prescientmoon/satellite
1
Fork 0
Code Activity

Set up diptime and provision invidious hmac key

Browse source
This commit is contained in:
prescientmoon 2024-03-11 16:08:32 +01:00
parent d7db3abaae
commit 1edf1e65b5
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
6 changed files with 42 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/nixos/lapetus/default.nix
View file

@ -17,6 +17,7 @@
./services/grafana.nix ./services/grafana.nix
./services/commafeed.nix ./services/commafeed.nix
./services/invidious.nix ./services/invidious.nix
./services/diptime.nix
./filesystems ./filesystems
./hardware ./hardware
]; ];

5
hosts/nixos/lapetus/secrets.yaml
View file

@ -2,6 +2,7 @@ tilde_irc_pass: ENC[AES256_GCM,data:+pw/g0pffo1zF++1H/+iFXQDCDw=,iv:zTBvaUCwt78d
vaultwarden_env: ENC[AES256_GCM,data:39gY2J+AFTwIRar7tbF6D9WadTzw1xiqPE9T204Z,iv:k9m6wQIPh1qScCjgLnULjVxVmDxxmotd/xzVuH6ju/w=,tag:+xIkwguOwYryO4rgsyMOsQ==,type:str] vaultwarden_env: ENC[AES256_GCM,data:39gY2J+AFTwIRar7tbF6D9WadTzw1xiqPE9T204Z,iv:k9m6wQIPh1qScCjgLnULjVxVmDxxmotd/xzVuH6ju/w=,tag:+xIkwguOwYryO4rgsyMOsQ==,type:str]
grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQBOW/ay/8w5HrbxRoPGBh/0wST4=,tag:jat8wA3JQlC7WbOwNQ4Ctw==,type:str] grafana_smtp_pass: ENC[AES256_GCM,data:PudFnWOS6LR69FMhlMs=,iv:4oKSiW0Xgu539w3QQBOW/ay/8w5HrbxRoPGBh/0wST4=,tag:jat8wA3JQlC7WbOwNQ4Ctw==,type:str]
grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str] grafana_discord_webhook: ENC[AES256_GCM,data:y17UjlnfNmtvim9REkop4abcU6BX0P5JnJY1Mk7mNoE6mhyN7cEOrikTbehT+IOylG6rd+VtKIEj0X86qjx59qEo/NMbXqCrqxy6nhWD2NIDxQ5ZSQOUMVYGVLv7VKx3YG5mMvGgMHZEuJrobc0t6WejKAZ3LT/nqQ==,iv:2XtCnuirsXx2R2X7FozDczi4trAbnP5d8dXV7aJMWzE=,tag:a/dxsRuyye5ChaLGV+P6Zw==,type:str]
invidious_hmac_key: ENC[AES256_GCM,data:eN3NNPYUSfPNnVz3aZK7IrnzoBA=,iv:eHEiB/TKL0W6TdWpXADCxEdhhGwUPwOLph2RjwTECh0=,tag:P5m6Uw8JkKVegQ840talPQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -26,8 +27,8 @@ sops:
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-24T06:59:54Z" lastmodified: "2024-03-11T15:04:07Z"
mac: ENC[AES256_GCM,data:bv5+uXVeYog3sHM4iGe6GFq8mtrqnZGY6eNXdotk8R2Sp2ZR6ZNtxzzUhebsB7gdwcv70+bUQV7qi+FU0T/FvCPJ0J7IRpL//vRWG1jwcblYgkCLtaI3+rfZb4qgWZSRK2xS/I5Nz6mVSG+fvw88gsMTbe5t3aSkaCZB4yiGlHY=,iv:0b6Wo/TYNjTsnhAFwdFH/cWsWbnmbEYmge0ItJ5oIYE=,tag:zgd++po5YFUo4+k5weYrkg==,type:str] mac: ENC[AES256_GCM,data:2J7kixr5PlrPE65grLiYoZCK4x1vIcbGLblVYu0cJ6rR6cUjvigf7xBPx9dgswRjGJxjUs971ZafRdP3sZUBzUWfhgGv0JO1fGuFGytBj3lEnkVIbbWm7lzaG3DJ+orF3SmhN95nVBjJ/oJ9+129T6/y3zrveu6yfjsEELdkcDY=,iv:t/q82qmUZ1g9haGskhcJzNXDngMeJdNQ7il1W9ME5AU=,tag:yRmKCc1nnj4fVlQaEw9oNQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

12
hosts/nixos/lapetus/services/diptime.nix Normal file
View file

@ -0,0 +1,12 @@
# I couldn't find a hosted version of this
{ pkgs, config, ... }: {
imports = [ ../../common/optional/services/nginx.nix ];
services.nginx.virtualHosts."diptime.moonythm.dev" =
config.satellite.static (pkgs.fetchFromGitHub {
owner = "bhickey";
repo = "diplomatic-timekeeper";
rev = "d6ea7b9d9e94ee6d2db8e4e7cff5f8f1c3f04464";
sha256 = "09s6awz5m6hzpc6jp96c118i372430c7b41acm5m62bllcvrj9vk";
});
}

16
hosts/nixos/lapetus/services/homer.nix
View file

@ -22,11 +22,8 @@ in
{ {
imports = [ ../../common/optional/services/nginx.nix ]; imports = [ ../../common/optional/services/nginx.nix ];
services.nginx.virtualHosts."lab.moonythm.dev" = { services.nginx.virtualHosts."lab.moonythm.dev" =
enableACME = true; config.satellite.static (pkgs.homer.withAssets {
acmeRoot = null;
forceSSL = true;
root = pkgs.homer.withAssets {
extraAssets = [ iconPath ]; extraAssets = [ iconPath ];
config = { config = {
title = " The celestial citadel "; title = " The celestial citadel ";
@ -129,11 +126,16 @@ in
logo = icon "invidious.png"; logo = icon "invidious.png";
url = "https://yt.moonythm.dev"; url = "https://yt.moonythm.dev";
} }
{
name = "Diptime";
subtitle = "Diplomacy timer";
icon = fa "globe";
url = "https://diptime.moonythm.dev";
}
]; ];
} }
# }}} # }}}
]; ];
}; };
}; });
};
} }

8
hosts/nixos/lapetus/services/invidious.nix
View file

@ -4,10 +4,15 @@
../../common/optional/services/postgres.nix ../../common/optional/services/postgres.nix
]; ];
sops.secrets.invidious_hmac_key.sopsFile = ../secrets.yaml;
services.nginx.virtualHosts.${config.services.invidious.domain} =
config.satellite.proxy config.services.invidious.port { };
services.invidious = { services.invidious = {
enable = true; enable = true;
domain = "yt.moonythm.dev"; domain = "yt.moonythm.dev";
port = 8414; port = 8414;
keyFile = config.sops.secrets.invidious_hmac_key.path;
nginx.enable = true; nginx.enable = true;
@ -23,7 +28,4 @@
}; };
}; };
}; };
services.nginx.virtualHosts.${config.services.invidious.domain} =
config.satellite.proxy config.services.invidious.port { };
} }

12
modules/nixos/nginx.nix
View file

@ -4,10 +4,22 @@
description = "Helper function for generating a quick proxy config"; description = "Helper function for generating a quick proxy config";
}; };
options.satellite.static = lib.mkOption {
type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
description = "Helper function for generating a quick file serving config";
};
config.satellite.proxy = port: extra: { config.satellite.proxy = port: extra: {
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; } // extra; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; } // extra;
}; };
config.satellite.static = root: {
inherit root;
enableACME = true;
acmeRoot = null;
forceSSL = true;
};
} }