Commit c7f2702
Changed files (10)
hosts
chaser-pardofelis
modules
hosts
chaser-pardofelis
services
hosts/chaser-pardofelis/caddy.nix
@@ -15,7 +15,6 @@ in {
virtualHosts = let
localAddress = {
atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
- gokapi = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
prometheus = "http://${config.services.victoriametrics.listenAddress}";
@@ -58,10 +57,6 @@ in {
encode zstd gzip
reverse_proxy ${localAddress.prometheus}
'';
- "send.hpcesia.com".extraConfig = ''
- encode zstd gzip
- reverse_proxy ${localAddress.gokapi}
- '';
};
};
}
hosts/chaser-pardofelis/gokapi.nix
@@ -1,67 +0,0 @@
-{
- lib,
- config,
- myvars,
- ...
-}: {
- services.gokapi = {
- enable = true;
- mutableSettings = true;
- environment = {
- GOKAPI_PORT = 53842;
- GOKAPI_ADMIN_USER = myvars.useremail;
- };
- settings = {
- ServerUrl = "https://send.hpcesia.com/";
- RedirectUrl = "https://github.com/Forceu/Gokapi/";
- PublicName = "Tribios";
- DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
- UseSsl = false;
- SaveIp = false;
- IncludeFilename = true;
- MaxFileSizeMB = 2048;
- MaxMemory = 50;
- ChunkSize = 45;
- MaxParallelUploads = 4;
- PicturesAlwaysLocal = false;
- Encryption = {
- Level = 0;
- Cipher = null;
- };
- Authentication = {
- Method = 1;
- Username = "HPCesia";
- OauthProvider = "https://authelia.hpcesia.com";
- OAuthClientId = "gokapi";
- OAuthRecheckInterval = 12;
- };
- };
- settingsFile = config.sops.templates.gokapi-config.path;
- };
-
- systemd.services.gokapi.serviceConfig = {
- DynamicUser = lib.mkForce false;
- User = "gokapi";
- Group = "gokapi";
- };
-
- sops.templates.gokapi-config = {
- content = builtins.toJSON {
- Authentication = {
- SaltAdmin = config.sops.placeholder.gokapi-salt-admin;
- SaltFiles = config.sops.placeholder.gokapi-salt-files;
- OAuthClientSecret = config.sops.placeholder.gokapi-oauth-secret;
- };
- };
- owner = "root";
- group = "gokapi";
- mode = "0440";
- };
-
- users.users.gokapi = {
- isSystemUser = true;
- useDefaultShell = true;
- group = "gokapi";
- };
- users.groups.gokapi = {};
-}
modules/hosts/chaser-pardofelis/default.nix
@@ -28,6 +28,7 @@
"forgejo-runner"
"freshrss"
"goatcounter"
+ "gokapi"
"gotosocial"
"podman"
"restic"
modules/services/gokapi/default.nix
@@ -0,0 +1,76 @@
+{lib, ...}: {
+ flake.modules.nixos."services/gokapi" = {config, ...}: {
+ services.gokapi = {
+ enable = true;
+ mutableSettings = true;
+ environment = {
+ GOKAPI_PORT = 53842;
+ GOKAPI_ADMIN_USER = "me@hpcesia.com";
+ };
+ settings = {
+ ServerUrl = "https://send.hpcesia.com/";
+ RedirectUrl = "https://github.com/Forceu/Gokapi/";
+ PublicName = "Tribios";
+ DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
+ UseSsl = false;
+ SaveIp = false;
+ IncludeFilename = true;
+ MaxFileSizeMB = 2048;
+ MaxMemory = 50;
+ ChunkSize = 45;
+ MaxParallelUploads = 4;
+ PicturesAlwaysLocal = false;
+ Encryption = {
+ Level = 0;
+ Cipher = null;
+ };
+ Authentication = {
+ Method = 1;
+ Username = "HPCesia";
+ OauthProvider = "https://authelia.hpcesia.com";
+ OAuthClientId = "gokapi";
+ OAuthRecheckInterval = 12;
+ };
+ };
+ settingsFile = config.vaultix.templates.gokapi-config.path;
