diff --git a/machine/vps-arm/configuration.nix b/machine/vps-arm/configuration.nix index c2cf7c6..05fa727 100644 --- a/machine/vps-arm/configuration.nix +++ b/machine/vps-arm/configuration.nix @@ -14,6 +14,7 @@ ../../services/adguardhome.nix ../../services/atuin.nix + ../../services/firefox-syncserver.nix ../../services/frigate.nix ../../services/gitea.nix ../../services/goaccess.nix @@ -34,11 +35,17 @@ goaccess-htpasswd = { owner = config.services.nginx.user; group = config.services.nginx.group; + mode = "0440" }; frigate-htpasswd = { owner = config.services.nginx.user; group = config.services.nginx.group; + mode = "0440"; + }; + + syncserver-secrets = { + owner = config.users.users.firefox-syncserver.name; }; nextcloud-password = { @@ -49,6 +56,7 @@ gitea-password = { owner = config.services.gitea.user; group = config.services.gitea.group; + mode = "0440" }; }; }; diff --git a/secrets/secrets-vps-arm.yaml b/secrets/secrets-vps-arm.yaml index b28cfaa..33c4e7c 100644 --- a/secrets/secrets-vps-arm.yaml +++ b/secrets/secrets-vps-arm.yaml @@ -3,6 +3,7 @@ goaccess-htpasswd: ENC[AES256_GCM,data:aR4yM878GXnwjpYy42OIXFSj854XQDC+bmq0wr5Er frigate-htpasswd: ENC[AES256_GCM,data:qMpBRu/UsmlEtiWLvG7ZO8RpTMrPxJLTtGhV7BxDZ6qldQ0FcR9HEtSTGA==,iv:BaSg8Paga5JJf7pnQjNWuYX5kYVvMhDXQ2VLli0wIPw=,tag:goYZfCSVufbMwTg2JecEaA==,type:str] nextcloud-password: ENC[AES256_GCM,data:bVx/LZshIO0YYGNLJIhN7UjsJRxKH+zG8iUUbffK7nRIpPIp,iv:+fgbWU/O8fHt/7u8pP2L3ufh7MG4MKJtIbrcwi86oW8=,tag:gT+Du9U+NWHqvs2S5Jli3Q==,type:str] gitea-password: ENC[AES256_GCM,data:mGoPWtLdjaHG62c63OExPCgYmCiByPmocXwptllzXfzfuoQB,iv:Midv6cX6xqBztZx7gKetzfrqEGR+pRm/c8L9amJ2+RE=,tag:N1eELsDGsI6yHqjO5YdY3A==,type:str] +syncserver-secrets: ENC[AES256_GCM,data:1KtTO+EmK+xYOwGCh8YFxFldK783dEMm5e0Pj9Y6WzN+jV7J9cxDshsVq4iG75eO3Be1U8QQM6Q0nao=,iv:FXHR32uoj9+pf+yIrYH8QdAkBENfii+PkEkPQFjvgPg=,tag:P/CJIfHiAIVwMC9MwFbNXQ==,type:str] sops: kms: [] gcp_kms: [] @@ -27,8 +28,8 @@ sops: Z3BiOUl4c0VyYXFNRDQyaEpwemlJckUKWAFIJdb24C/bQ3ajeipjWlDsKYdxtWTA Vrn4OTcTdYArcSq6f0huoh57oJ44LQSc6T8lBpUS6gGCQSgATPfKXw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-31T17:37:21Z" - mac: ENC[AES256_GCM,data:/EAmz3WVow4/2DwBTZmqwmOAzVg66wlW3/JQLRavqqV3I+VYM6U2CV4bCeY6dkWFPgkdyCrtgLh6r8yOTbTH8gP97ezLMrf5fOmGPBPgyz2GDnl88mGp2v/NNnqcaIZnXio2OL7/opOXSzG8MvHSsiWVOUC6UGbVx8oIe6Ri0nQ=,iv:og6U9IHfRHt5+VpaJk7fFi9kC+Fntj68RCuNaKLgtFA=,tag:wP2fa4CVmRUrVKwlI3VwQQ==,type:str] + lastmodified: "2024-12-03T16:21:14Z" + mac: ENC[AES256_GCM,data:fwo2DWzJCfvXuJI1dsWIl9KIwdYhy2QeirzrZM4EHoQ64snphL6XZzQeyith2rR1aGqM0mI71f+lv8xR+5/jrwGg0hqrvhtCTMJqGamn894ErdtHoN34nH5BnVnOzlncWPBXXsR5oHEd9G3bk/E+xVRTiot2Nh0Iw40X9/diwUc=,iv:baEwnwIxO7c8eO+lvRIcQc2ee1Vsiv2ZIoPdxBcmTes=,tag:AzoHAVHuLfbxj9t3n7chMQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/services/firefox-syncserver.nix b/services/firefox-syncserver.nix new file mode 100644 index 0000000..3b55ff5 --- /dev/null +++ b/services/firefox-syncserver.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + pkgs, + ... +}: { + # environment = { + # persistence."/persist" = { + # directories = [ + # "/var/lib/immich" + # "/var/lib/redis-immich" + # ]; + # }; + # }; + + services = { + # nginx = { + # virtualHosts = { + # "firefox.szczepan.ski" = { + # forceSSL = true; + # enableACME = true; + # locations = {"/" = {proxyPass = "http://[::1]:2283/";};}; + # }; + # }; + # }; + + # postgresql = { + # enable = true; + # ensureDatabases = [ + # config.services.nextcloud.config.dbname + # ]; + # ensureUsers = [ + # { + # name = config.services..config.dbuser; + # ensureDBOwnership = true; + # # ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGEnS"; + # } + # ]; + # }; + + firefox-syncserver = { + enable = true; + secrets = config.sops.secrets."syncserver-secrets".path; + singleNode = { + enable = true; + hostname = "firefox-sync.szczepan.ski"; + enableTLS = true; + enableNginx = true; + }; + }; + }; +}