chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

remove vault stuff from storage for now

Browse source
This commit is contained in:
chaos 2025-01-27 17:25:44 +00:00
parent 922de801ab
commit c014677675
No known key found for this signature in database
6 changed files with 42 additions and 129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
hosts/hetzner-arm/containers/storage/data/ports.nix
View file

@ -1,13 +1,16 @@
let {
webdav = 4200; webdav = let
http = 4300; base = 4200;
in { in {
webdav_main = webdav + 0; public = base + 0;
webdav_music_ro = webdav + 1; uploads = base + 1;
webdav_uploads = webdav + 2; };
webdav_notes = webdav + 3;
http_music = http + 0; http = let
http_public = http + 1; base = 4300;
http_uploads_public = http + 2; in {
music = http + 0;
public = http + 1;
uploads_public = http + 2;
};
} }

15
hosts/hetzner-arm/containers/storage/data/rclone_config.template
View file

@ -1,15 +0,0 @@
[Storage]
type = combine
upstreams = "Music=B2:Chaos-Music" "Public=B2:Chaos-Public" "Notes=Notes:" "Uploads=B2:Chaos-Uploads"
[B2]
type = b2
account = B2_ACCOUNT
key = B2_KEY
hard_delete = true
[Notes]
type = crypt
remote = B2:Chaos-Notes
password = STORAGE_NOTES_CRYPT_PASSWORD
password2 = STORAGE_NOTES_CRYPT_SALT

44
hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
View file

@ -15,26 +15,14 @@ in {
user = "storage"; user = "storage";
} }
// remote) [ // remote) [
#{
# id = "main";
# remote = "Storage:";
# type = "webdav";
# extraArgs = [
# "--addr=0.0.0.0:${toString ports.webdav_main}"
# "--htpasswd=${secrets.webdav_main_htpasswd.path}"
# "--baseurl=/Main/"
# "--cache-dir=/caches/main_webdav_serve"
# "--vfs-cache-mode=full"
# ];
#}
{ {
id = "music-ro"; id = "public";
remote = "Storage:Music"; remote = "Public:";
type = "webdav"; type = "webdav";
extraArgs = [ extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_music_ro}" "--addr=0.0.0.0:${toString ports.webdav.public}"
"--read-only" "--htpasswd=${secrets.webdav_public_htpasswd.path}"
"--baseurl=/MusicRO/" "--baseurl=/Public/"
]; ];
} }
{ {
@ -42,27 +30,17 @@ in {
remote = "Storage:Uploads"; remote = "Storage:Uploads";
type = "webdav"; type = "webdav";
extraArgs = [ extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_uploads}" "--addr=0.0.0.0:${toString ports.webdav.uploads}"
"--htpasswd=${secrets.webdav_uploads_htpasswd.path}" "--htpasswd=${secrets.webdav_uploads_htpasswd.path}"
"--baseurl=/Uploads/" "--baseurl=/Uploads/"
]; ];
} }
{ {
id = "notes"; id = "music";
remote = "Notes:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_notes}"
"--htpasswd=${secrets.webdav_notes_htpasswd.path}"
"--baseurl=/Notes/"
];
}
{
id = "music-ro";
remote = "Storage:Music"; remote = "Storage:Music";
type = "http"; type = "http";
extraArgs = [ extraArgs = [
"--addr=0.0.0.0:${toString ports.http_music}" "--addr=0.0.0.0:${toString ports.http.music}"
"--baseurl=/Music/" "--baseurl=/Music/"
"--read-only" "--read-only"
]; ];
@ -72,17 +50,17 @@ in {
remote = "Storage:Public"; remote = "Storage:Public";
type = "http"; type = "http";
extraArgs = [ extraArgs = [
"--addr=0.0.0.0:${toString ports.http_public}" "--addr=0.0.0.0:${toString ports.http.public}"
"--baseurl=/Public/" "--baseurl=/Public/"
"--read-only" "--read-only"
]; ];
} }
{ {
id = "uploads-public"; id = "uploads_public";
remote = "Storage:Uploads/Public"; remote = "Storage:Uploads/Public";
type = "http"; type = "http";
extraArgs = [ extraArgs = [
"--addr=0.0.0.0:${toString ports.http_uploads_public}" "--addr=0.0.0.0:${toString ports.http.uploads_public}"
"--baseurl=/Uploads/" "--baseurl=/Uploads/"
"--read-only" "--read-only"
]; ];

