simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

vueko/media: Init

Browse source 
This also changes fuuko/media to no longer take the htpasswd file from a
file locally stored on fuuko, but rather defines it in sops to be usable
by all systems.
This commit is contained in:
Simon Bruder 2022-08-22 16:32:26 +02:00
parent 8ab2f7b62c
commit 7a7c90f9f9
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
5 changed files with 63 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
machines/fuuko/services/media.nix
View file

@ -1,13 +1,15 @@
{ config, ... }:
{ {
sops.secrets.media-htpasswd.owner = "nginx";
services.nginx.virtualHosts."media.sbruder.de" = { services.nginx.virtualHosts."media.sbruder.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
basicAuthFile = "/data/media/.htpasswd"; basicAuthFile = config.sops.secrets.media-htpasswd.path;
root = "/data/media/"; root = "/data/media/";
locations."=/.htpasswd".return = "403";
}; };
services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true; services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true;

2
machines/vueko/configuration.nix
View file

@ -4,6 +4,8 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules ../../modules
./services/media.nix
]; ];
sbruder = { sbruder = {

7
machines/vueko/secrets.yaml
View file

@ -1,12 +1,13 @@
wg-home-private-key: ENC[AES256_GCM,data:/RHNF6Zw6CTWa9ahUhGWRfkR8KIj+HdqUIojA1w6HQBFbZ/+Vo+CcYTYO5I=,iv:2sDH1P3VRjmLw6Ilkq0rw/hossHrNWP5uRvX9yr5fLE=,tag:KIT5GCfXuhg6RjA8+Nmtnw==,type:str] wg-home-private-key: ENC[AES256_GCM,data:/RHNF6Zw6CTWa9ahUhGWRfkR8KIj+HdqUIojA1w6HQBFbZ/+Vo+CcYTYO5I=,iv:2sDH1P3VRjmLw6Ilkq0rw/hossHrNWP5uRvX9yr5fLE=,tag:KIT5GCfXuhg6RjA8+Nmtnw==,type:str]
media-sb-proxy-auth: ENC[AES256_GCM,data:hYKmrpIMotRaf47bt8LSyXT2FEUHu26SLtKCt2zh/ziFtH2empD2NTlpf+l5Q6VHW1r1RUyE0KdmNM4nZRumJ/NuP3Aa9ErGTI3qozjQk9Kl,iv:pLYZv8X76XQGBd36PjQPkiUNPR08PkIKuTqJ+mmaMcw=,tag:3PMAO3lOfT+y+1s8yJLvhA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2022-03-26T12:53:24Z" lastmodified: "2022-08-21T15:55:45Z"
mac: ENC[AES256_GCM,data:Ux7QNbgDbh5GQwbn8qY/+zIX+DOBxPiXDeyesvTGR0Q4pO8avnjQQgaXhvl6PrH2htKx0yYno9zq3IcEh4fzhS3Bowsg5UdSQbaGQf9HDW0nP3DYs3Zb+yD/TO1deY5KAgzBIZz4RVdo031qlvpfzfHjjM7Cda+E8rKU8GhY9KU=,iv:IX/xATHbmCFlRlh9s/zFvNvTlY7uyB3TL5ER/+BuElM=,tag:nkZk2UVLdwbF71LhQ3WzqA==,type:str] mac: ENC[AES256_GCM,data:qtMmv0BfPmgoLrlIxfED7vXoIU+lU6SOXGsh1EPLQUjSnDEaWJpj3gDTEWVskgwHoBdt+jFaCw1j+nI36+6F+KQDwD58sV1/Oiw/J7J5QwePGeU1iyXmq/JwPNU4wYfe3O15tNRXkpFfv4tV/rdeFqbbh0++V4nQ5ZnDE0MlUJA=,iv:NOOSGauhsWhMrMXL81syzSpcvgGk4LVKwQ840/78MWg=,tag:GbMzBSlcSvMRJojGy6/0BA==,type:str]
pgp: pgp:
- created_at: "2021-04-06T11:13:54Z" - created_at: "2021-04-06T11:13:54Z"
enc: | enc: |
@ -49,4 +50,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: BB046D773F54739757553A053CB9B8EFD7FED749 fp: BB046D773F54739757553A053CB9B8EFD7FED749
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.1 version: 3.7.3

