diff options
| -rw-r--r-- | hosts/himeji/configuration.nix | 2 | ||||
| -rw-r--r-- | justfile | 10 | ||||
| -rw-r--r-- | modules/server/virtualisation/containers/anubis.nix | 36 | ||||
| -rw-r--r-- | modules/server/virtualisation/containers/default.nix | 1 | ||||
| -rw-r--r-- | modules/server/virtualisation/containers/september.nix | 16 |
5 files changed, 46 insertions, 19 deletions
diff --git a/hosts/himeji/configuration.nix b/hosts/himeji/configuration.nix index c20d88b..39d4f09 100644 --- a/hosts/himeji/configuration.nix +++ b/hosts/himeji/configuration.nix @@ -19,7 +19,7 @@ engine = "podman"; extraOptions = [ - "--restart=always" + "--restart=on-failure" "--pull=newer" ]; }; @@ -39,12 +39,18 @@ commit message: restore path='.': git restore --staged {{path}} && git restore {{path}} -deploy hostname user='root' ip=hostname: +deploy_action action hostname user='root' ip=hostname: git add . && nixos-rebuild \ --flake .#{{hostname}} \ --target-host {{user}}@{{ip}} \ --use-remote-sudo \ - switch + {{action}} + +deploy hostname user='root' ip=hostname: + just deploy_action boot {{hostname}} {{user}} {{ip}} + +deploy_switch hostname user='root' ip=hostname: + just deploy_action switch {{hostname}} {{user}} {{ip}} provision ip hostname: doas nix run github:nix-community/nixos-anywhere \ diff --git a/modules/server/virtualisation/containers/anubis.nix b/modules/server/virtualisation/containers/anubis.nix new file mode 100644 index 0000000..d3b0d8a --- /dev/null +++ b/modules/server/virtualisation/containers/anubis.nix @@ -0,0 +1,36 @@ +{ config, ... }: +let + port = builtins.toString 8092; +in +{ + services.caddy.virtualHosts."fuwn.me".extraConfig = '' + reverse_proxy localhost:${port} + + header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path} + ''; + + # @blocked { + # path /proxy/illegaldrugs.net/cgi-bin/news.php* + # path /proxy/scholasticdiversity.us.to/scriptures/* + # path /proxy/jsreed5.org/oeis/* + # path /proxy/mastogem.picasoft.net/thread/* + # path /proxy/mastogem.picasoft.net/toot/* + # } + + # respond @blocked 403 + + virtualisation.oci-containers.containers.anubis = { + image = "ghcr.io/techarohq/anubis:latest"; + autoStart = true; + ports = [ "127.0.0.1:${port}:${port}" ]; + extraOptions = config.modules.containers.extraOptions ++ [ "--network=host" ]; + + environment = { + BIND = ":${port}"; + OG_PASSTHROUGH = "true"; + SERVE_ROBOTS_TXT = "false"; + TARGET = "http://127.0.0.1:8084"; + USE_REMOTE_ADDRESS = "true"; + }; + }; +} diff --git a/modules/server/virtualisation/containers/default.nix b/modules/server/virtualisation/containers/default.nix index 722b393..56b817b 100644 --- a/modules/server/virtualisation/containers/default.nix +++ b/modules/server/virtualisation/containers/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./anubis.nix # 8092 # ./beszel.nix # 8083 # ./beszel-agent.nix # 45876 ./dozzle.nix # 8091 diff --git a/modules/server/virtualisation/containers/september.nix b/modules/server/virtualisation/containers/september.nix index ab12e00..535bc22 100644 --- a/modules/server/virtualisation/containers/september.nix +++ b/modules/server/virtualisation/containers/september.nix @@ -3,22 +3,6 @@ let port = builtins.toString 8084; in { - services.caddy.virtualHosts."fuwn.me".extraConfig = '' - reverse_proxy localhost:${port} - - header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path} - - @blocked { - path /proxy/illegaldrugs.net/cgi-bin/news.php* - path /proxy/scholasticdiversity.us.to/scriptures/* - path /proxy/jsreed5.org/oeis/* - path /proxy/mastogem.picasoft.net/thread/* - path /proxy/mastogem.picasoft.net/toot/* - } - - respond @blocked 403 - ''; - virtualisation.oci-containers.containers.september = { inherit (config.modules.containers) extraOptions; |