upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-08-09 05:14:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
dotfiles/modules/nixos/services/glance/default.nix
Nick 187e067118 feat: added glance to caddy
2025-07-03 19:49:48 -05:00

83 lines
1.9 KiB
Nix
Executable file
Raw Blame History

{ config, flake, ... }:
let
inherit (flake.config.services.instances)
glance
jellyfin
web
;
inherit (flake.config.machines.devices) ceres mars deimos;
configHelpers = {
service = glance;
hostname = config.networking.hostName;
localhost = web.localhost.address0;
host = configHelpers.service.domains.url0;
};
service = glance;
configPath = ./config;
configImports = {
server = import (configPath + /server.nix) { inherit flake service; };
branding = import (configPath + /branding.nix);
theme = import (configPath + /theme.nix);
pages = import (configPath + /pages.nix) { inherit config flake; };
};
in
{
services = {
glance = {
enable = true;
settings = configImports;
};
};
caddy = {
virtualHosts = {
"${configHelpers.host}" = {
extraConfig = ''
@allowed_ips {
remote_ip ${mars.wireguard.ip0} ${deimos.wireguard.ip0}
}
handle @allowed_ips {
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
}
handle {
respond "Access Denied" 403
}
tls ${configHelpers.service.ssl.cert} ${configHelpers.service.ssl.key}
'';
};
};
};
sops =
let
sopsPath = secret: {
path = "/run/secrets/${service.name}-${secret}";
owner = "root";
group = "root";
mode = "644";
};
in
{
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
# "key"
# "${user0}-pass"
jellyfin.name
]
);
};
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
];
};
};
}
Reference in a new issue View git blame Copy permalink