49
machines/vueko/services/media.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, ... }:
{
sops.secrets = {
media-htpasswd.owner = "nginx";
media-proxy-auth.owner = "nginx";
media-sb-proxy-auth = {
owner = "nginx";
sopsFile = ../secrets.yaml;
};
};
services.nginx.virtualHosts."media-sb.sbruder.de" = {
enableACME = true;
forceSSL = true;
basicAuthFile = config.sops.secrets.media-htpasswd.path;
locations = {
"/" = {
extraConfig = ''
rewrite ^(.*/)$ /__regular$1 last;
rewrite ^(.*\\.[^/]*)$ /__storagebox$1 last;
'';
};
"/__nginx-interactive-index-assets__/".alias = "${builtins.filterSource
(path: type: baseNameOf path != "default.nix")
../../../modules/nginx-interactive-index}/";
"/__regular/" = {
extraConfig = ''
internal;
proxy_pass https://media.sbruder.de/;
include ${config.sops.secrets.media-proxy-auth.path};
proxy_buffering off;
'';
};
"/__storagebox/" = {
extraConfig = ''
internal;
proxy_pass https://u313368-sub3.your-storagebox.de/;
proxy_set_header Host u313368-sub3.your-storagebox.de;
include ${config.sops.secrets.media-sb-proxy-auth.path};
proxy_buffering off;
'';
};
};
};
}

