1
Fork 0

Set up microbin

This commit is contained in:
prescientmoon 2024-05-09 15:20:03 +02:00
parent 6427d73464
commit 1396706e07
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
8 changed files with 75 additions and 19 deletions

View file

@ -22,6 +22,7 @@
./services/redlib.nix
./services/jellyfin.nix
./services/qbittorrent.nix
./services/microbin.nix
# ./services/ddclient.nix
./filesystems
./hardware

View file

@ -8,6 +8,6 @@ invidious_hmac_key: ...
# contents of `credentials.json` file generated by `cloudflared tunnel create`
cloudflare_tunnel_credentials: |
...
microbin_end: |
microbin_env: |
MICROBIN_ADMIN_PASSWORD=...
MICROBIN_UPLOAD_PASSWORD=...

View file

@ -4,7 +4,7 @@ grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQ
grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str]
invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
microbin_end: ENC[AES256_GCM,data:BKpNrLJD9uwm5ci6iWLReLNfcPMaeNMxgR3qi7biMdwXyiJJ3DgwY5fQKmkJtvwDgZtDWAf9kc5Qrq2BBb+UiRKHSXZRRm38xBYbT8bVmQ==,iv:dezdvAkohS9skUCiVYweCgiUpcdWl4poG+0XLOcO0nA=,tag:Q6qhlWwBelNI5qNDy53vOw==,type:str]
microbin_env: ENC[AES256_GCM,data:lyJMsYPjhuvSM/QsfVrFuHw2Q8A7JwRtsP5Vk5hTc8wSKNr9JfVPC/GTyfyg5qd2jV2KV4MXqYo1QrJTJIds6K4nfRrv59ezzw5mSERQMw==,iv:m/ewkJhWeMa6/wfDv2oLhFKnGzyt6byZQM5cV2347gI=,tag:7egHnwVFoazMH5ymGJQVfw==,type:str]
sops:
kms: []
gcp_kms: []
@ -29,8 +29,8 @@ sops:
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-09T12:59:03Z"
mac: ENC[AES256_GCM,data:w9N/RksullxikCGYjQU5cPS8cHmFrOAIALSt0gDRpAjfEs9uDmUwIvhnUEYj9aY3w/u7ypFxgmWxauf6R4vzyPLfVFWeFD5c8NVsZgaLNbDIajh6Ppm6WxylatqD8/oQOFNrY97QbXtgbEHMnh0Ie0P1cgxd2S6pTjdQ057EYUY=,iv:+dRKQleou8Uq+JqfGrxpf5Y5OWARjdWw5VXJTT0PY5c=,tag:ADpXbfZgNIZn2sDpTI7Vmw==,type:str]
lastmodified: "2024-05-09T13:04:55Z"
mac: ENC[AES256_GCM,data:B1M5tO66pBIVlT76oKZF6wWMzug4+gyTwNMLHmrTRicKcCq1kV57+57VdfCLy1Q1/BTWTLD9FBoWsRkbKE/Mg3vpDvPlGImVMVvH7izyoTAmmXZbWf/1aiMUpE1U2ZyunCM5R2CnfjyBVi9m6x2yPgcGqniBlaB8N28xiTntYbU=,iv:tUQ8w/bZ3AFWIrac+Xy29UZwd70Au79W4BafPkjhppI=,tag:Ndv5ZeY5GlOg5PBFEO0qiw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -0,0 +1,16 @@
{ config, ... }: {
sops.secrets.cloudflare_tunnel_credentials = {
sopsFile = ../secrets.yaml;
owner = config.services.cloudflared.user;
group = config.services.cloudflared.group;
};
satellite.cloudflared.tunnel = "347d9ead-a523-4f8b-bca7-3066e31e2952";
services.cloudflared = {
enable = true;
tunnels.${config.satellite.cloudflared.tunnel} = {
credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
default = "http_status:404";
};
};
}

View file

@ -9,19 +9,4 @@
rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464";
sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk";
});
sops.secrets.cloudflare_tunnel_credentials = {
sopsFile = ../secrets.yaml;
owner = config.services.cloudflared.user;
group = config.services.cloudflared.group;
};
services.cloudflared = {
enable = true;
tunnels."347d9ead-a523-4f8b-bca7-3066e31e2952" = {
credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
default = "http_status:404";
ingress."diptime.moonythm.dev" = "http://localhost:8416";
};
};
}

View file

@ -0,0 +1,31 @@
{ config, ... }:
let port = 8418;
in
{
imports = [ ./cloudflared.nix ];
sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
services.cloudflared.tunnels =
config.satellite.cloudflared.proxy "bin.moonythm.dev" port;
services.microbin = {
enable = true;
dataDir = "/persist/state/var/lib/microbin";
settings = {
# High level settings
MICROBIN_ADMIN_USERNAME = "prescientmoon";
MICROBIN_PORT = toString port;
MICROBIN_DISABLE_TELEMETRY = "true";
# Toggle certain features
MICROBIN_READONLY = "true"; # Requires a password to upload
MICROBIN_QR = "true"; # Allows generating qr codes
MICROBIN_ETERNAL_PASTA = "true"; # Allows marking pastas to never be deleted
# Make UI more minimal
MICROBIN_HIDE_FOOTER = "true";
MICROBIN_HIDE_HEADER = "true";
MICROBIN_HIDE_LOGO = "true";
};
};
}

View file

@ -0,0 +1,22 @@
{ config, lib, ... }:
let cfg = config.satellite.cloudflared;
in
{
options.satellite.cloudflared = {
tunnel = lib.mkOption {
type = lib.types.string;
description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper";
};
proxy = lib.mkOption {
type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
description = "Helper function for generating a quick proxy config";
};
};
config.satellite.proxy = from: port: {
${cfg.tunnel} = {
ingress.${from} = "http://localhost${toString port}";
};
};
}

View file

@ -2,6 +2,7 @@
{
# example = import ./example.nix;
cloudflaredd = import ./cloudflared.nix;
nginx = import ./nginx.nix;
pounce = import ./pounce.nix;
}