Commit 77156ba
Changed files (6)
hosts
chaser-pardofelis
secrets
hosts
pardofelis
hosts/chaser-pardofelis/homepage/default.nix
@@ -99,10 +99,10 @@ in {
};
};
"工具" = mapHomepageConf {
- Vaultwarden = {
- href = "https://bitwarden.hpcesia.com/";
- icon = "vaultwarden.svg";
- siteMonitor = "https://bitwarden.hpcesia.com/";
+ Gokapi = {
+ href = "https://send.hpcesia.com/admin";
+ icon = "sh-gokapi.png";
+ siteMonitor = "https://send.hpcesia.com/";
};
Hoppscotch = {
href = "https://hoppscotch.io/";
hosts/chaser-pardofelis/authelia.nix
@@ -22,6 +22,10 @@
};
};
identity_validation.reset_password.jwt_algorithm = "HS512";
+ identity_providers.oidc.cors = {
+ endpoints = ["authorization" "token" "revocation" "introspection"];
+ allowed_origins = ["https://*.hpcesia.com" "https://*.trin.one"];
+ };
identity_providers.oidc.clients = [
{
# Refer: https://www.authelia.com/integration/openid-connect/clients/forgejo
@@ -42,6 +46,19 @@
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
+ {
+ # Refer: https://www.authelia.com/integration/openid-connect/clients/forgejo
+ client_id = "gokapi";
+ client_name = "Tribios";
+ client_secret = ''{{ secret "${config.sops.secrets."authelia-main-client-secrets-gokapi".path}" }}'';
+ public = false;
+ authorization_policy = "one_factor";
+ redirect_uris = [
+ "https://send.hpcesia.com/oauth-callback"
+ ];
+ scopes = ["openid" "email" "profile" "groups"];
+ userinfo_signed_response_alg = "none";
+ }
];
authentication_backend.file = {
path = "/var/lib/authelia-main/users_database.yaml";
hosts/chaser-pardofelis/caddy.nix
@@ -24,6 +24,7 @@
}";
forgejo = "http://localhost:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
goatcounter = "http://localhost:${builtins.toString config.services.goatcounter.port}";
+ gokapi = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
gotosocial = "http://localhost:${builtins.toString config.services.gotosocial.settings.port}";
grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
@@ -71,6 +72,10 @@
encode zstd gzip
reverse_proxy ${localAddress.forgejo}
'';
+ "send.hpcesia.com".extraConfig = ''
+ encode zstd gzip
+ reverse_proxy ${localAddress.gokapi}
+ '';
"trin.one".extraConfig = ''
encode zstd gzip
reverse_proxy ${localAddress.gotosocial}
hosts/chaser-pardofelis/gokapi.nix
@@ -0,0 +1,65 @@
+{
+ lib,
+ config,
+ ...
+}: {
+ services.gokapi = {
+ enable = true;
+ mutableSettings = true;
+ environment = {
+ GOKAPI_PORT = 53842;
+ };
+ settings = {
+ ServerUrl = "https://send.hpcesia.com/";
+ RedirectUrl = "https://github.com/Forceu/Gokapi/";
+ PublicName = "Tribios";
+ DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
+ UseSsl = false;
+ SaveIp = false;
+ IncludeFilename = true;
+ MaxFileSizeMB = 2048;
+ MaxMemory = 50;
+ ChunkSize = 45;
+ MaxParallelUploads = 4;
+ PicturesAlwaysLocal = false;
+ Encryption = {
+ Level = 0;
+ Cipher = null;
+ };
+ Authentication = {
+ Method = 1;
+ Username = "HPCesia";
+ OauthProvider = "https://authelia.hpcesia.com";
+ OAuthClientId = "gokapi";
+ OAuthRecheckInterval = 12;
+ };
+ };
+ settingsFile = config.sops.templates.gokapi-config.path;
+ };
+
+ systemd.services.gokapi.serviceConfig = {
+ DynamicUser = lib.mkForce false;
+ User = "gokapi";
+ Group = "gokapi";
+ };
+
+ sops.templates.gokapi-config = {
+ content = builtins.toJSON {
+ Authentication = {
+ SaltAdmin = config.sops.placeholder.gokapi-salt-admin;
+ SaltFiles = config.sops.placeholder.gokapi-salt-files;
+ OAuthClientSecret = config.sops.placeholder.gokapi-oauth-secret;
+ };
+ };
+ owner = "root";
+ group = "gokapi";
+ mode = "0440";
+ };
+
+ users.users.gokapi = {
+ isSystemUser = true;
+ useDefaultShell = true;
+ group = "gokapi";
+ };
+ users.groups.gokapi = {};
+}
secrets/hosts/pardofelis/default.nix
@@ -121,6 +121,13 @@ in
// autheliaMainConf
// secretFileConf;
}
+ {
+ name = "authelia-main-client-secrets-gokapi";
+ value =
+ {key = "services/authelia/main/clientSecrets/gokapi";}
+ // autheliaMainConf
+ // secretFileConf;
+ }
# === Artalk === #
{
name = "artalk-akismet-key";
@@ -157,6 +164,19 @@ in
// artalkConf
// secretFileConf;
}
+ # === Gokapi === #
+ {
+ name = "gokapi-salt-admin";
+ value = {key = "services/gokapi/saltAdmin";} // secretFileConf;
+ }
+ {
+ name = "gokapi-salt-files";
+ value = {key = "services/gokapi/saltFiles";} // secretFileConf;
+ }
+ {
+ name = "gokapi-oauth-secret";
+ value = {key = "services/gokapi/oauthSecret";} // secretFileConf;
+ }
]
)
)
secrets/hosts/pardofelis/secrets.yaml
@@ -19,10 +19,15 @@ services:
emailPassword: ENC[AES256_GCM,data:u2oITTJX3yIGpkv8xWnoSFQGUv/SUw1G,iv:y0eh74YZ2mA2toYmxTqU6a5sycWQPGwJNgqDhlX9pIQ=,tag:2VjyYKydIrMr8/OjbgzPjw==,type:str]
githubClientId: ENC[AES256_GCM,data:ju1RHdc5cx99s+NQXfhk/b80jLI=,iv:84ly8arMzezgoxo61Barey/NaEYWF7c9HY5DS7fl2Gg=,tag:r7pf4jKkhsW+GAiGf2CG9A==,type:str]
githubClientSecret: ENC[AES256_GCM,data:pyt5ddWBtBA2A8MQDkT4toLgwVwa5VnlWGOwEFldMerYCtw4F9X7Ow==,iv:H2YbbmBTGskZ+1yLTZTICO0bzR9LADN+4Bl+/P1s1TE=,tag:DF9WXdE/isxZUNblpRUv5g==,type:str]
+ gokapi:
