From 25a1884975881a2c7336e30f36a83fcf3f424d53 Mon Sep 17 00:00:00 2001 From: Nick Date: Sun, 27 Jul 2025 14:53:26 -0500 Subject: [PATCH 1/5] feat: added prompter --- modules/config/instances/config/prompter.nix | 40 +++++++++++++++ modules/nixos/default.nix | 1 + modules/nixos/services/acme/default.nix | 1 + modules/nixos/services/prompter/default.nix | 54 ++++++++++++++++++++ secrets/secrets.yaml | 6 ++- 5 files changed, 100 insertions(+), 2 deletions(-) create mode 100755 modules/config/instances/config/prompter.nix create mode 100644 modules/nixos/services/prompter/default.nix diff --git a/modules/config/instances/config/prompter.nix b/modules/config/instances/config/prompter.nix new file mode 100755 index 0000000..36965dd --- /dev/null +++ b/modules/config/instances/config/prompter.nix @@ -0,0 +1,40 @@ +{ moduleFunctions }: +let + inherit (moduleFunctions.instancesFunctions) + domain0 + sslPath + sopsPath + ; + + label = "Prompter"; + name = "prompter"; + subdomain = "prompter"; + domain = "${subdomain}.${domain0}"; +in +{ + label = label; + name = name; + short = "upRoot"; + sops = { + path0 = "${sopsPath}/${name}"; + }; + domains = { + url0 = domain; + }; + tags = [ + name + "blog" + ]; + paths = { + path0 = "/var/lib/${name}/dist"; + path1 = ""; + path2 = ""; + }; + ports = { + port0 = 1234; + }; + ssl = { + cert = "${sslPath}/${domain0}/fullchain.pem"; + key = "${sslPath}/${domain0}/key.pem"; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 02b829c..c811d04 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -65,6 +65,7 @@ in vaultwarden website comfyui + prompter ; }; }; diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index b02564c..4a4adf6 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -42,6 +42,7 @@ in "syncthing" "vaultwarden" "opencloud" + "prompter" ] ) ++ (map diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix new file mode 100644 index 0000000..6f47ab9 --- /dev/null +++ b/modules/nixos/services/prompter/default.nix @@ -0,0 +1,54 @@ +{ config, flake, ... }: +let + inherit (flake.config.services.instances) + prompter + ; + service = prompter; + host = prompter.domains.url0; +in +{ + services = { + caddy = { + environmentFile = config.sops.secrets."caddy/prompter-auth".path; + + virtualHosts = { + "${host}" = { + extraConfig = '' + basicauth { + {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH} + } + root * ${service.paths.path0} + file_server + encode gzip + try_files {path} /index.html + tls ${service.ssl.cert} ${service.ssl.key} + ''; + }; + }; + }; + }; + sops = + let + sopsPath = secret: { + path = "${service.sops.path0}/${service.name}-${secret}"; + owner = "caddy"; + mode = "600"; + }; + in + { + secrets = builtins.listToAttrs ( + map + (secret: { + name = "${service.name}/${secret}"; + value = sopsPath secret; + }) + [ + "${service.name}-auth" + ] + ); + }; + systemd.tmpfiles.rules = [ + "Z ${service.paths.path0} 755 caddy caddy -" + "Z ${service.sops.path0} 755 caddy caddy -" + ]; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 3c1a303..004a563 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -49,6 +49,8 @@ firefly-iii-key: ENC[AES256_GCM,data:tLJfwB8De1vdGeccr4SxifU7KYAfnasoXISvz5mSR28 firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R4=,iv:pUv8ok5nLDGeCcP2hsTculk+MPPAjkupidQO0Jkc3Wc=,tag:zq7+lFjdOr5ORpthqXW8EA==,type:str] opencloud: env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str] +caddy: + prompter-auth: ENC[AES256_GCM,data:KsbdZqs3cTTB4gFBlwosY64axFx+Qe+Q1Ulch2YZJXr3L8Jf05luWsbd1+MS7ZxO0C1M9lryNqFTynAntyp4gXSvN3f8/saAHmiG4Y2jlT8OLaqjZULw1TOlsDXK6CeQkyD6LO6jKrtBEPjS,iv:IBbV0+/ENY/pwn5xfxVPKwn4YpwGmZnRtmA86sppabw=,tag:9YbeHqXFi2KyvuEKgQx9sQ==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -60,7 +62,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-25T06:12:33Z" - mac: ENC[AES256_GCM,data:dpVTESsBlx5m/3zT3s6kUQOl1jP4ktEifhSFj0rhluT0WKzgHS0SCA5KuIc8vEzpleZg1rfMIm50Hvm3tu0DiM9xpJ0biyp3zUqInVXUxHBHKmBtXdLxqbYJPu67YnnY+Ue50bAH1soz9yLlWOGvMsYStFc66B5ixX14BRgyhIQ=,iv:JibGwXaCQ1qAV7Maapt0lg2pLUGDmWJKrWiJRab9wsM=,tag:wQNN+Sgbkhzj6hYm0xd2xA==,type:str] + lastmodified: "2025-07-27T19:49:15Z" + mac: ENC[AES256_GCM,data:G8wx83DyZRoq7LFazBNzBk/KCg2uYZ4XBCXH9vPDIIdycKdpKd5/Akh1LcPZg8f7bB4BfmENrFY3pG0CE/J9Xev5O+UHof/z+PNp0bTEQDses0XgCZCeeaOykERtzflibQwj0gOeMfO9a5h5wzLi8Qlk53uQXnoPn+jb3x/sE3Y=,iv:BsMg/NPCIO13bHLPtREewbthnPBk4rC4KZRyeM5yHN4=,tag:LN89FZVpF5IwdqHAjCtz8Q==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From ea64a9744328b090e179b5d3ca9ecf92ec8f923c Mon Sep 17 00:00:00 2001 From: Nick Date: Sun, 27 Jul 2025 15:02:42 -0500 Subject: [PATCH 2/5] feat: added prompter --- modules/config/instances/config/prompter.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/config/instances/config/prompter.nix b/modules/config/instances/config/prompter.nix index 36965dd..a58be9e 100755 --- a/modules/config/instances/config/prompter.nix +++ b/modules/config/instances/config/prompter.nix @@ -21,6 +21,7 @@ in domains = { url0 = domain; }; + subdomain = subdomain; tags = [ name "blog" From 6ee868bf7fb0b74e8e459951a6b0b2815dee06d5 Mon Sep 17 00:00:00 2001 From: Nick Date: Sun, 27 Jul 2025 15:04:53 -0500 Subject: [PATCH 3/5] feat: added prompter --- modules/nixos/services/prompter/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix index 6f47ab9..8b6f27b 100644 --- a/modules/nixos/services/prompter/default.nix +++ b/modules/nixos/services/prompter/default.nix @@ -43,7 +43,7 @@ in value = sopsPath secret; }) [ - "${service.name}-auth" + "auth" ] ); }; From 2940edac4473c06785df658ccf2ba8d45f6e2d76 Mon Sep 17 00:00:00 2001 From: Nick Date: Sun, 27 Jul 2025 15:07:56 -0500 Subject: [PATCH 4/5] feat: added prompter --- modules/nixos/services/prompter/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix index 8b6f27b..0026e70 100644 --- a/modules/nixos/services/prompter/default.nix +++ b/modules/nixos/services/prompter/default.nix @@ -31,7 +31,7 @@ in let sopsPath = secret: { path = "${service.sops.path0}/${service.name}-${secret}"; - owner = "caddy"; + owner = "root"; mode = "600"; }; in @@ -43,7 +43,7 @@ in value = sopsPath secret; }) [ - "auth" + "${service.name}-auth" ] ); }; From 42de25cdfc6e5b64776007368df100b0567e1e9a Mon Sep 17 00:00:00 2001 From: Nick Date: Sun, 27 Jul 2025 15:11:34 -0500 Subject: [PATCH 5/5] feat: added prompter --- modules/nixos/services/prompter/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/prompter/default.nix b/modules/nixos/services/prompter/default.nix index 0026e70..7a2393d 100644 --- a/modules/nixos/services/prompter/default.nix +++ b/modules/nixos/services/prompter/default.nix @@ -39,7 +39,7 @@ in secrets = builtins.listToAttrs ( map (secret: { - name = "${service.name}/${secret}"; + name = "caddy/${secret}"; value = sopsPath secret; }) [