Commit c7f2702

HPCesia <me@hpcesia.com>
2025-10-05 14:30:57
refactor: migrate gokapi
1 parent 930f120
hosts/chaser-pardofelis/caddy.nix
@@ -15,7 +15,6 @@ in {
     virtualHosts = let
       localAddress = {
         atuin = "http://localhost:${builtins.toString config.services.atuin.port}";
-        gokapi = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
         grafana = "http://localhost:${builtins.toString config.services.grafana.settings.server.http_port}";
         homepage = "http://localhost:${builtins.toString config.services.homepage-dashboard.listenPort}";
         prometheus = "http://${config.services.victoriametrics.listenAddress}";
@@ -58,10 +57,6 @@ in {
         encode zstd gzip
         reverse_proxy ${localAddress.prometheus}
       '';
-      "send.hpcesia.com".extraConfig = ''
-        encode zstd gzip
-        reverse_proxy ${localAddress.gokapi}
-      '';
     };
   };
 }
hosts/chaser-pardofelis/gokapi.nix
@@ -1,67 +0,0 @@
-{
-  lib,
-  config,
-  myvars,
-  ...
-}: {
-  services.gokapi = {
-    enable = true;
-    mutableSettings = true;
-    environment = {
-      GOKAPI_PORT = 53842;
-      GOKAPI_ADMIN_USER = myvars.useremail;
-    };
-    settings = {
-      ServerUrl = "https://send.hpcesia.com/";
-      RedirectUrl = "https://github.com/Forceu/Gokapi/";
-      PublicName = "Tribios";
-      DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
-      UseSsl = false;
-      SaveIp = false;
-      IncludeFilename = true;
-      MaxFileSizeMB = 2048;
-      MaxMemory = 50;
-      ChunkSize = 45;
-      MaxParallelUploads = 4;
-      PicturesAlwaysLocal = false;
-      Encryption = {
-        Level = 0;
-        Cipher = null;
-      };
-      Authentication = {
-        Method = 1;
-        Username = "HPCesia";
-        OauthProvider = "https://authelia.hpcesia.com";
-        OAuthClientId = "gokapi";
-        OAuthRecheckInterval = 12;
-      };
-    };
-    settingsFile = config.sops.templates.gokapi-config.path;
-  };
-
-  systemd.services.gokapi.serviceConfig = {
-    DynamicUser = lib.mkForce false;
-    User = "gokapi";
-    Group = "gokapi";
-  };
-
-  sops.templates.gokapi-config = {
-    content = builtins.toJSON {
-      Authentication = {
-        SaltAdmin = config.sops.placeholder.gokapi-salt-admin;
-        SaltFiles = config.sops.placeholder.gokapi-salt-files;
-        OAuthClientSecret = config.sops.placeholder.gokapi-oauth-secret;
-      };
-    };
-    owner = "root";
-    group = "gokapi";
-    mode = "0440";
-  };
-
-  users.users.gokapi = {
-    isSystemUser = true;
-    useDefaultShell = true;
-    group = "gokapi";
-  };
-  users.groups.gokapi = {};
-}
modules/hosts/chaser-pardofelis/default.nix
@@ -28,6 +28,7 @@
           "forgejo-runner"
           "freshrss"
           "goatcounter"
+          "gokapi"
           "gotosocial"
           "podman"
           "restic"
modules/services/gokapi/default.nix
@@ -0,0 +1,76 @@
+{lib, ...}: {
+  flake.modules.nixos."services/gokapi" = {config, ...}: {
+    services.gokapi = {
+      enable = true;
+      mutableSettings = true;
+      environment = {
+        GOKAPI_PORT = 53842;
+        GOKAPI_ADMIN_USER = "me@hpcesia.com";
+      };
+      settings = {
+        ServerUrl = "https://send.hpcesia.com/";
+        RedirectUrl = "https://github.com/Forceu/Gokapi/";
+        PublicName = "Tribios";
+        DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
+        UseSsl = false;
+        SaveIp = false;
+        IncludeFilename = true;
+        MaxFileSizeMB = 2048;
+        MaxMemory = 50;
+        ChunkSize = 45;
+        MaxParallelUploads = 4;
+        PicturesAlwaysLocal = false;
+        Encryption = {
+          Level = 0;
