diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 069d11b..d6e318f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -21,6 +21,7 @@ ./services/home-assistant.nix ./services/matrix ./services/metrics + ./services/microbin.nix ./services/minecraft.nix ./services/vaultwarden.nix ]; diff --git a/hosts/defiant/services/microbin.nix b/hosts/defiant/services/microbin.nix new file mode 100644 index 0000000..c99ffa1 --- /dev/null +++ b/hosts/defiant/services/microbin.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.services.microbin; + domain = "p.feal.no"; + address = "127.0.1.2"; + max_upload_mb = 1024; + port = 5006; +in { + + services.microbin = { + enable = true; + # passwordFile = "/run/credentials/microbin.service/secrets"; + passwordFile = config.sops.secrets."microbin/secrets".path; + settings = { + MICROBIN_BIND = address; + MICROBIN_ENABLE_BURN_AFTER = true; + MICROBIN_FOOTER_TEXT = "Be nice or go away"; + MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = max_upload_mb; + MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = max_upload_mb; + MICROBIN_PORT = port; + MICROBIN_PUBLIC_PATH = "https://${domain}/"; + MICROBIN_QR = true; + MICROBIN_TITLE = "felixalbs pasta collection"; + }; + }; + + sops.secrets."microbin/secrets" = { }; + + services.nginx.virtualHosts."${domain}" = { + forceSSL = true; + enableACME = true; + + listen = [ + { addr = "192.168.10.175"; port = 43443; ssl = true; } + { addr = "192.168.10.175"; port = 43080; ssl = false; } + ]; + + extraConfig = '' + client_max_body_size ${toString max_upload_mb}M; + ''; + + locations."/" = { + proxyPass = "http://${address}:${toString port}"; + }; + }; +} diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml index 27c16c0..6993d9f 100644 --- a/secrets/defiant/defiant.yaml +++ b/secrets/defiant/defiant.yaml @@ -5,6 +5,8 @@ hedgedoc: env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str] vaultwarden: admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str] +microbin: + secrets: ENC[AES256_GCM,data:GaEbiNENeLnVrqcJBHCks844WiYtVmU3yeGTLdrhPhPCfdgMiGst2nwIeTAGxqcy2Wn3Jo6hsGsHaGnFVgZ8+6Ej8rAU2Q==,iv:0EPKzBU/iy8YWZhJDF/iPCpfOneiLgf27XHby89RvB8=,tag:4oNhGEFjz4GylUXH/UuF+Q==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +31,8 @@ sops: RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-29T22:35:52Z" - mac: ENC[AES256_GCM,data:wLuNSHMesuGxoYH4km/NkX58JcZgXCoQW5veh+wL8A3vmWg+HGkcnWLxhGPetG4fhdORkurr+/l803Y3Fq79C5C3JyMSZEI5ba9LL9SLnJsTu9B+sro6DRp0xCX8kvY/Hfl23jsg8NcJ2QoiE0eHMJ5LftSydSNPefnkzSz70UU=,iv:r8Cv2kOf2T3WwXLpDyTVDG+O6RcIhv+juIteCgR+Zlc=,tag:EoaPXCOprA5yBtnyORmXvA==,type:str] + lastmodified: "2024-02-21T21:11:56Z" + mac: ENC[AES256_GCM,data:NBmL+eOcavjU/xhQZtDvuJvvG+wXjU+PGayaNuTDdbo4zk1j8twoVrLCSOLVZuCFO88/2YEtmMJkNOEsPO2hbDhJl5k20g1880rQt4LhPn5sdHyxzrPL3ehDWNLyZy+JMl0SbDI/yjNRH/jX7UxjcBjMCW4WVQpqFK2na20PYfI=,iv:A9h6ziIZUDbtzTmTeSFYZcBKQ1KMkEkQe7PW6ahW/XQ=,tag:VfYygPnzeTMDUXyyNlCcZg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1