports.plik; + }; + soju = { enable = true; listen = [ @@ -292,6 +301,12 @@ in tls {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-key.pem redir https://r1.jakstys.lt:8443 ''; + "up.jakstys.lt".extraConfig = '' + basic_auth { + {$PLIK_USER} {$PLIK_PASSWORD} + } + reverse_proxy 127.0.0.1:${toString myData.ports.plik} + ''; "irc.jakstys.lt".extraConfig = let gamja = pkgs.compressDrvWeb (pkgs.gamja.override { diff --git a/secrets.nix b/secrets.nix index 05466fa..0c9afee 100644 --- a/secrets.nix +++ b/secrets.nix @@ -81,6 +81,7 @@ in "secrets/fwminex/syncthing/key.pem.age" "secrets/fwminex/syncthing/cert.pem.age" + "secrets/fwminex/up.jakstys.lt.env.age" ] // mk ( [ diff --git a/secrets/fwminex/up.jakstys.lt.env.age b/secrets/fwminex/up.jakstys.lt.env.age new file mode 100644 index 0000000000000000000000000000000000000000..9ad6838829f0cb48aac09c96dfe3bd481f9fd2e2 GIT binary patch literal 717 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnD-2FFb5zLjD=rDk zD+^064@@?8Eewqe2=uow%5V-d@h>h43keD{G!F8wG;oUy3FY!ib*cz7Ee+2s@u@Vm z@HaKh3=c~4Nc6Dqt;(t}at*6;NiX#?ut-V_O9t5%0kJ45C91f>A}^$>!csfLDJ;N8 z-#0rmAkinyrL4@+!z`$v+`A&AFh8~2*pbV^BCN1DEi5zJ%p}J(F|*9iIm^(%HPJ1^ z+utHIDWg0$$kg31$2Zlpq8!PFsx;FwlZtfbGSf`s^wR9ml*FXO+yGzq&|o*8>57+dNh=S0n;IhiX$kJ3JbN}S>Qpboe-^h?)XMg{qvJitP zN8fCa4F#EHx&=n2W(wMsM(+CM3XUaN=7Ev=W?7~|IYmyU!RY}-8QSTFfu6Yqp83g@ z{uXX&nFcADDgORp6 z#$HZ^z9@EO`4y%ZJ1RI9CmNUsl!q4uWjI?p`RjYQB!@(p1Q>;t2KW`2Ic7%YR)u=_ zWg1x|`$TY6Wfpstq?;Cd=Ou2l_X_ndIe`28;3*~rFmKARb>Smmjsjgp;ul}C7`T9|k`CL5-kdApW57iZ)+7dx66nR{9I1QzR;L}VIShC~`=c_ee~oYm-; znsUHkRTtl$)}MELqK~F%ZxXZfjcS}bv$5hPf2fb>^rsg7&vqxbF#KM(&GXG0-ib}m zFI#9DM#@`iPG7p+U8*$e+>!IHk*hZ>TyA-+RpU2Psmq+%`!_z%lDWKA)XO8YXyevu bT`A=WcZ?nW*cHrJ^TJp$FEe;UV_`P{Y)tq{ literal 0 HcmV?d00001