diff options
| author | Fuwn <[email protected]> | 2024-09-20 05:16:25 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-09-20 05:16:25 -0700 |
| commit | 04e022cbd105a72c88c2ce1e35ad5b68170b0037 (patch) | |
| tree | ecc3aa6d117928a7e6ef03c3ed999131e61aa9ed /hosts/himeji | |
| parent | himeji: tailscale up on boot (diff) | |
| download | nixos-config-04e022cbd105a72c88c2ce1e35ad5b68170b0037.tar.xz nixos-config-04e022cbd105a72c88c2ce1e35ad5b68170b0037.zip | |
himeji: move containers over from seti
Diffstat (limited to 'hosts/himeji')
| -rw-r--r-- | hosts/himeji/default.nix | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/hosts/himeji/default.nix b/hosts/himeji/default.nix index e00c2df..3bea24a 100644 --- a/hosts/himeji/default.nix +++ b/hosts/himeji/default.nix @@ -25,6 +25,11 @@ in networking = { hostName = "himeji"; domain = ""; + + firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; users.users.root = { @@ -46,6 +51,17 @@ in }; }; + systemd.services.ghcr-login = { + after = [ "${containerEngine}.service" ]; + requires = [ "${containerEngine}.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "/run/current-system/sw/bin/${containerEngine} login ghcr.io -u ${secrets.ghcr.username} -p ${secrets.ghcr.token}"; + Restart = "on-failure"; + }; + }; + virtualisation = { containers.enable = true; docker.enable = containerEngine == "docker"; @@ -87,7 +103,60 @@ in ports = [ "79:79" ]; volumes = [ "/mnt/docker/gigi:/gigi/.gigi" ]; }; + + mayu = { + image = "fuwn/mayu"; + autoStart = true; + ports = [ "8098:3000" ]; + volumes = [ "/mnt/docker/mayu:/mayu/data" ]; + }; + + locus = { + image = "ghcr.io/gemrest/locus"; + autoStart = true; + ports = [ "1965:1965" ]; + volumes = [ "/mnt/docker/locus:/locus/.locus" ]; + + environment = { + FINNHUB_TOKEN = secrets.finnhub_token; + HEADER_IMAGE = "https://ruu.neocities.org/images/animeHeader.gif"; + }; + }; + + bin = { + image = "quxfoo/wastebin"; + autoStart = true; + ports = [ "8090:8088" ]; + volumes = [ "/mnt/docker/bin:/root/db" ]; + }; }; }; }; + + services.caddy = { + enable = true; + + virtualHosts = { + "mayu.due.moe".extraConfig = "reverse_proxy localhost:8098"; + "counter.due.moe".extraConfig = "reverse_proxy localhost:8098"; + "bin.fuwn.me".extraConfig = "reverse_proxy localhost:8090"; + + "fuwn.me".extraConfig = '' + reverse_proxy localhost:8084 + + header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path} + + @blocked { + path /proxy/illegaldrugs.net/cgi-bin/news.php* + path /proxy/scholasticdiversity.us.to/scriptures/* + path /proxy/jsreed5.org/oeis/* + } + respond @blocked 403 + + @no_forwarded_for not header X-Forwarded-For * + request_header @no_forwarded_for X-Forwarded-For {remote_host} + respond /whoami {header.X-Forwarded-For} 200 + ''; + }; + }; } |