diff --git a/modules/config/instances/config/comfyui.nix b/modules/config/instances/config/comfyui.nix index b476b6f..5630e01 100755 --- a/modules/config/instances/config/comfyui.nix +++ b/modules/config/instances/config/comfyui.nix @@ -1,7 +1,7 @@ { moduleFunctions }: let inherit (moduleFunctions.instancesFunctions) - domain3 + domain0 servicePath sslPath sopsPath @@ -9,15 +9,20 @@ let label = "ComfyUI"; name = "comfyui"; + subdomain = "comfyui"; + domain = "${subdomain}.${domain0}"; in { label = label; name = name; short = label; - sops = { path0 = "${sopsPath}/${name}"; }; + domains = { + url0 = domain; + }; + subdomain = subdomain; tags = [ name "comfy" @@ -29,5 +34,8 @@ in ports = { port0 = 8188; }; - + ssl = { + cert = "${sslPath}/${domain0}/fullchain.pem"; + key = "${sslPath}/${domain0}/key.pem"; + }; } diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index 4a4adf6..18028c5 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -43,6 +43,7 @@ in "vaultwarden" "opencloud" "prompter" + "comfyui" ] ) ++ (map diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 608cb9e..e63538c 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -51,6 +51,7 @@ opencloud: env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str] caddy: prompter-auth: ENC[AES256_GCM,data:uEj6gruCfcIRoCQY9eNcOka+PAIIhAlKnI+ehZ88aZo90tINcxZ7ZvKqlTJr4rt5o+EO7rvRJcYH/s8/+piszFyxSa64Rtq5KdAjfHnRm0QM8q/2JIHnZsQC3fPz1S177WPs/c3Eydh4VeVe,iv:ZOru4ABFgIy9DoTlMl3InSf8zM1ERNpbRNLN6vy97Jc=,tag:5v3w7kvFQCEPBjchE8K0cw==,type:str] + comfyui-auth: ENC[AES256_GCM,data:YkHxbW/0zTmnrggXKl2jNO4OnBaepmCwB3ZC6d8MPIKf8snWJzAvTq5+X5ABzziwKaypHRTcS6vuNntxKrrD8DS7hX9DqVCZc5WeFHI6S5VzHh3SprW2MF4E8nm4Hj+VHoKGmRSSOU1cfX3J,iv:v0Pid0BCY2QsMNaahBvJd4WWZD115JDLHlOCQvPiaGU=,tag:gpsAgt052NoOyIa9WqJXyg==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -62,7 +63,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-27T20:53:53Z" - mac: ENC[AES256_GCM,data:xXwsCvG/p0Mrn6NXuWX5gXBvB+9qXsU4S2d9BxByp9Ip2vdmRzbL7Y7rwEkH92bS7p+yPuPF8lVnuMEpTEnlI82cEsag7FaZEfiK2jsZr8iSKnN/nwthTfc9j3GeYyy4KziTyyvJZRv0D3KyeUsjHswgXoGPskrX9gKcLJOa76o=,iv:tt8WSHvGCK5XytyH55obHHrFEqPZex8kI/tynmG8CoY=,tag:qFhiTwq/npRsXVqqid6Dlg==,type:str] + lastmodified: "2025-07-27T22:50:42Z" + mac: ENC[AES256_GCM,data:iu/l4hWqbT4yZJEmtuAdHKlP5pAmTkjHsCO4el5gOGFi+oRf3cYhXVu11H4NcPP8MHdajvRb9ly+QeQyBdWcgKwVrTHFvSMy/V95gC1Z5nP7sW/uV8hLeMQ/R+mj3a+Dho5fgjbgOubCF8gYj5vckcjJvq0bAxqTBZjqDAu6QQM=,iv:DMZiLphm//e4e9x76Cez/HKubSLbll27nVmMYNuwNuk=,tag:6mN0YyYtBHHKjzNszGh9Yg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/systems/ceres/config/comfyui.nix b/systems/ceres/config/comfyui.nix index 371bee3..5c18767 100755 --- a/systems/ceres/config/comfyui.nix +++ b/systems/ceres/config/comfyui.nix @@ -4,54 +4,59 @@ flake, ... }: + let - inherit (flake.config.machines.devices) - ceres - ; - inherit (flake.config.services.instances) - comfyui - web - ; + inherit (flake.config.services.instances) comfyui web; service = comfyui; localhost = web.localhost.address1; + host = service.domains.url0; in { nixpkgs.overlays = [ flake.inputs.nix-comfyui.overlays.default ]; - services.comfyui = { - enable = true; - openFirewall = true; - host = localhost; - package = pkgs.comfyuiPackages.comfyui.override { - extensions = with pkgs.comfyuiPackages.extensions; [ - acly-inpaint - acly-tooling - cubiq-ipadapter-plus - fannovel16-controlnet-aux - ]; - commandLineArgs = [ - "--preview-method" - "auto" - ]; + services = { + comfyui = { + enable = true; + openFirewall = true; + host = localhost; + package = pkgs.comfyuiPackages.comfyui.override { + extensions = with pkgs.comfyuiPackages.extensions; [ + acly-inpaint + acly-tooling + cubiq-ipadapter-plus + fannovel16-controlnet-aux + ]; + commandLineArgs = [ + "--preview-method" + "auto" + ]; + }; + }; + caddy = { + environmentFile = config.sops.secrets."caddy/${service.name}-auth".path; + + virtualHosts = { + "${host}" = { + extraConfig = '' + basicauth { + {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH} + } + root * ${service.paths.path0} + file_server + encode gzip + try_files {path} /index.html + tls ${service.ssl.cert} ${service.ssl.key} + ''; + }; + }; }; }; - # fileSystems."/var/lib/${service.name}" = { - # device = service.paths.path0; - # fsType = "none"; - # options = [ - # "bind" - # ]; - # depends = [ - # ceres.storage0.mount - # ]; - # }; - # systemd.tmpfiles.rules = [ - # "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" - # "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" - # ]; + systemd.tmpfiles.rules = [ + "Z ${service.sops.path0} 755 caddy caddy -" + ]; users.users.${service.name}.extraGroups = [ "users"