+ saltAdmin: ENC[AES256_GCM,data:oSOq+fA75Iv4GjFqUlcyA7vB1RHE9hUgVtQp0iw9,iv:h0VB/szqUN2KKmd5T7I6diinygw/d7uRfR4bIpado4w=,tag:CAVs81P23jqhiRy8fJEgcA==,type:str]
+ saltFiles: ENC[AES256_GCM,data:4OYUZFZr4Z89ufEpT7TCOi87Yk0JAIOPpuBFuGXI,iv:gldYRfNAWhdM0EivqgJ8mGtjbq0omBrgI/j5UBw/0bE=,tag:dAmms78ooZUX8OeEzV9E2Q==,type:str]
+ oauthSecret: ENC[AES256_GCM,data:K1rtzHjeJGCKgB0D3kOX3KmrsAkI7nW/EEMjpFEc4tkvY/Fw68VzqvKBPhRnSbiwETEiIvgUm081U+IHFzuI6FEA+okU2jCZ,iv:agXGqOsFvpZF95Zo8YxXcGeet2nIaKWJopxO3ZIGvBo=,tag:BKhcJm5SixS7oYZ+DDYD8w==,type:str]
authelia:
main:
clientSecrets:
forgejo: ENC[AES256_GCM,data:UvHmLsPzcpibjh9fJL5TawicsgGfhCi7kNO5LexWwWU3je8qTZmt9uWPUSW+MkJoN7Mx4EWG7T3ZqReK1t6/rMeE8zmNHw+ea6AfIpOhNejxTMd0j1CnMrIKnCvSWnXNgTueo0mYQxT7qnsh8Q+VurrOr1TudvNpIjoXISLIQ5yxABo=,iv:WZm/Z4VwcEZ8Ipd3Bw98PkjZdcWYXFt1Uhgq/+wgUSA=,tag:s/nx+8pWAVkTmRyuP07auQ==,type:str]
+ gokapi: ENC[AES256_GCM,data:kbICBV5SUIHCCL8RU2/0dHQEugrHvl3YP7r/k1tOlKC0mRh6m3XTgcYKpttEgm+Y3PgK3X6/0wQL7k2jWAQq6pMn5kQ4gH7L6BCdjUiE2TxI1wjOFd4LR2koM9x7LTkgb0md23IoCIG+QbpF/a+tRonmqg+FJh2gH0iwpqt9k3cmP8E=,iv:mKJ2AXJ1o/dcRnWiGMVwamWywjk6SwWxhyDXmQaoopE=,tag:/RXJCkpI85aeoUCCbfejDw==,type:str]
jwtSecret: ENC[AES256_GCM,data:czKoD+m8bu0ioTjXYmGv8ZhQphTgsv3GEAvgY4JsxbhAEDgzR1U/Pm7n3FuoIbCCPI6TQcRN2cB4NrvNNUoqZg==,iv:MZbgnw3GkgkQQNk2i4wNFkqcrsyIqdB1GbfeN+NTlwQ=,tag:MN7dV2BDjXxI3AxOYNie1Q==,type:str]
oidcHmacSecret: ENC[AES256_GCM,data:BOB1jTSl/yi/rPll1Frd2eFJQdZ+vI2c291Aot50eKZcaLzqA9OwUKY3MlXhyk68RF0p/krFNwRq1c4vhOTrDg==,iv:l5AS24F/Zv2iLf4TYpqR9AOFAzloYEoOVq/SHl2+OuQ=,tag:8nMMAI8TghiMSfDJ+qOYLQ==,type:str]
sessionSecret: ENC[AES256_GCM,data:kztWuKe/1zcnOypdbKh2SQ5LzS96XdjOngkJGDmtc8JdyJNbDbbAztLvN5FdUtJgo+Ltq6xFMsK5vQfIhmzttg==,iv://+sTH+dyZ18OUP9yJ67xEUhlR7gTLaL6Pich5VT4Qw=,tag:2JEAqUfmIwzSmKEaxBhkAQ==,type:str]
@@ -48,8 +53,8 @@ sops:
MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-31T12:56:51Z"
- mac: ENC[AES256_GCM,data:8nvliPtSMgYYos0PTHHa8O+THld8IJnCWIPtD8/9YZfMfK7YBXm/yMEgDe7mcOa0y796MjDtwt7TFTZFF3L7bX1tQJ1HWGURPGhROskVlurN9j50qyU83LFOTbI0gGCJjiYWDOfCT0IZxDwJcdOxBD+MZRZwqMH8akefgAODte0=,iv:SyL7R9H0t/WZhUwFqKhc+9x1nKCJX9x44X3XD2+Zjro=,tag:gv+Y4I11ulQKAr9Q2QarBA==,type:str]
+ lastmodified: "2025-07-31T16:20:35Z"
+ mac: ENC[AES256_GCM,data:sUp5iU2DRyCg+X6iCh73hKkCXwE65B8dm73sHu8e9nB032ctaRt4Ymc8zySIDhCj/ehCj2xeZy49TymGJYrsq9APSgquDuEWdC0hDG3D6dEPlgOGh4rolY9s/EtK2ciyA3oA1UfEHKYagblm2WnkECU2oIe4PmXTWlvyQIKOYo4=,iv:vOqJi2At4QGoOLAdsKWqds76viPZJrj9giiY7gMTFi4=,tag:KuOaDP8jui5FpBriayj3lA==,type:str]
pgp:
- created_at: "2025-07-15T13:47:27Z"
enc: |-