5
secrets.yaml
View file

@ -1,3 +1,4 @@
media-htpasswd: ENC[AES256_GCM,data:8o+MBYaH+OoPrK2FtDzxCLXCz8oGDezIALl2KkoVlj/ZtC4WfTHu6NnaUbi+xUb7s8bLHchpmFyXC9U5+yGAlHV/v7zKOrkrga08Qn2sHqudZS8uRMj4Mh/WdYbAJ+MjfhihTf377obIDJAesYwL8Jnkcy5NiVSD7jN7PJUlTLFLiXr+U+dYctJG1b2TnhNaGL9FnutG6GnOHP37AZaTMPaD0YgSNJ+PNEGULkajwxNj2dn9XFeQGa5DlETHh8UlL3+6hUBUgXsAiN3UkRYJGLybq2vDlS9uRXRzobCiqK1E58SXS0ZMOUzewtvvOixXDC31/ppd1WmUOweJ4JiAKGWindgj5yejxf8kk2UaIJQTjATb1jtQTmdMBEfckIq+xvbyVNAofBSlSAuo/FGNYt7zf2uH1Y6A3cQwgTSaMo8Rs01AfszyaXLMqwiS+k9kq/QXkH4VLAbVakli4yuywB4pusqBvf5vAFDdgTtKhag4vuworbo/kM8KXh6nAA==,iv:n44K6SEtrL6MYEzXdPHbOvzoIQBqnVee+uC0/kbgd1M=,tag:HeOX3bXb107fSFXUk6Hc5Q==,type:str]
media-proxy-auth: ENC[AES256_GCM,data:OcmYZq/tyzMB61NfyYZ8gAlEE+8w2IhlPlZ+dfedtfqVlPHk3iJsd9mvsXHf5ODTtuy00ll0MF4KYNePZkz7TeuaIdBgGlshFyE4gwsJdPXZNYnhcg==,iv:qo6SOaHrWsXfvRwgSKDTSnreOcO9xy3RKrfE2k+VLEg=,tag:14DT86PQdEuK9zyZzcAohA==,type:str] media-proxy-auth: ENC[AES256_GCM,data:OcmYZq/tyzMB61NfyYZ8gAlEE+8w2IhlPlZ+dfedtfqVlPHk3iJsd9mvsXHf5ODTtuy00ll0MF4KYNePZkz7TeuaIdBgGlshFyE4gwsJdPXZNYnhcg==,iv:qo6SOaHrWsXfvRwgSKDTSnreOcO9xy3RKrfE2k+VLEg=,tag:14DT86PQdEuK9zyZzcAohA==,type:str]
media-ssh-key: ENC[AES256_GCM,data:cT5Jp5asgF2GZL4nn0rS4+tmli5adZjDa/G6WD/QXbOLtAjquytX63LKrLYUoTjOa7rNAjxDBIYEi90uvubKxOI0QbXACj0MSt6WbkxmosYResnFl9/WefpROctpGcDvn60fzer0K75IRBAtpAogVU7VynOkOuPa0xhTyAU8ZPOmij456UjpbtIgSg4yKVDn14jj/OZ1Oz+qd3bHC8FSQvp0jSKD9xfIizc2kb6ca3LRdR7VtJtTnJOOADRKaLC+rBywVyTOlCQBLiZ6LE9i6SmgFOdI+l6z9jE1Vi3vZ3BAe8Q/wWQ6Kjts+3+RkjPbgdjdWzxyHly/dr8lU1HcwtMHgKBV84asJBghCm6B1o48AEqd4oF9W039rCRQkR/VMb/ser0ifEjwnpDnDskrFYxWzidMKsfHGOtZxm7rzvOxSRA+Rcx9vxwa90gRsU4mBdx7QG0y3f/AbxRvVCuLLZW/y0JpCtE2B/mcObRvjsZP3RXQIS4vGAeTerd18RwsrsWO,iv:+ASa0hhWXmQ2hgJ9UuRFjnf/fA65kxWXiC+rDI6Lnx8=,tag:LDYSsN0DXAFiW0w+YBcopA==,type:str] media-ssh-key: ENC[AES256_GCM,data:cT5Jp5asgF2GZL4nn0rS4+tmli5adZjDa/G6WD/QXbOLtAjquytX63LKrLYUoTjOa7rNAjxDBIYEi90uvubKxOI0QbXACj0MSt6WbkxmosYResnFl9/WefpROctpGcDvn60fzer0K75IRBAtpAogVU7VynOkOuPa0xhTyAU8ZPOmij456UjpbtIgSg4yKVDn14jj/OZ1Oz+qd3bHC8FSQvp0jSKD9xfIizc2kb6ca3LRdR7VtJtTnJOOADRKaLC+rBywVyTOlCQBLiZ6LE9i6SmgFOdI+l6z9jE1Vi3vZ3BAe8Q/wWQ6Kjts+3+RkjPbgdjdWzxyHly/dr8lU1HcwtMHgKBV84asJBghCm6B1o48AEqd4oF9W039rCRQkR/VMb/ser0ifEjwnpDnDskrFYxWzidMKsfHGOtZxm7rzvOxSRA+Rcx9vxwa90gRsU4mBdx7QG0y3f/AbxRvVCuLLZW/y0JpCtE2B/mcObRvjsZP3RXQIS4vGAeTerd18RwsrsWO,iv:+ASa0hhWXmQ2hgJ9UuRFjnf/fA65kxWXiC+rDI6Lnx8=,tag:LDYSsN0DXAFiW0w+YBcopA==,type:str]
torrent-proxy-auth: ENC[AES256_GCM,data:4oi4uZCgslTvmso1SCedu3gKsOTCtYIAf3g1mBS6/ta3d/hd6GJ0Ns+/9w51WrhcyJQRLSR7jLlzxRzKFp6JvKXlNAeflXDqOKNfk0LXY1GKTZynOA==,iv:26d+hQ9yn5CzDGNZvi9A5bvzgo87IrJHz67xTac4UA4=,tag:e8fO5Xpu7wpDiSC4CBsaaQ==,type:str] torrent-proxy-auth: ENC[AES256_GCM,data:4oi4uZCgslTvmso1SCedu3gKsOTCtYIAf3g1mBS6/ta3d/hd6GJ0Ns+/9w51WrhcyJQRLSR7jLlzxRzKFp6JvKXlNAeflXDqOKNfk0LXY1GKTZynOA==,iv:26d+hQ9yn5CzDGNZvi9A5bvzgo87IrJHz67xTac4UA4=,tag:e8fO5Xpu7wpDiSC4CBsaaQ==,type:str]
@ -9,8 +10,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2022-06-09T21:33:06Z" lastmodified: "2022-08-22T14:22:50Z"
mac: ENC[AES256_GCM,data:fIxn3nnbgF/IcQTGiFXPdzElupUw4mc8ri7GTwkE6uv9fw3AaoReVNIRIpoxjhoUE0ZkJs3wOElfmGJ8wFtkXQTF+PkeeI5RQB1+xofkQQnuHjBGbgYwD9mEHU36FkmSIkKzkkozvZBhGNZSrcKwKL83QpIOlxBTnRFIUmDm4n0=,iv:BLeAzU+mXJ00uxsMN/y8VzXU14O5reNKB3Kl5zRU3TY=,tag:5f83PCjyklB5g9rsxQQt+A==,type:str] mac: ENC[AES256_GCM,data:jeon/GqCA40VJogcR0jBtkZyLvRvEf3dhMfGl0NdLKEQhbH1a7xWSCe+riyszv4/UU6qkm/mIbrqLY4Tjaqg++f1AO9ZbSVleahik397cdVgfxaFBYrD2Ia7rvRqNSncHbK7Kc93GV/XzB6yIJTKcEKddNLxMvSnJtlaVaETECE=,iv:irJR+d+mxp6L9bZyTRjnTl42rEZS5u5awic2uR2DLLU=,tag:H0aWDkz0hTKkR/QXb7cvzQ==,type:str]
pgp: pgp:
- created_at: "2022-06-09T21:22:41Z" - created_at: "2022-06-09T21:22:41Z"
enc: | enc: |