msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Bepasty module

Browse Source
This commit is contained in:
Madeleine Sydney
2025-01-23 16:10:02 -07:00
parent fbd7553bc6
commit d2359a4eaf
5 changed files with 55 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.org
View File

@@ -169,10 +169,6 @@ A bit on the nose for a transfemme into computers, but my chosen name is also Ma
Used as a server admin account with little configuration. Used as a server admin account with little configuration.
** public
Another low-config, low-permission user for access to public resources.
* ~sydnix-cli~ * ~sydnix-cli~
sydnix-cli is a command-line utility written in Clojure wrapping various sydnix-related scripts. sydnix-cli is a command-line utility written in Clojure wrapping various sydnix-related scripts.

2
hosts/deertopia/configuration.nix
View File

@@ -10,7 +10,6 @@
users.users = [ users.users = [
"lain" "lain"
"public"
]; ];
impermanence = { impermanence = {
@@ -55,6 +54,7 @@
deertopia = { deertopia = {
nginx.enable = true; nginx.enable = true;
webdav.enable = true; webdav.enable = true;
bepasty.enable = true;
# A simple default webpage. This should probably live somewhere else. # A simple default webpage. This should probably live somewhere else.
nginx.vhosts."www" = { nginx.vhosts."www" = {

50
modules/nixos/deertopia/bepasty.nix Normal file
View File

@@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.sydnix.deertopia.bepasty;
in {
options = {
sydnix.deertopia.bepasty = {
enable = mkEnableOption "Bepasty";
port = lib.mkOption {
default = 22018;
type = lib.types.port;
description = ''
The internal port Bepasty is served on. The actual server will be
hosted at https://bin.deertopia.net:80/.
'';
};
};
};
config = mkIf cfg.enable {
sydnix.sops.secrets.bepasty-secret-key = {};
sydnix.sops.secrets.bepasty-secret-config = {};
sydnix.impermanence.directories = [
config.services.bepasty.servers."bin.deertopia.net".workDir
config.services.bepasty.servers."bin.deertopia.net".dataDir
];
services.bepasty = {
enable = true;
servers."bin.deertopia.net" = {
secretKeyFile = "/run/secrets/bepasty-secret-key";
extraConfig = ''
$(cat /run/secrets/bepasty-secret-config)
'';
bind = "127.0.0.1:${builtins.toString cfg.port}";
};
};
sydnix.deertopia.nginx.vhosts."bin".vhost = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString cfg.port}";
};
};
};
}

6
secrets.yaml
View File

@@ -1,4 +1,6 @@
nextcloud-admin: ENC[AES256_GCM,data:MfHTZw5Co7DdY6uYT7e4ydoVPg==,iv:KqK/UaDpiEM5MnR86peGZ4iLfhC5JK4IOdI2T7RDZNg=,tag:Tpx2FdYavXud4OLcT7drTQ==,type:str] nextcloud-admin: ENC[AES256_GCM,data:MfHTZw5Co7DdY6uYT7e4ydoVPg==,iv:KqK/UaDpiEM5MnR86peGZ4iLfhC5JK4IOdI2T7RDZNg=,tag:Tpx2FdYavXud4OLcT7drTQ==,type:str]
bepasty-secret-key: ENC[AES256_GCM,data:JmR425LSZP0/kVQAkLfAettWyQmRpLF9CiZOfcnzr4Hdp8TP8doSKqv7+ggJfP2cKa3C9JHUXcKjEjZ5g0wllQ==,iv:XUg3ii7sJ8BScA1aA+AAoocV4CYn3pMQ2aMjrfZeQM0=,tag:uKMwnDxJFhHatpjLfJV73Q==,type:str]
bepasty-secret-config: ENC[AES256_GCM,data:saI2S/E38x/Kj0OP4Zvoi+Gs0HWkEYgePOxMYbWGDyR2E3wxfZJzETI7PsR2vVdFdMYFq9Nn0NlydwgX9N+DPSH1o7lHkYSC9OAGGbaGb1BjsLCGu8n0fcBwGF1g+yqMD3bEZTIOa7pV2bzekciDbQ==,iv:MaJM2krIKzoz10v+5jxJBiTsFzJ4MpfqAxeX5rmhQoE=,tag:1QRaS7rR0yO7C89ye44plw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -14,8 +16,8 @@ sops:
aXZvL3RJRUtkOXR5OTFxcC9saXhGYVUKymDTIoxeHgJiM0rly5Zbp8kYoIUmmsWL aXZvL3RJRUtkOXR5OTFxcC9saXhGYVUKymDTIoxeHgJiM0rly5Zbp8kYoIUmmsWL
CMfXunhtA+u/vjDUHjyj41TTFbZMVl8FUzqMYoMxhIH6dQw8u1HKBA== CMfXunhtA+u/vjDUHjyj41TTFbZMVl8FUzqMYoMxhIH6dQw8u1HKBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-18T16:35:24Z" lastmodified: "2025-01-23T22:52:16Z"
mac: ENC[AES256_GCM,data:1oYl56zjPnzzX9pBMDwbnoZFiu+k9OXlz9bEnTXl6Flr7+D3sZZIo5I6IidvRdMU8kHBOA87pascTqhFd/LUkU3HOpF0CgQUxjwcKIbSZ2OEp/xKCh9C9trDXUh62eZrcgrjT5ST2r8uNcicKWKZVQxAa0S2AKd+5apUAvSouAE=,iv:X7EhB8l230wZviAw1lpj1G8KAhhcDvuoA+prbpLENUQ=,tag:uA0997qvRb8DZqBs5a32hg==,type:str] mac: ENC[AES256_GCM,data:AOctu7cwFNd0ivmZgvii55aS7Mj9IAvjrCSmFKrnMz6qlQy5pj5PVcU3FlZYDhWyelDggyhuhYeI7k3Aisq0pOFEIAMiGsH6T4vP6pJVLGSNkfmu1IXJj6wtdYQDscxdnQwVokOqXX9IufEAxCctBbMb7ok/f9NgD8j0X8kjXPM=,iv:4TSfRyb8NPE9WJMugl3AS8Nkveph/40jv+TlRTPedWY=,tag:CkHiWABRaL7vBHvJvbbbNA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1

22
users/public/default.nix
View File

@@ -1,22 +0,0 @@
{
systemConfiguration = { config, ... }: {
isNormalUser = true;
extraGroups = [ ];
initialHashedPassword =
"$y$j9T$uU64mjI.5Y1JICkKAaIgl0$kkO089hyDp3akSj7ReIKqFthA4T/d1w/nF40a5Tujt1";
openssh.authorizedKeys.keyFiles = [
../../public-keys/crumb-at-guix-rebound.pub
];
};
homeConfiguration = { config, lib, pkgs, ... }: {
imports = [
];
sydnix = {
};
# Don't touch!
home.stateVersion = "18.09";
};
}