69
hosts/hetzner-arm/containers/storage/secrets.nix
View file

@ -8,54 +8,15 @@
}; };
requiredVaultPaths = [ requiredVaultPaths = [
"api-keys/data/backblaze/Backblaze"
#"api-keys/data/storage/webdav/Main"
"api-keys/data/storage/webdav/Public" "api-keys/data/storage/webdav/Public"
"api-keys/data/storage/webdav/Uploads" "api-keys/data/storage/webdav/Uploads"
"api-keys/data/storage/webdav/Notes"
"private-public-keys/data/rclone/Chaos-Notes-Crypt"
]; ];
packages = with pkgs; [ packages = with pkgs; [
# for music & mail passwd files
apacheHttpd apacheHttpd
# for rclone obscure config file
rclone
]; ];
extraFunctions = '' extraFunctions = ''
replace_slash_for_sed() {
sed "s#/#\\\/#"
}
simple_get_obscure() {
rclone obscure "$(simple_get "$@")"
}
simple_get_replace_b2() {
api_account=$(simple_get "$1" .keyID | replace_slash_for_sed)
api_key=$(simple_get "$1" .applicationKey | replace_slash_for_sed)
replace_account=''${2}_ACCOUNT
replace_key=''${2}_KEY
sed -i "s/$replace_account/$api_account/" "$3"
sed -i "s/$replace_key/$api_key/" "$3"
}
simple_get_replace_crypt() {
password=$(simple_get_obscure "$1" .password)
salt=$(simple_get_obscure "$1" .salt)
replace_password=''${2}_PASSWORD
replace_salt=''${2}_SALT
sed -i "s/$replace_password/$password/" "$3"
sed -i "s/$replace_salt/$salt/" "$3"
}
simple_get_htpasswd() { simple_get_htpasswd() {
if [ -f "$2" ]; then if [ -f "$2" ]; then
rm "$2" rm "$2"
@ -76,21 +37,7 @@
manual = true; manual = true;
}; };
#webdav_main_htpasswd = { webdav_public_htpasswd = {
# user = "storage";
# group = "storage";
# fetchScript = ''
# simple_get_htpasswd "/api-keys/storage/webdav/Main" "$secretFile"
# '';
#};
webdav_uploads_htpasswd = {
user = "storage";
group = "storage";
fetchScript = ''
simple_get_htpasswd "/api-keys/storage/webdav/Uploads" "$secretFile"
'';
};
webdav_notes_htpasswd = {
user = "storage"; user = "storage";
group = "storage"; group = "storage";
fetchScript = '' fetchScript = ''
@ -98,17 +45,19 @@
''; '';
}; };
rclone_config = { webdav_uploads_htpasswd = {
user = "storage"; user = "storage";
group = "storage"; group = "storage";
fetchScript = '' fetchScript = ''
cp ${./data/rclone_config.template} "$secretFile" simple_get_htpasswd "/api-keys/storage/webdav/Uploads" "$secretFile"
simple_get_replace_b2 "/api-keys/backblaze/Backblaze" "B2" "$secretFile"
simple_get_replace_crypt "/private-public-keys/rclone/Chaos-Notes-Crypt" "STORAGE_NOTES_CRYPT" "$secretFile"
''; '';
}; };
rclone_config = {
user = "storage";
group = "storage";
manual = true;
};
}; };
}; };
} }

14
hosts/hetzner-arm/containers/storage/storage.nix
View file

@ -72,7 +72,7 @@ in {
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = attrValues ports; allowedTCPPorts = flatten attrValues (attrValues ports);
}; };
home-manager.users.root.home.stateVersion = "25.05"; home-manager.users.root.home.stateVersion = "25.05";
@ -84,10 +84,8 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}"; "/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav.public}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}"; "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav.uploads}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}";
"/Notes/".proxyPass = "http://${containerIP}:${toString ports.webdav_notes}";
}; };
extraConfig = '' extraConfig = ''
client_max_body_size ${clientMaxBodySize}; client_max_body_size ${clientMaxBodySize};
@ -98,9 +96,9 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}"; "/Music/".proxyPass = "http://${containerIP}:${toString ports.http.music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}"; "/Public/".proxyPass = "http://${containerIP}:${toString ports.http.public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}"; "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http.uploads_public}";
}; };
extraConfig = '' extraConfig = ''
client_max_body_size ${clientMaxBodySize}; client_max_body_size ${clientMaxBodySize};

4
hosts/hetzner-arm/profiles/photoprism.nix
View file

@ -91,7 +91,7 @@ in {
systemd.services.photoprism.serviceConfig = { systemd.services.photoprism.serviceConfig = {
DynamicUser = mkForce false; DynamicUser = mkForce false;
ReadWritePaths = [ "/Photos" ]; ReadWritePaths = ["/Photos"];
}; };
services.nginx.virtualHosts."photoprism.owo.monster" = { services.nginx.virtualHosts."photoprism.owo.monster" = {
@ -107,7 +107,7 @@ in {
}; };
}; };
extraConfig = '' extraConfig = ''
client_max_body_size ${toString (1024*32)}M; client_max_body_size ${toString (1024 * 32)}M;
''; '';
}; };