4o1x5/infrastructure
4o1x5/infrastructure
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-08-30. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/hosts/carbon/services/privacy/proxitok.nix
2005 9216cbbf62 🚀 big update: 
added logging to all nginx routes
added loki, promtail to scrape nginx logs
turned i2pd back on,
updated my websites version
upgraded all hosts to 24.05
forgejo added bigger limit to upload limit due to docker images
privacy frontends:
    added priviblur
    libreddit -> redlib
    added biblioreads

ddns-updater, changed credentials but there is a bug with porkbun
added penpot
brought back anonymousoverflow
added readme privacy respecting frontends
2024-06-03 02:06:02 +02:00

172 lines
4.7 KiB
Nix
Raw Blame History

# Auto-generated using compose2nix v0.2.0-pre.
{ pkgs, lib, config, ... }:
{
services.nginx = {
virtualHosts = {
"proxitok.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:4772";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
# Containers
virtualisation.oci-containers.containers."proxitok-redis" = {
image = "redis:7-alpine";
cmd = [ "redis-server" "--save" "60" "1" "--loglevel" "warning" ];
user = "nobody";
log-driver = "journald";
extraOptions = [
"--cap-drop=ALL"
"--network-alias=redis"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_proxitok.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."proxitok-signer" = {
image = "ghcr.io/pablouser1/signtok:master";
user = "nobody";
log-driver = "journald";
extraOptions = [
"--cap-drop=ALL"
"--network-alias=signer"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-signer" = {
serviceConfig = {
Restart = lib.mkOverride 500 "no";
};
after = [
"podman-network-docker-compose_proxitok.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."proxitok-web" = {
image = "ghcr.io/pablouser1/proxitok:master";
environment = {
API_CACHE = "redis";
API_SIGNER = "remote";
API_SIGNER_URL = "http://proxitok-signer:8080/signature";
LATTE_CACHE = "/cache";
REDIS_HOST = "proxitok-redis";
REDIS_PORT = "6379";
APP_URL = "https://proxitok.${config.networking.domain}";
};
volumes = [
"proxitok-cache:/cache:rw"
];
ports = [
"4772:8080/tcp"
];
dependsOn = [
"proxitok-redis"
"proxitok-signer"
];
log-driver = "journald";
extraOptions = [
"--cap-add=CHOWN"
"--cap-add=SETGID"
"--cap-add=SETUID"
"--cap-drop=ALL"
"--network-alias=web"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-web" = {
serviceConfig = {
Restart = lib.mkOverride 500 "no";
};
after = [
"podman-network-docker-compose_proxitok.service"
"podman-volume-docker-compose_proxitok-cache.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
"podman-volume-docker-compose_proxitok-cache.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
# Networks
systemd.services."podman-network-docker-compose_proxitok" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_proxitok";
};
script = ''
podman network inspect docker-compose_proxitok || podman network create docker-compose_proxitok
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Volumes
systemd.services."podman-volume-docker-compose_proxitok-cache" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_proxitok-cache || podman volume create docker-compose_proxitok-cache
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-docker-compose-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
Reference in a new issue View git blame Copy permalink