+ };
+
+ systemd.services.gokapi.serviceConfig = {
+ DynamicUser = lib.mkForce false;
+ User = "gokapi";
+ Group = "gokapi";
+ };
+ users.users.gokapi = {
+ isSystemUser = true;
+ useDefaultShell = true;
+ group = "gokapi";
+ };
+ users.groups.gokapi = {};
+
+ services.caddy.virtualHosts."send.hpcesia.com".extraConfig =
+ lib.mkIf config.services.caddy.enable
+ (let
+ localAddress = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
+ in ''
+ encode zstd gzip
+ reverse_proxy ${localAddress}
+ '');
+
+ vaultix.templates.gokapi-config = {
+ content = builtins.toJSON {
+ Authentication = {
+ SaltAdmin = config.vaultix.placeholder.gokapi-salt-admin;
+ SaltFiles = config.vaultix.placeholder.gokapi-salt-files;
+ OAuthClientSecret = config.vaultix.placeholder.gokapi-oauth-secret;
+ };
+ };
+ owner = "root";
+ group = "gokapi";
+ mode = "0440";
+ };
+
+ vaultix.secrets.gokapi-salt-admin.file = ./salt-admin.age;
+ vaultix.secrets.gokapi-salt-files.file = ./salt-files.age;
+ vaultix.secrets.gokapi-oauth-secret.file = ./oauth-secret.age;
+ };
+}
modules/services/gokapi/oauth-secret.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 LueeTOQC07sA/kW8If2K1o+KRyn8Ejg/fM9iBJWmaiE
+bpNB9kk5zBznY7uNCW8bNjCHvsEUIBxgqsvsebmEqBY
+-> .VsxvxK3-grease znth-r0 :n-N@N/K
+PW2SfBMLajwjczv1qD8IqG/1efwBKHmZoQxzmSQusg
+--- 5l1KDWRi/XLmiv3BGrPoMqHUm4WaVTdZ6A9fPjMJH+0
+�2*
+�}26C��)$
,��ŋ��6��T��&��M[��덽UCGe�}d>bgB�Qakc��7M�qEU��ûa�:j�Is[]y����`�z�H��M|��Ⓚ
\ No newline at end of file
modules/services/gokapi/salt-admin.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 3o9MlrkwVG9+hIRopcppzKlk5VQpctaYZ9gAOopO2Es
+yEGGszAHNXlIrUABTNS480VRU/+SbxMvmxK1E29l9sk
+-> 1/-grease
+0Q
+--- lncozHj3VrGkjIhmu5XTgA+pDHNY726PxDbmCbiixA4
+�Qo�!o�Ҟk��W��Z������m�㸨"�6�Ph5�jbv�yg2�|ޕ�ʮ��V��
\ No newline at end of file
modules/services/gokapi/salt-files.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 eVCiUvn75wpJ0Bps0w85Z/CZipEl9wR6mgERjvOPsUk
+FSpiG/vCRha9Dszlqx8yP5EF6YG1aqoRqOhS98/ZSrU
+-> T;I"BF~x-grease 4sK[>2E 0!,d
+JdLuswra/Lph61NGkblTFGiBZFj7pm+M4npk2j9KgzIwMWGJvex54tcmpXwOTDCm
+
+--- l+b2A5w4o9Q6cPvWZvPkMunqsnvhyBt38+75+WlZ1Gs
+������Ȥ4�00xus���PZ��V���H�]i�'�'�R���8��K�}Ị����
�w�
+��
\ No newline at end of file
secrets/cache/pardofelis/2ab84fb04b4587999321d4a69704955d86c1a414504757757ba26dc9fd06a471
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw Xydwx8BQ/XuQXg1XGR/gaNXPTc7YYY0AasdJJ2U3f20
+W+oIGbI4uqfWT9Db8luhlMaQbMsJrYElV1noD+BPfoE
+-> ezGaN-grease 0U8fo$ B#B!E #33RW
+Oqfa5W23ULBmP3FWF2pI+D4y4vTaOxcIssoOYBknK8GFCOHat2yVj9Y
+--- 1HbCku3d5Uz3oMpiuKDNog33zZwjK7Le7FYJy5W5lF0
+����j?�_���w������o�Ma4?���t*�E��#Y%����\Ӟ�(E?����
\ No newline at end of file
secrets/cache/pardofelis/85411a1e5d8e020c14bee7eb60ce29cfe83fe7a12b327861170d99ce28439253
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw tvLgZUY27eBQpY2RIsXFhvJ2qgq3Rmy7DTDSwL1BuSs
+CzeNkfB52Rjk3u1vbTXeURSqmK3GSbjGlmfQbuvou7U
+-> 0>Z%Dgv]-grease V:E6?
+/e5Arg
+--- 3Deyj/taZzcUG3y+qr7NOrgsthZDhE1IWkrlbbB8AG4
+���{�Ip�r/�n�$��1��x�������߰��7��A��xļk�������k���ÝXN$
\ No newline at end of file
secrets/cache/pardofelis/ee305208cadcd7feb577f3b18ef2680e5382c60f1f27e98a417e91ab3c5a3abf
Binary file