john/panoptes-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added caddy for paperless

Browse Source
This commit is contained in:
John Lancaster
2025-05-27 00:51:36 -05:00
parent 7bf0271b45
commit 373fc522e3
4 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configuration.nix
View File

@@ -3,6 +3,11 @@
services.openssh.enable = true; services.openssh.enable = true;
services.avahi = { enable = true; nssmdns4 = true; }; services.avahi = { enable = true; nssmdns4 = true; };
sops.defaultSopsFile = ./secrets/encrypted_secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
home-manager home-manager
bash bash

22
nixosModules/caddy.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
sops.secrets.cloudflare-api-key = {};
# https://nixos.wiki/wiki/Caddy
services.caddy = {
enable = true;
environmentFile = config.sops.secrets.cloudflare-api-key.path;
virtualHosts."paperless.john-stream.com".extraConfig = ''
reverse_proxy 192.168.1.110:8000
tls {
dns cloudflare {env.CF_API_TOKEN}
}
'';
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
hash = "sha256-Gsuo+ripJSgKSYOM9/yl6Kt/6BFCA6BuTDvPdteinAI=";
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

1
nixosModules/default.nix
View File

@@ -1,6 +1,7 @@
{ ... }: { { ... }: {
imports = imports =
[ [
./caddy.nix
./services/loki.nix ./services/loki.nix
./users.nix ./users.nix
]; ];

6
secrets/encrypted_secrets.yaml
View File

@@ -1,4 +1,4 @@
TUNNEL_TOKEN: ENC[AES256_GCM,data:vrA9MCZqVBOsSIPzVkP/87eoY4CBEiCtSRPKtXqxJrrlGmRrxvOI20m8Mrj8Y8u0apatNGGGy74L4DNAueTyvykCLEqtSrt8OG+a03wdD4m4skqWwyzULWlFYUokf0B29z62gZk3Y0ATTF6+nAczs5drKzn2CMlHpXZCzb6UwX3TGJvZLS3bGmG3EhoqdUsYi3TvA4LdN6MBQwpvW1Ga31gls+U71fHmdOrlszt6EojSv3uibRtKUA==,iv:45SDkBHa7DTohhoTI6QhP8p219EIDBiM6vozxI2uVK0=,tag:y3GGLdG9nQs6vREp6XirEw==,type:str] cloudflare-api-key: ENC[AES256_GCM,data:ktlEznpdv7H6+w7vPe+0ylHdNR9ODZe2TMRiKs5RMEmblqMsvZTiCG5J/54cjaGwgwPHdw02pwc=,iv:H4YoS7sqxl9MBmwYb6N7pA/hGm21AyYgBQv64dSQU/o=,tag:93Ah+xReidRHuhvnuMWqdQ==,type:str]
sops: sops:
age: age:
- recipient: age102mctuw7xvs3fakft0mlfh740kc6rdaqqgmmwf400c4g3spefyjqrfmwct - recipient: age102mctuw7xvs3fakft0mlfh740kc6rdaqqgmmwf400c4g3spefyjqrfmwct
@@ -10,7 +10,7 @@ sops:
ZnExa3NseGRrdXcrNTN4YkVSa2d6SDAKlzXHOUKAjNxY/okZJQurTpeaZUjjnyp/ ZnExa3NseGRrdXcrNTN4YkVSa2d6SDAKlzXHOUKAjNxY/okZJQurTpeaZUjjnyp/
OrvFMTxuMfK+EIIgj6WTm23ZKV4vmk0q0yboS4eXgDZTEB79tKxgyA== OrvFMTxuMfK+EIIgj6WTm23ZKV4vmk0q0yboS4eXgDZTEB79tKxgyA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-27T05:10:38Z" lastmodified: "2025-05-27T05:32:23Z"
mac: ENC[AES256_GCM,data:N53rUCPtj2YnffCEeA83l2wiHzeAtB95WZf7IY0680NtAiVPwd8LwMRPX43GP/bt+WbuesWotXhlX+G640KZ+qrs5ziwzgSVp9d6t6N9xztveJxrFxcz/mzhR5dQiAda3FPRUSZ/umK+xyPcFMmB+AhuhU45sU4f7Hbb/lY9ug0=,iv:40oDpmeeyi4lpwyi/MABl8Tp9QwyitBWYKd3/3BXrfw=,tag:fB8RSJTn4X6rdviWj+o0aw==,type:str] mac: ENC[AES256_GCM,data:ogFHQuKe2RkkaZRdbkUWaF61+bmyCAoesJuCDCPgKLEoCaLSfnQ/gSI5eNbrKvBGc7UsMjl86iTkLksPVHKOZQi4dCETVxbxh5ASSxTTREgBHKRGx4Vx+3aWjhyU/ympHKiAQ58Q1FnkwaF38ub42BszfqMTnjmODNTL75mz/9k=,iv:Q4514nGzCWJaDn+Lk4w6OOasnIafHHK0WxSAn6B8WLc=,tag:E8vEGwXPk1CfFSUS3xeHBA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2