commit a8a18d05f524fa8b8cc8ef9285930e174fb5675a
parent 5011f645053e2b4f1364fc81cb265b215b4c2583
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Fri, 14 Nov 2025 19:07:28 +0100
parent 5011f645053e2b4f1364fc81cb265b215b4c2583
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Fri, 14 Nov 2025 19:07:28 +0100
config/nixos/modules/websites: add `ente.zaphyra.eu`
3 files changed, 139 insertions(+), 2 deletions(-)
A
|
133
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/websites/ente.zaphyra.eu.nix b/config/nixos/modules/websites/ente.zaphyra.eu.nix @@ -0,0 +1,133 @@ +{ + inputs, + povSelf, + hostConfig, + config, + pkgs, + lib, + dnsNix, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + subdomains = [ + "accounts" + "api" + "albums" + "cast" + "photos" + ]; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + subdomain = { + type = types.str; + default = "ente"; + }; + domain = { + type = types.str; + default = "zaphyra.eu"; + }; + }; + + config = lib.mkIf cfg.enable { + dns.zones."${cfg.domain}".subdomains = + (lib.genAttrs' subdomains ( + name: + lib.nameValuePair "${name}.${cfg.subdomain}" { + CNAME = [ "${cfg.subdomain}.${cfg.domain}." ]; + } + )) + // { + "${cfg.subdomain}".AAAA = [ hostConfig.networking.ip6Address ]; + "s3.${config.networking.hostName}.infra".CNAME = [ "${config.networking.fqdn}." ]; + }; + + sops.secrets = { + "environments/ente" = { + owner = "ente"; + group = "ente"; + }; + "environments/minio" = { + owner = "minio"; + group = "minio"; + }; + }; + + systemd.services.ente.serviceConfig.EnvironmentFile = config.sops.secrets."environments/ente".path; + + services.minio = { + enable = true; + rootCredentialsFile = config.sops.secrets."environments/minio".path; + browser = false; + listenAddress = "[::1]:9000"; + }; + + services.ente = { + web = { + enable = true; + package = pkgs.unstable.ente-web; + domains = lib.genAttrs subdomains ( + name: + lib.concatStringsSep "." [ + name + cfg.subdomain + cfg.domain + ] + ); + }; + api = { + enable = true; + package = pkgs.unstable.museum; + enableLocalDB = true; + nginx.enable = true; + domain = "api.${cfg.subdomain}.${cfg.domain}"; + settings = { + internal.admin = 1580559962386438; + s3.b2-eu-cen = { + use_path_style_urls = true; + are_local_buckets = true; + endpoint = "https://s3.${config.networking.fqdn}/"; + region = "us-east-1"; + bucket = "ente"; + }; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = + (lib.genAttrs' subdomains ( + name: + lib.nameValuePair "${name}.${cfg.subdomain}.${cfg.domain}" { + useACMEHost = config.networking.fqdn; + forceSSL = true; + kTLS = true; + } + )) + // { + "s3.${config.networking.fqdn}" = { + useACMEHost = config.networking.fqdn; + forceSSL = true; + kTLS = true; + locations."/" = { + proxyPass = "http://[::1]:9000"; + extraConfig = '' + client_max_body_size 100m; + ''; + }; + }; + }; + }; + }; + +}
diff --git a/hosts/pratorum/default.nix b/hosts/pratorum/default.nix @@ -178,6 +178,8 @@ "music.zaphyra.dn42".enable = true; "continuwuity-migration.zaphyra.eu".enable = true; + "ente.zaphyra.eu".enable = true; + #old fedi-instance "ctu.cx".enable = true; "fedi.ctu.cx".enable = true;
diff --git a/secrets/pratorum.yaml b/secrets/pratorum.yaml @@ -8,6 +8,8 @@ resticPasswords: gotosocial: ENC[AES256_GCM,data:qfhk9u5XGjLA2TILO+t/jjOGsigM5Cxpgbpo8ONzda8=,iv:Z5TopDhdvGLxsr3/z2odz13FI6e/N0PChoDWLkvToQY=,tag:vqO3/OS7Ts3CStSkJMBQVA==,type:str] environments: gotosocial: "" + ente: ENC[AES256_GCM,data:BJmx2rpp+vpsEHqEdIGCwDgBdZPLvDRaSvEfgmILTJUk2Tkmu9+QPJXnq/iFhidStbcEOX7eHRoVieGfE+hIM98VPs0hizjSpOYQCI4mZK9L9YONePSbExyf45cfPr/KxjEH6UIGqJstfi3u0iTVmP5M8M1Bw6HtS1pd2+8IMUMOVhd48fad9KMAXnezqAhUgP6CwzF7xf+DrmXIhSkE7E/jg2tkw2egLZvsVgOtqaRy5SJmG9zzL9CTvxvvbbYQzgzJHdtBMUyr2bSBsJk2Y/bJk9VG4bRCf4GjChd6ABiP2Iq//aAVgoHNb/9VN9lxDPb13tUAeuOMwBp1XODI9ues7rX4dcu4uv932Xy1DmKj0+wDhBrmRhduWydD4DuYcDN+LfL899RPCJ+vSJ813amdNxDKymU56RQ9HnKEcdn1+OWckNEEXfCCnerx35DAg6Gzbq9y,iv:4ASsxrm5LLjhLKFXJlzeF1Ma+zuWEnHPjvB7TU6I7U8=,tag:viB0TEf5sFi1VT5bBq24Tg==,type:str] + minio: ENC[AES256_GCM,data:XwVr+TSTASFfIg/HgvThd/eTMaTiKLgihOd+H6HThD9UC25H0zzUjWVXsmd1m733ycJKXMJ5pFgOWKnWdvb8xoDCzm7NkMP9daKSRhoVeHO171g32peyqTT4+1yVv07sOEpql0bE,iv:zBaHSt+UTvwLm6nBL4GY91fHbtAJzZpzmRmznZF5zlU=,tag:020Px9q1r1ETu0+ArtwUUw==,type:str] zigbee2mqttSecrets: ENC[AES256_GCM,data:XuRVNV4gVr5FLgqGRXxgyaMAVJIt38adDOzJnY0GWaN52Lb9/E7Sx/TWB41cEO9D4/+LRlf0VbE2B0zehYjQGw1dHlf4rvS5OH8PefKdqBv6w+G0BKRXGh8daERsU8v2r+Vjw7kWtyiADzKP2NRJrVLnJiITwq8kmHHsrYNcs+/492Z1/ElDTe3B32Hq7ATHaP+G7xbfgxMuxIcf9z1EFl39krpgQaw/5eWq7WT7QZIHKD7tZqSpgAUxSDBSNjE+M3wq8PmaqecvO1h/+UtEq5MzxnzfpF0yopJa9cch5SwQqT6XHrxzbM2DldZctuGGmcTJrWpcqHkT4mcO4MfwlanJ/YaT70H25ukJEAHKG/rU86QCk5pIUwGSH15GSxi8ze83QFmJhskzMAoJuDJ6h1AoS9bRn5wY,iv:kZqhnTlwMhIvXg4deiC1D73Y+gspZwdu08yoyeAEngk=,tag:GuzryBSDNke+5jXOuDtwDw==,type:str] dn42: wgPrivateKey: ENC[AES256_GCM,data:CjFgiBZieQdWPyDPl6gcz3xarWR5GTYJ9Ruee7/9pQLlypm+RWRys/3WOFo=,iv:uC7A58MS0zvwKMc74x0xSTIAJS7GbvoJN5N9KfXFVyw=,tag:y9sNo65Qk1TxqN0ReKDCAQ==,type:str] @@ -22,8 +24,8 @@ sops: TndyejhxbVZDTVdaYWRXT1htMVVsOTgKWAOJekArzYzoJF/JcPTSWrhQnvQrl9bU A7H0mCdklZZ66jiUo4iKLwocBn7h9VJ4p3lBdRxyqXuN6dicdQfafg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-26T09:31:13Z" - mac: ENC[AES256_GCM,data:KVjp50vGTtvOQOYRXbxmcEcbenJuWA4mqrsy0OVKS7MPtvmFBcQk+9joJG7yQrhMUxqndtM31md8JjvPRTOIfRVCwrsYAqwM4ZHOIeZp5fNFX7/QJvAMsc8kb1zQN2PB2KdxLIsqOoOuF6P2cjxTRMLdqjR2aMnzH/Cv++9iAus=,iv:KBzCCu5fSpz+T6rOCTgviGss1xvqrJLQapLwoo0brZA=,tag:ql35SeUmEHOjbMBdDWCTFA==,type:str] + lastmodified: "2025-11-14T08:05:22Z" + mac: ENC[AES256_GCM,data:d+rbhckitbWaChtZRAkhUxq4M1yh9g6v2ry+d0ALzhyzEuPwuw0OV1OwuLjqUQcHKvJxE0AJnp3LZGg0tKjitbqbWaRkl+qeknYfQdzPmsnApcHaJYg7N5u8uBmTlwYsSJeMyWsIk8yuPy+nVMRmJBAdxO4qd9iNcMT0M9lhP8I=,iv:AeU9bFYYan6QcTJrYikTeJGWSqzqGAsp6nALjlZoR4A=,tag:eHDr7sZfEvrqsJE7jIohxw==,type:str] pgp: - created_at: "2025-09-21T19:21:14Z" enc: |-