Compare commits
3 Commits
fcdd6defbc
...
7073225e85
Author | SHA1 | Date |
---|---|---|
LeRoyce Pearson | 7073225e85 | |
LeRoyce Pearson | da55c99dc9 | |
LeRoyce Pearson | 7162630e2f |
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
|
||||
age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
|
||||
age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
./hardware/samsehu.nix
|
||||
];
|
||||
|
||||
# Use the `systemd-boot` boot loader
|
||||
|
@ -135,12 +135,37 @@
|
|||
domain = "samsehu.perli.casa";
|
||||
dnsProvider = "nearlyfreespeech";
|
||||
credentialFiles = {
|
||||
"NEARLYFREESPECH_API_KEY" = config.age.secrets.samsehu_NFSN_API_KEY.path;
|
||||
"NEARLYFREESPECH_LOGIN" = config.age.secrets.samsehu_NFSN_LOGIN.path;
|
||||
"NEARLYFREESPEECH_API_KEY_FILE" = config.age.secrets.samsehu_NFSN_API_KEY.path;
|
||||
"NEARLYFREESPEECH_LOGIN_FILE" = config.age.secrets.samsehu_NFSN_LOGIN.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Dynamic DNS through duck dns
|
||||
users.users.dynamicdns = {
|
||||
# allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user.
|
||||
isSystemUser = true;
|
||||
group = "dynamicdns";
|
||||
};
|
||||
users.groups.dynamicdns = {};
|
||||
systemd.services.dynamic-dns-updater = {
|
||||
serviceConfig.User = "dynamicdns";
|
||||
path = [ pkgs.curl ];
|
||||
script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
|
||||
startAt = "hourly";
|
||||
};
|
||||
systemd.timers.dynamic-dns-updater = {
|
||||
timerConfig.RandomizedDelaySec = "15m";
|
||||
};
|
||||
|
||||
# Reverse proxy with Caddy
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts."samsehu.perli.casa".extraConfig = ''
|
||||
respond "Hello, world!"
|
||||
'';
|
||||
};
|
||||
|
||||
# Enable automatic upgrades
|
||||
system.autoUpgrade.enable = true;
|
||||
system.autoUpgrade.allowReboot = true;
|
||||
|
@ -152,6 +177,8 @@
|
|||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
nix.settings.trusted-users = [ "geemili" ];
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
@ -161,6 +188,10 @@
|
|||
# Blocky API
|
||||
4000
|
||||
|
||||
# Caddy HTTP and HTTPS
|
||||
80
|
||||
443
|
||||
|
||||
# Forgejo web interface
|
||||
3000
|
||||
|
||||
|
|
Binary file not shown.
|
@ -7,4 +7,5 @@ in
|
|||
{
|
||||
"samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
|
||||
"samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
|
||||
"samsehu_DUCK_DNS_TOKEN.age".publicKeys = geemili ++ [ samsehu ];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue