services: add new yarr service for RSS reading
All checks were successful
flake / build (push) Successful in 3m57s
All checks were successful
flake / build (push) Successful in 3m57s
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
760261f58e
commit
31076d3f8f
|
@ -25,7 +25,7 @@ creation_rules:
|
|||
- *christoph_zero
|
||||
- *christoph_maui
|
||||
- *machine_tank
|
||||
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|vaultwarden|vikunja|wireguard)\.yaml
|
||||
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|vaultwarden|vikunja|wireguard|yarr)\.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *christoph_trek
|
||||
|
|
|
@ -28,6 +28,7 @@ in {
|
|||
../services/vaultwarden.nix
|
||||
../services/vikunja.nix
|
||||
../services/web/c8h4-io.nix
|
||||
../services/yarr.nix
|
||||
../system/btrfs.nix
|
||||
../system/deploy-target.nix
|
||||
../system/virtual-machine.nix
|
||||
|
|
49
secrets/sops/yarr.yaml
Normal file
49
secrets/sops/yarr.yaml
Normal file
|
@ -0,0 +1,49 @@
|
|||
yarr:
|
||||
authfile: ENC[AES256_GCM,data:8/bKSHVd6QNID0yu1xf+2VJKlymIKwyrIELq/5Qek0Np46MWOTHitSGGrADvHi4GOr5F1+ffEO+cS7vVaTA51QqTU/2j5a7dwTBh,iv:a1JlkkRTWf6M3AYu2Q6hKxk4HLKPTYuvSABjw9xsnJo=,tag:QbTJf8HB32l/FaAgfvd6KA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFeWdRZGZpMi9JVGNqTkZC
|
||||
MkY5NGd6U2RxY0h5dXRtVlNrN1A2WDIrVkUwClJxblQxdVJTYXlRbzhBMVR4emJW
|
||||
L2t6OEZ4ZmovQStZQnQwK09KVG52UkEKLS0tIFhXTWNVUlVDb3lvT29kWVErYVJN
|
||||
eEVocS8yajhqejI2cGNJV0lLaWRJTXcKPtlviZgAwHnhdBnPqmKQhGWviP59Ki+V
|
||||
yilU2QeCK7YGnMOn+d3Tdn1gsVvpZQ/hI2jTp8NSPCZ24EZvrANhNw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSWVSOEF3a2RLd1pEb1Bz
|
||||
aW92VGcyc29lZkNESWtwdGQ2WnF4YWVGbDJVCklWUjFTV1ExemlBYzZ1TXFhQ1Z5
|
||||
N25pSHZ1MUlHaG4wdnVaeGJOTFBaT2MKLS0tIER0UUtOVkNjc0FnRU1XSlBaaFp1
|
||||
Q0llY3NHODJkUjlqb3lNU0oxbGV0RmMKnwZgsFATcZ5MUYFlwmMwl6DTqF3wUlc3
|
||||
5u8u4OOhwafYUL5umm3WnMPcNkB02rYJiGz/fdB5bgBVvuyHy/na8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeDJXZ1R1UjRPQUFaRkEx
|
||||
N0hhMFFNYy83SHpTRkFqQ01oTTlpeFBxSzFJCnozUEFmUmtqYUxNaWxzWHVGOU5D
|
||||
Y3V3ZGloTmd0b2FCSEdQSUpkOEJCcWsKLS0tIHl1QnNkMys4Q3krMldMLys1WVhK
|
||||
SmFheElYa3lwQzl2THYvNXBwdTBIb0UKFvjT+MVwuneHz4hkyNlv1zaD0u3pAsIV
|
||||
XeX5VA7/AQOShOKGJRMIQq8OYgwZ5naSDBH+o0F2W4V6oAB7Lds40A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuc1cyM3B2V1JpazF1TDc0
|
||||
d2Q0OTluNG8wN2dVKyswUTFxSWh0d3dzSUFJCnA1VVJQQ1BiNFpENUt5RDNadk9y
|
||||
cU9DbjBnaG1GL1NjVEJveEV5QWQzcVEKLS0tIEFycEx3bWZjZDlnbm9iMmswL2tw
|
||||
NldOcXlZaVRuSWZNNEQrSndkbVZNUGMK/JRE1p3z4VLvE48WXKIx3YynlF79+N/q
|
||||
ohCku6RcyJaFY2aXaM0Wd38EbgtEKtEtoVyCbpMxWBPIeIoiOQfU+g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-18T16:11:57Z"
|
||||
mac: ENC[AES256_GCM,data:qTRq30iepwqvrVI9KVOq2Jmt+31o4rboDj/zkopobIrvI+UnMZBZCCCsdOQ3hjjbeRCfUeq/GhqsdUFsy+L2y8Rj/jvW4A7d7tOASgvqGvW0aDfy8yxtgJETtC05XuToD7QCm7S5URmcc9R8esr7jFmCvpObsuzBAnfLfvk9jF0=,iv:kiB/v5A2NbXSAepjKVy2CO/+X+HoGdasFEaSiasgtQ8=,tag:hgWaRaZcOXDbOGgfhYfvEA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
24
services/yarr.nix
Normal file
24
services/yarr.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ config, my, secrets, ... }:
|
||||
|
||||
let fqdn = "yarr.${my.domain}";
|
||||
in {
|
||||
sops.secrets."yarr/authfile" = {
|
||||
sopsFile = ../secrets/sops/yarr.yaml;
|
||||
restartUnits = [ "yarr.service" ];
|
||||
};
|
||||
|
||||
services.yarr = {
|
||||
enable = true;
|
||||
address = "[::1]";
|
||||
authFilePath = secrets."yarr/authfile".path;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${fqdn} =
|
||||
let inherit (config.services.yarr) address port;
|
||||
in {
|
||||
forceSSL = true;
|
||||
useACMEHost = my.domain;
|
||||
kTLS = true;
|
||||
locations."/".proxyPass = "http://${address}:${toString port}";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue