motiejus/config
1
Fork 0
Code Packages Releases Activity

fwminex: +plik

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-04-13 12:12:30 +00:00
parent 6fc546e187
commit ca831ff3e5
4 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data.nix
View File

@@ -31,6 +31,7 @@ rec {
ssh8022 = 8022; ssh8022 = 8022;
vaultwarden = 8222; vaultwarden = 8222;
headscale = 8080; headscale = 8080;
plik = 8099;
hass = 8123; hass = 8123;
prometheus = 9001; prometheus = 9001;
tailscale = 41641; tailscale = 41641;

17
hosts/fwminex/configuration.nix
View File

@@ -28,6 +28,7 @@ in
syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age; syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
frigate.file = ../../secrets/frigate.age; frigate.file = ../../secrets/frigate.age;
timelapse.file = ../../secrets/timelapse.age; timelapse.file = ../../secrets/timelapse.age;
plik.file = ../../secrets/fwminex/up.jakstys.lt.env.age;
r1-htpasswd = { r1-htpasswd = {
file = ../../secrets/r1-htpasswd.age; file = ../../secrets/r1-htpasswd.age;
owner = "nginx"; owner = "nginx";
@@ -137,8 +138,8 @@ in
bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt"; bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
in in
{ {
preStart = "ln -sf $CREDENTIALS_DIRECTORY/up.jakstys.lt.env /run/caddy/up.jakstys.lt.env";
serviceConfig = { serviceConfig = {
# 2025-02-11 blocks system from upgrading during reload # 2025-02-11 blocks system from upgrading during reload
ExecReload = lib.mkForce ""; ExecReload = lib.mkForce "";
@@ -151,7 +152,10 @@ in
"grafana.jakstys.lt-key.pem:${grafana.keyFile}" "grafana.jakstys.lt-key.pem:${grafana.keyFile}"
"bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}" "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
"bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}" "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
"up.jakstys.lt.env:${config.age.secrets.plik.path}"
]; ];
RuntimeDirectory = "caddy";
EnvironmentFile = [ "-/run/caddy/up.jakstys.lt.env" ];
}; };
after = [ after = [
"nsd-acme-r1.jakstys.lt.service" "nsd-acme-r1.jakstys.lt.service"
@@ -228,6 +232,11 @@ in
powerKeyLongPress = "poweroff"; powerKeyLongPress = "poweroff";
}; };
plikd = {
enable = true;
settings.ListenPort = myData.ports.plik;
};
soju = { soju = {
enable = true; enable = true;
listen = [ listen = [
@@ -292,6 +301,12 @@ in
tls {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-key.pem tls {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/r1.jakstys.lt-key.pem
redir https://r1.jakstys.lt:8443 redir https://r1.jakstys.lt:8443
''; '';
"up.jakstys.lt".extraConfig = ''
basic_auth {
{$PLIK_USER} {$PLIK_PASSWORD}
}
reverse_proxy 127.0.0.1:${toString myData.ports.plik}
'';
"irc.jakstys.lt".extraConfig = "irc.jakstys.lt".extraConfig =
let let
gamja = pkgs.compressDrvWeb (pkgs.gamja.override { gamja = pkgs.compressDrvWeb (pkgs.gamja.override {

1
secrets.nix
View File

@@ -81,6 +81,7 @@ in
"secrets/fwminex/syncthing/key.pem.age" "secrets/fwminex/syncthing/key.pem.age"
"secrets/fwminex/syncthing/cert.pem.age" "secrets/fwminex/syncthing/cert.pem.age"
"secrets/fwminex/up.jakstys.lt.env.age"
] ]
// mk ( // mk (
[ [

BIN
secrets/fwminex/up.jakstys.lt.env.age Normal file
View File

Binary file not shown.