feat: add Bepasty module

2025-01-23 16:10:02 -07:00
parent fbd7553bc6
commit d2359a4eaf
5 changed files with 55 additions and 29 deletions
--- a/README.org
+++ b/README.org
@@ -169,10 +169,6 @@ A bit on the nose for a transfemme into computers, but my chosen name is also Ma

 Used as a server admin account with little configuration.

-** public
-
-Another low-config, low-permission user for access to public resources.
-
 * ~sydnix-cli~

 sydnix-cli is a command-line utility written in Clojure wrapping various sydnix-related scripts.
--- a/hosts/deertopia/configuration.nix
+++ b/hosts/deertopia/configuration.nix
@@ -10,7 +10,6 @@

    users.users = [
      "lain"
-      "public"
    ];

    impermanence = {
@@ -55,6 +54,7 @@
    deertopia = {
      nginx.enable = true;
      webdav.enable = true;
+      bepasty.enable = true;

      # A simple default webpage.  This should probably live somewhere else.
      nginx.vhosts."www" = {
--- a/modules/nixos/deertopia/bepasty.nix
+++ b/modules/nixos/deertopia/bepasty.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.sydnix.deertopia.bepasty;
+in {
+  options = {
+    sydnix.deertopia.bepasty = {
+      enable = mkEnableOption "Bepasty";
+
+      port = lib.mkOption {
+        default = 22018;
+        type = lib.types.port;
+        description = ''
+          The internal port Bepasty is served on.  The actual server will be
+          hosted at https://bin.deertopia.net:80/.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    sydnix.sops.secrets.bepasty-secret-key = {};
+    sydnix.sops.secrets.bepasty-secret-config = {};
+
+    sydnix.impermanence.directories = [
+      config.services.bepasty.servers."bin.deertopia.net".workDir
+      config.services.bepasty.servers."bin.deertopia.net".dataDir
+    ];
+
+    services.bepasty = {
+      enable = true;
+      servers."bin.deertopia.net" = {
+        secretKeyFile = "/run/secrets/bepasty-secret-key";
+        extraConfig = ''
+          $(cat /run/secrets/bepasty-secret-config)
+        '';
+        bind = "127.0.0.1:${builtins.toString cfg.port}";
+      };
+    };
+
+    sydnix.deertopia.nginx.vhosts."bin".vhost = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${builtins.toString cfg.port}";
+      };
+    };
+  };
+}
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -1,4 +1,6 @@
 nextcloud-admin: ENC[AES256_GCM,data:MfHTZw5Co7DdY6uYT7e4ydoVPg==,iv:KqK/UaDpiEM5MnR86peGZ4iLfhC5JK4IOdI2T7RDZNg=,tag:Tpx2FdYavXud4OLcT7drTQ==,type:str]
+bepasty-secret-key: ENC[AES256_GCM,data:JmR425LSZP0/kVQAkLfAettWyQmRpLF9CiZOfcnzr4Hdp8TP8doSKqv7+ggJfP2cKa3C9JHUXcKjEjZ5g0wllQ==,iv:XUg3ii7sJ8BScA1aA+AAoocV4CYn3pMQ2aMjrfZeQM0=,tag:uKMwnDxJFhHatpjLfJV73Q==,type:str]
+bepasty-secret-config: ENC[AES256_GCM,data:saI2S/E38x/Kj0OP4Zvoi+Gs0HWkEYgePOxMYbWGDyR2E3wxfZJzETI7PsR2vVdFdMYFq9Nn0NlydwgX9N+DPSH1o7lHkYSC9OAGGbaGb1BjsLCGu8n0fcBwGF1g+yqMD3bEZTIOa7pV2bzekciDbQ==,iv:MaJM2krIKzoz10v+5jxJBiTsFzJ4MpfqAxeX5rmhQoE=,tag:1QRaS7rR0yO7C89ye44plw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -14,8 +16,8 @@ sops:
            aXZvL3RJRUtkOXR5OTFxcC9saXhGYVUKymDTIoxeHgJiM0rly5Zbp8kYoIUmmsWL
            CMfXunhtA+u/vjDUHjyj41TTFbZMVl8FUzqMYoMxhIH6dQw8u1HKBA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-18T16:35:24Z"
-    mac: ENC[AES256_GCM,data:1oYl56zjPnzzX9pBMDwbnoZFiu+k9OXlz9bEnTXl6Flr7+D3sZZIo5I6IidvRdMU8kHBOA87pascTqhFd/LUkU3HOpF0CgQUxjwcKIbSZ2OEp/xKCh9C9trDXUh62eZrcgrjT5ST2r8uNcicKWKZVQxAa0S2AKd+5apUAvSouAE=,iv:X7EhB8l230wZviAw1lpj1G8KAhhcDvuoA+prbpLENUQ=,tag:uA0997qvRb8DZqBs5a32hg==,type:str]
+    lastmodified: "2025-01-23T22:52:16Z"
+    mac: ENC[AES256_GCM,data:AOctu7cwFNd0ivmZgvii55aS7Mj9IAvjrCSmFKrnMz6qlQy5pj5PVcU3FlZYDhWyelDggyhuhYeI7k3Aisq0pOFEIAMiGsH6T4vP6pJVLGSNkfmu1IXJj6wtdYQDscxdnQwVokOqXX9IufEAxCctBbMb7ok/f9NgD8j0X8kjXPM=,iv:4TSfRyb8NPE9WJMugl3AS8Nkveph/40jv+TlRTPedWY=,tag:CkHiWABRaL7vBHvJvbbbNA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.1
--- a/users/public/default.nix
+++ b/users/public/default.nix
@@ -1,22 +0,0 @@
-{
-  systemConfiguration = { config, ... }: {
-    isNormalUser = true;
-    extraGroups = [ ];
-    initialHashedPassword =
-      "$y$j9T$uU64mjI.5Y1JICkKAaIgl0$kkO089hyDp3akSj7ReIKqFthA4T/d1w/nF40a5Tujt1";
-    openssh.authorizedKeys.keyFiles = [
-      ../../public-keys/crumb-at-guix-rebound.pub
-    ];
-  };
-
-  homeConfiguration = { config, lib, pkgs, ... }: {
-    imports = [
-    ];
-
-    sydnix = {
-    };
-
-    # Don't touch!
-    home.stateVersion = "18.09";
-  };
-}