Set up microbin
This commit is contained in:
parent
6427d73464
commit
1396706e07
|
@ -22,6 +22,7 @@
|
||||||
./services/redlib.nix
|
./services/redlib.nix
|
||||||
./services/jellyfin.nix
|
./services/jellyfin.nix
|
||||||
./services/qbittorrent.nix
|
./services/qbittorrent.nix
|
||||||
|
./services/microbin.nix
|
||||||
# ./services/ddclient.nix
|
# ./services/ddclient.nix
|
||||||
./filesystems
|
./filesystems
|
||||||
./hardware
|
./hardware
|
||||||
|
|
|
@ -8,6 +8,6 @@ invidious_hmac_key: ...
|
||||||
# contents of `credentials.json` file generated by `cloudflared tunnel create`
|
# contents of `credentials.json` file generated by `cloudflared tunnel create`
|
||||||
cloudflare_tunnel_credentials: |
|
cloudflare_tunnel_credentials: |
|
||||||
...
|
...
|
||||||
microbin_end: |
|
microbin_env: |
|
||||||
MICROBIN_ADMIN_PASSWORD=...
|
MICROBIN_ADMIN_PASSWORD=...
|
||||||
MICROBIN_UPLOAD_PASSWORD=...
|
MICROBIN_UPLOAD_PASSWORD=...
|
||||||
|
|
|
@ -4,7 +4,7 @@ grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQ
|
||||||
grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str]
|
grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str]
|
||||||
invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
|
invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
|
||||||
cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
|
cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/AF60P8CnIhjJlMd+jRk36QovuBRRjkfV8BjOg0K+2b4yNHT/nS/ZSV6eorj4sbczw6D+p7LxrQfeVqqhXWyCjbJwQTTDFU9XB2xUohmmC1PJ1/nwShfn1LocPxgwWQiNpqwhTJroojzqxTHUBzCuAMmcZ7jwvd0SlDpZIszhbTQoLRzedRZpCdoNnWTc,iv:2oBLU3SvNUwJ2OYfCmyKiocUw9zU+yixO+tY/AE9sxc=,tag:T3v+MII+kDzomiAQJ0zUdg==,type:str]
|
||||||
microbin_end: ENC[AES256_GCM,data:BKpNrLJD9uwm5ci6iWLReLNfcPMaeNMxgR3qi7biMdwXyiJJ3DgwY5fQKmkJtvwDgZtDWAf9kc5Qrq2BBb+UiRKHSXZRRm38xBYbT8bVmQ==,iv:dezdvAkohS9skUCiVYweCgiUpcdWl4poG+0XLOcO0nA=,tag:Q6qhlWwBelNI5qNDy53vOw==,type:str]
|
microbin_env: ENC[AES256_GCM,data:lyJMsYPjhuvSM/QsfVrFuHw2Q8A7JwRtsP5Vk5hTc8wSKNr9JfVPC/GTyfyg5qd2jV2KV4MXqYo1QrJTJIds6K4nfRrv59ezzw5mSERQMw==,iv:m/ewkJhWeMa6/wfDv2oLhFKnGzyt6byZQM5cV2347gI=,tag:7egHnwVFoazMH5ymGJQVfw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -29,8 +29,8 @@ sops:
|
||||||
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
|
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
|
||||||
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
|
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-09T12:59:03Z"
|
lastmodified: "2024-05-09T13:04:55Z"
|
||||||
mac: ENC[AES256_GCM,data:w9N/RksullxikCGYjQU5cPS8cHmFrOAIALSt0gDRpAjfEs9uDmUwIvhnUEYj9aY3w/u7ypFxgmWxauf6R4vzyPLfVFWeFD5c8NVsZgaLNbDIajh6Ppm6WxylatqD8/oQOFNrY97QbXtgbEHMnh0Ie0P1cgxd2S6pTjdQ057EYUY=,iv:+dRKQleou8Uq+JqfGrxpf5Y5OWARjdWw5VXJTT0PY5c=,tag:ADpXbfZgNIZn2sDpTI7Vmw==,type:str]
|
mac: ENC[AES256_GCM,data:B1M5tO66pBIVlT76oKZF6wWMzug4+gyTwNMLHmrTRicKcCq1kV57+57VdfCLy1Q1/BTWTLD9FBoWsRkbKE/Mg3vpDvPlGImVMVvH7izyoTAmmXZbWf/1aiMUpE1U2ZyunCM5R2CnfjyBVi9m6x2yPgcGqniBlaB8N28xiTntYbU=,iv:tUQ8w/bZ3AFWIrac+Xy29UZwd70Au79W4BafPkjhppI=,tag:Ndv5ZeY5GlOg5PBFEO0qiw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
16
hosts/nixos/lapetus/services/cloudflared.nix
Normal file
16
hosts/nixos/lapetus/services/cloudflared.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
sops.secrets.cloudflare_tunnel_credentials = {
|
||||||
|
sopsFile = ../secrets.yaml;
|
||||||
|
owner = config.services.cloudflared.user;
|
||||||
|
group = config.services.cloudflared.group;
|
||||||
|
};
|
||||||
|
|
||||||
|
satellite.cloudflared.tunnel = "347d9ead-a523-4f8b-bca7-3066e31e2952";
|
||||||
|
services.cloudflared = {
|
||||||
|
enable = true;
|
||||||
|
tunnels.${config.satellite.cloudflared.tunnel} = {
|
||||||
|
credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
|
||||||
|
default = "http_status:404";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,19 +9,4 @@
|
||||||
rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464";
|
rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464";
|
||||||
sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk";
|
sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk";
|
||||||
});
|
});
|
||||||
|
|
||||||
sops.secrets.cloudflare_tunnel_credentials = {
|
|
||||||
sopsFile = ../secrets.yaml;
|
|
||||||
owner = config.services.cloudflared.user;
|
|
||||||
group = config.services.cloudflared.group;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.cloudflared = {
|
|
||||||
enable = true;
|
|
||||||
tunnels."347d9ead-a523-4f8b-bca7-3066e31e2952" = {
|
|
||||||
credentialsFile = config.sops.secrets.cloudflare_tunnel_credentials.path;
|
|
||||||
default = "http_status:404";
|
|
||||||
ingress."diptime.moonythm.dev" = "http://localhost:8416";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
31
hosts/nixos/lapetus/services/microbin.nix
Normal file
31
hosts/nixos/lapetus/services/microbin.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, ... }:
|
||||||
|
let port = 8418;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ ./cloudflared.nix ];
|
||||||
|
|
||||||
|
sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
|
||||||
|
services.cloudflared.tunnels =
|
||||||
|
config.satellite.cloudflared.proxy "bin.moonythm.dev" port;
|
||||||
|
|
||||||
|
services.microbin = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/persist/state/var/lib/microbin";
|
||||||
|
settings = {
|
||||||
|
# High level settings
|
||||||
|
MICROBIN_ADMIN_USERNAME = "prescientmoon";
|
||||||
|
MICROBIN_PORT = toString port;
|
||||||
|
MICROBIN_DISABLE_TELEMETRY = "true";
|
||||||
|
|
||||||
|
# Toggle certain features
|
||||||
|
MICROBIN_READONLY = "true"; # Requires a password to upload
|
||||||
|
MICROBIN_QR = "true"; # Allows generating qr codes
|
||||||
|
MICROBIN_ETERNAL_PASTA = "true"; # Allows marking pastas to never be deleted
|
||||||
|
|
||||||
|
# Make UI more minimal
|
||||||
|
MICROBIN_HIDE_FOOTER = "true";
|
||||||
|
MICROBIN_HIDE_HEADER = "true";
|
||||||
|
MICROBIN_HIDE_LOGO = "true";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
22
modules/nixos/cloudflared.nix
Normal file
22
modules/nixos/cloudflared.nix
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let cfg = config.satellite.cloudflared;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.satellite.cloudflared = {
|
||||||
|
tunnel = lib.mkOption {
|
||||||
|
type = lib.types.string;
|
||||||
|
description = "Cloudflare tunnel id to use for the `satellite.cloudflared.proxy` helper";
|
||||||
|
};
|
||||||
|
|
||||||
|
proxy = lib.mkOption {
|
||||||
|
type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
|
||||||
|
description = "Helper function for generating a quick proxy config";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config.satellite.proxy = from: port: {
|
||||||
|
${cfg.tunnel} = {
|
||||||
|
ingress.${from} = "http://localhost${toString port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
# example = import ./example.nix;
|
# example = import ./example.nix;
|
||||||
|
cloudflaredd = import ./cloudflared.nix;
|
||||||
nginx = import ./nginx.nix;
|
nginx = import ./nginx.nix;
|
||||||
pounce = import ./pounce.nix;
|
pounce = import ./pounce.nix;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue