diff --git a/home/podman.nix b/home/podman.nix index 32b8105..c8f3bf8 100644 --- a/home/podman.nix +++ b/home/podman.nix @@ -189,6 +189,40 @@ }; }; + gitea-anubis = { + image = "ghcr.io/techarohq/anubis:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK???? + "/pool/services/secrets/anubis-nginx" + ]; + environment = { + DIFFICULTY = "4"; + SERVE_ROBOTS_TXT = "true"; + POLICY_FNAME = "/data/cfg/botPolicy.json"; + OG_PASSTHROUGH = "true"; + OG_EXPIRY_TIME = "24h"; + BIND = ":3002"; + METRICS_BIND = ":9090"; + TARGET = "http://192.168.0.30:3001"; + }; + + volumes = [ + "/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro" + ]; + ports = [ + "3002:3002" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + home-assistant = { image = "ghcr.io/home-assistant/home-assistant:stable"; autoStart = true; @@ -476,6 +510,40 @@ }; }; + nginx-anubis = { + image = "ghcr.io/techarohq/anubis:latest"; + autoStart = true; + autoUpdate = "registry"; + network = "bridge"; + environmentFile = [ + "/pool/services/secrets/default" + "/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK???? + "/pool/services/secrets/anubis-nginx" + ]; + environment = { + DIFFICULTY = "4"; + SERVE_ROBOTS_TXT = "true"; + POLICY_FNAME = "/data/cfg/botPolicy.json"; + OG_PASSTHROUGH = "true"; + OG_EXPIRY_TIME = "24h"; + BIND = ":8881"; + METRICS_BIND = ":9090"; + TARGET = "http://192.168.0.30:888"; + }; + + volumes = [ + "/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro" + ]; + ports = [ + "8881:8881" + ]; + extraConfig = { + Service = { + TimeoutStartSec = 900; + }; + }; + }; + nginx-proxy-manager = { image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; autoStart = true; diff --git a/hosts/server/settings.nix b/hosts/server/settings.nix index 8e69804..659e01d 100644 --- a/hosts/server/settings.nix +++ b/hosts/server/settings.nix @@ -2,6 +2,18 @@ { + age.secrets = { + "restic/environmentFile".file = ../../secrets/restic/environmentFile.age; + "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age; + "restic/passwordFile".file = ../../secrets/restic/passwordFile.age; + "zfs/pool.key".file = ../../secrets/zfs/pool.key.age; + }; + + age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; + + + boot.loader.limine.biosDevice = "/dev/vda"; + networking = { hostName = "nixos-server"; hostId = "bbe3b289"; @@ -17,16 +29,7 @@ defaultGateway = "192.168.0.1"; nameservers = [ "192.168.0.1" "1.1.1.1" ]; }; - - age.secrets = { - "restic/environmentFile".file = ../../secrets/restic/environmentFile.age; - "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age; - "restic/passwordFile".file = ../../secrets/restic/passwordFile.age; - "zfs/pool.key".file = ../../secrets/zfs/pool.key.age - }; - users.users.admin.linger = true; - age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/secrets/zfs/pool.key.age b/secrets/zfs/pool.key.age new file mode 100644 index 0000000..1f12aa8 --- /dev/null +++ b/secrets/zfs/pool.key.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 XBJw1w aT4N7lGsXH1XV4wBrZ1xoRVOjWrpMcBtNR8gMHUyfRM +sz4CvrJNgx+ms7kGTfg0Wly6Mc2NDwn4sWYvfsJI5lA +--- 9c9kfNpfGRAC6qAkHsfe65j2/83xeo1iIYqNxWMqLy8 +#efIf/*[0~Wqy'j*gSyBy@jjv kϐ +&0P`"+Ȳ%rG \ No newline at end of file