feat: added prompter

2025-08-08 04:44:39 -05:00 · 2025-07-27 14:53:26 -05:00 · 2025-07-27 14:53:26 -05:00 · 25a1884975
commit 25a1884975
parent 5b6204b7af
5 changed files with 100 additions and 2 deletions
--- a/modules/config/instances/config/prompter.nix
+++ b/modules/config/instances/config/prompter.nix
@ -0,0 +1,40 @@
+{ moduleFunctions }:
+let
+  inherit (moduleFunctions.instancesFunctions)
+    domain0
+    sslPath
+    sopsPath
+    ;
+
+  label = "Prompter";
+  name = "prompter";
+  subdomain = "prompter";
+  domain = "${subdomain}.${domain0}";
+in
+{
+  label = label;
+  name = name;
+  short = "upRoot";
+  sops = {
+    path0 = "${sopsPath}/${name}";
+  };
+  domains = {
+    url0 = domain;
+  };
+  tags = [
+    name
+    "blog"
+  ];
+  paths = {
+    path0 = "/var/lib/${name}/dist";
+    path1 = "";
+    path2 = "";
+  };
+  ports = {
+    port0 = 1234;
+  };
+  ssl = {
+    cert = "${sslPath}/${domain0}/fullchain.pem";
+    key = "${sslPath}/${domain0}/key.pem";
+  };
+}
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -65,6 +65,7 @@ in
          vaultwarden
          website
          comfyui
+          prompter
          ;
      };
    };
--- a/modules/nixos/services/acme/default.nix
+++ b/modules/nixos/services/acme/default.nix
@ -42,6 +42,7 @@ in
          "syncthing"
          "vaultwarden"
          "opencloud"
+          "prompter"
        ]
      )
      ++ (map
--- a/modules/nixos/services/prompter/default.nix
+++ b/modules/nixos/services/prompter/default.nix
@ -0,0 +1,54 @@
+{ config, flake, ... }:
+let
+  inherit (flake.config.services.instances)
+    prompter
+    ;
+  service = prompter;
+  host = prompter.domains.url0;
+in
+{
+  services = {
+    caddy = {
+      environmentFile = config.sops.secrets."caddy/prompter-auth".path;
+
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            basicauth {
+              {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH}
+            }
+            root * ${service.paths.path0}
+            file_server
+            encode gzip
+            try_files {path} /index.html
+            tls ${service.ssl.cert} ${service.ssl.key}
+          '';
+        };
+      };
+    };
+  };
+  sops =
+    let
+      sopsPath = secret: {
+        path = "${service.sops.path0}/${service.name}-${secret}";
+        owner = "caddy";
+        mode = "600";
+      };
+    in
+    {
+      secrets = builtins.listToAttrs (
+        map
+          (secret: {
+            name = "${service.name}/${secret}";
+            value = sopsPath secret;
+          })
+          [
+            "${service.name}-auth"
+          ]
+      );
+    };
+  systemd.tmpfiles.rules = [
+    "Z ${service.paths.path0} 755 caddy caddy -"
+    "Z ${service.sops.path0} 755 caddy caddy -"
+  ];
+}