+          Cipher = null;
+        };
+        Authentication = {
+          Method = 1;
+          Username = "HPCesia";
+          OauthProvider = "https://authelia.hpcesia.com";
+          OAuthClientId = "gokapi";
+          OAuthRecheckInterval = 12;
+        };
+      };
+      settingsFile = config.vaultix.templates.gokapi-config.path;
+    };
+
+    systemd.services.gokapi.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      User = "gokapi";
+      Group = "gokapi";
+    };
+    users.users.gokapi = {
+      isSystemUser = true;
+      useDefaultShell = true;
+      group = "gokapi";
+    };
+    users.groups.gokapi = {};
+
+    services.caddy.virtualHosts."send.hpcesia.com".extraConfig =
+      lib.mkIf config.services.caddy.enable
+      (let
+        localAddress = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
+      in ''
+        encode zstd gzip
+        reverse_proxy ${localAddress}
+      '');
+
+    vaultix.templates.gokapi-config = {
+      content = builtins.toJSON {
+        Authentication = {
+          SaltAdmin = config.vaultix.placeholder.gokapi-salt-admin;
+          SaltFiles = config.vaultix.placeholder.gokapi-salt-files;
+          OAuthClientSecret = config.vaultix.placeholder.gokapi-oauth-secret;
+        };
+      };
+      owner = "root";
+      group = "gokapi";
+      mode = "0440";
+    };
+
+    vaultix.secrets.gokapi-salt-admin.file = ./salt-admin.age;
+    vaultix.secrets.gokapi-salt-files.file = ./salt-files.age;
+    vaultix.secrets.gokapi-oauth-secret.file = ./oauth-secret.age;
+  };
+}
modules/services/gokapi/oauth-secret.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 LueeTOQC07sA/kW8If2K1o+KRyn8Ejg/fM9iBJWmaiE
+bpNB9kk5zBznY7uNCW8bNjCHvsEUIBxgqsvsebmEqBY
+-> .VsxvxK3-grease znth-r0 :n-N@N/K
+PW2SfBMLajwjczv1qD8IqG/1efwBKHmZoQxzmSQusg
+--- 5l1KDWRi/XLmiv3BGrPoMqHUm4WaVTdZ6A9fPjMJH+0
+�2*
+�}26C��)$
,��ŋ��6��T��&��M[��덽UCGe�}d>bgB�Qakc��7M�„qEU��ûa�:j�Is[]y����`�z�H��M|��Ⓚ
\ No newline at end of file
modules/services/gokapi/salt-admin.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 3o9MlrkwVG9+hIRopcppzKlk5VQpctaYZ9gAOopO2Es
+yEGGszAHNXlIrUABTNS480VRU/+SbxMvmxK1E29l9sk
+-> 1/-grease
+0Q
+--- lncozHj3VrGkjIhmu5XTgA+pDHNY726PxDbmCbiixA4
+�Qo�!o�Ҟk��W��Z������m�㸨"�6�Ph5�jbv�yg2�|ޕ�ʮ��V��
\ No newline at end of file
modules/services/gokapi/salt-files.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 eVCiUvn75wpJ0Bps0w85Z/CZipEl9wR6mgERjvOPsUk
+FSpiG/vCRha9Dszlqx8yP5EF6YG1aqoRqOhS98/ZSrU
+-> T;I"BF~x-grease 4sK[>2E 0!,d
+JdLuswra/Lph61NGkblTFGiBZFj7pm+M4npk2j9KgzIwMWGJvex54tcmpXwOTDCm
+
+--- l+b2A5w4o9Q6cPvWZvPkMunqsnvhyBt38+75+WlZ1Gs
+������Ȥ4�00xus���PZ��V���H�]i�'�'�R���8��K�}Ị����
�w�
+��
\ No newline at end of file
secrets/cache/pardofelis/2ab84fb04b4587999321d4a69704955d86c1a414504757757ba26dc9fd06a471
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw Xydwx8BQ/XuQXg1XGR/gaNXPTc7YYY0AasdJJ2U3f20
+W+oIGbI4uqfWT9Db8luhlMaQbMsJrYElV1noD+BPfoE
+-> ezGaN-grease 0U8fo$ B#B!E #33RW
+Oqfa5W23ULBmP3FWF2pI+D4y4vTaOxcIssoOYBknK8GFCOHat2yVj9Y
+--- 1HbCku3d5Uz3oMpiuKDNog33zZwjK7Le7FYJy5W5lF0
+����j?�_���w������o�Ma4?���t*�E��#Y%����\Ӟ�(E?����
\ No newline at end of file
secrets/cache/pardofelis/85411a1e5d8e020c14bee7eb60ce29cfe83fe7a12b327861170d99ce28439253
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw tvLgZUY27eBQpY2RIsXFhvJ2qgq3Rmy7DTDSwL1BuSs
+CzeNkfB52Rjk3u1vbTXeURSqmK3GSbjGlmfQbuvou7U
+-> 0>Z%Dgv]-grease V:E6?
+/e5Arg
+--- 3Deyj/taZzcUG3y+qr7NOrgsthZDhE1IWkrlbbB8AG4
+���{�Ip�r/�n�$��1��x�������߰��7��A��xļk�������k���ÝXN$
\ No newline at end of file
secrets/cache/pardofelis/ee305208cadcd7feb577f3b18ef2680e5382c60f1f27e98a417e91ab3c5a3abf
Binary file