msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deertopia): Binary cache

Browse Source 
- Provides a container whose traffic is routed through Mullvad VPN.
- An option `sydnix.deertopia.mullvad.container.modules` is provided to
  "hook into" the container's NixOS config.
This commit is contained in:
Madeleine Sydney
2025-03-10 12:50:36 -06:00
parent 720c39f2c1
commit 1ff3d14dd3
4 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/deertopia/configuration.nix
View File

@@ -47,6 +47,7 @@
webdav.enable = true; webdav.enable = true;
copyparty.enable = true; copyparty.enable = true;
syncthing.enable = true; syncthing.enable = true;
cache.enable = true;
# A simple default webpage. This should probably live somewhere else. # A simple default webpage. This should probably live somewhere else.
nginx.vhosts."www" = { nginx.vhosts."www" = {

25
modules/nixos/deertopia/cache.nix Normal file
View File

@@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.cache;
in {
options.sydnix.deertopia.cache.enable =
lib.mkEnableOption "Deertopia's binary cache";
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.deertopia-cache-key.mode = "0600";
services.nix-serve = {
enable = true;
secretKeyFile = config.sops.secrets.deertopia-cache-key.path;
};
sydnix.deertopia.nginx.vhosts."cache".vhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
let port = builtins.toString config.services.nix-serve.port;
in "http://127.0.0.1:${port}";
};
};
}

1
public-keys/deertopia-cache.pub.pem Normal file
View File

@@ -0,0 +1 @@
cache.deertopia.net:ZWh5BQrFHNKtZ/WvwgDglwy/eJuJUfpQdURDNlQlWoI=

6
secrets.yaml
View File

@@ -15,6 +15,8 @@ authelia-jwt-secret: ENC[AES256_GCM,data:uKWCq7x0mSZJKXDDhMNNPFCglLchlbzCDd68Gao
authelia-session-secret: ENC[AES256_GCM,data:4RXVjaR4O3Zy0MbS/yHV/YKTlJyrL0PmBhYQxYiadI3R/aoZaT7VwPyMVRgia031au6UojZFooETdWdzEVKRwA==,iv:rdUk5UsWI56myFu3necp+iIzMNMkzRZQcOGmjG3UD4I=,tag:pqFFuLb5TdPic/n+Ccf/cQ==,type:str] authelia-session-secret: ENC[AES256_GCM,data:4RXVjaR4O3Zy0MbS/yHV/YKTlJyrL0PmBhYQxYiadI3R/aoZaT7VwPyMVRgia031au6UojZFooETdWdzEVKRwA==,iv:rdUk5UsWI56myFu3necp+iIzMNMkzRZQcOGmjG3UD4I=,tag:pqFFuLb5TdPic/n+Ccf/cQ==,type:str]
authelia-storage-encryption-key: ENC[AES256_GCM,data:z/k/wXyLp53lZ50oaca/QIs55kF9iKT5ck/s6clFnhyLPkjFeTnVz9Met6klCrs/IkfPHOu50bS2o894D0Xa+A==,iv:Kd8xv6Rk1tTKYmp5/wFlj4HRqjVJQT5QzlpUQO9AF8o=,tag:nNzUumbV9Fgt+DveAmXY2w==,type:str] authelia-storage-encryption-key: ENC[AES256_GCM,data:z/k/wXyLp53lZ50oaca/QIs55kF9iKT5ck/s6clFnhyLPkjFeTnVz9Met6klCrs/IkfPHOu50bS2o894D0Xa+A==,iv:Kd8xv6Rk1tTKYmp5/wFlj4HRqjVJQT5QzlpUQO9AF8o=,tag:nNzUumbV9Fgt+DveAmXY2w==,type:str]
authelia-authentication-backend-ldap-password: ENC[AES256_GCM,data:VWHW3rjjYCiEw2TuDCAXBhkTMVFsjjQmHByB6H8SwNuF5rAxsZTN99jF9+BE66S3GBtgMJ7loJ/RHkZ4ukC1lQ==,iv:8Iz/ydhN6cnVqlUt0zsp0N6OGuiDwgu858MsJsp7SNM=,tag:8O9lbI//3CR0D7ATGmfLsw==,type:str] authelia-authentication-backend-ldap-password: ENC[AES256_GCM,data:VWHW3rjjYCiEw2TuDCAXBhkTMVFsjjQmHByB6H8SwNuF5rAxsZTN99jF9+BE66S3GBtgMJ7loJ/RHkZ4ukC1lQ==,iv:8Iz/ydhN6cnVqlUt0zsp0N6OGuiDwgu858MsJsp7SNM=,tag:8O9lbI//3CR0D7ATGmfLsw==,type:str]
mullvad-account-number: ENC[AES256_GCM,data:4YwyUGIjpkszBJ/rApsqfw==,iv:fz40K9elmeO19ZdhTT+VjI/DXa8emmSYd1Wqx+JBfU0=,tag:GJmbTVb1VB2cKarg+V1qbA==,type:str]
deertopia-cache-key: ENC[AES256_GCM,data:icKy8QZ59/zvQXgsTqN0PInUH3kgZBquwoAF0Lz3yy1avRI6z5DPuBAmj15lC8UmoDhTqi8nCvm5CGW1Xp5YgAQ5TgEWRpm8FWXxSofhLw8BotM4S3zxtCyefxcrW8Z7Lh7p25ECLrSX5F1h,iv:NNOWrgLrtg4WgG6IYWrVOhaTBmAaSeephvVwTT3VeUQ=,tag:zHmAil/falzhWXkvAV4PQA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -39,8 +41,8 @@ sops:
TXFLY2l0UHJ3Z0NGZjVpbTQ2UC8yaTQKA7wTmW9Ha6T2KmCr/nkXdizgv8+V6SAp TXFLY2l0UHJ3Z0NGZjVpbTQ2UC8yaTQKA7wTmW9Ha6T2KmCr/nkXdizgv8+V6SAp
ZhDO+uDQ1evIh2wLWMOXNJ3d/zplLCOTzR2xkqBIUp5V7MXj45RUIA== ZhDO+uDQ1evIh2wLWMOXNJ3d/zplLCOTzR2xkqBIUp5V7MXj45RUIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-21T22:42:25Z" lastmodified: "2025-03-12T18:28:36Z"
mac: ENC[AES256_GCM,data:a/xPkNMYY6rhiy3aPqQIVneSLvDkLVeZ0ugtiGKUrOn540CnSn2tCNACoqTfGRuOExpWqTjs6ihoE8R9eN8hIY3VKCRhXBFkO+sEZKwsF/YsXQcRprDKSQdRTjYBDa8OURlJlevLGLy1N+UY7l3IPW9cD5WhBW/nwqP++WnvQbc=,iv:PxsAguORboTxe+bL5OlVEQwTg+o+WBm7dY1IC08OcQY=,tag:JV9FwvwHFK7kRQHREnz5Vw==,type:str] mac: ENC[AES256_GCM,data:jQCvZ/quZSDdkjzUKLbdbHSWuTvSs8TvMHxW2+nUt/ZUcwvel+Qhv0Yn4Ao1iDcwaO+MqPquXWQpBlRy3K3ADgThhKBkL2ZcCSaZ6bJA8KkCvk5BxE4+Il77cTr/gAYk/anWVLK8qLoMhjvSHVWUydGzsIL0w0kDHlEfIM4WC14=,iv:Z0tvSatR6d54LOtz1dlJuwYMrmE3uPh9L08OpUkF8zc=,tag:b/MrbFhhgPGtCEMvW7JGYQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4