thrall: Enable hledger web interface

2023-04-17 00:29:44 +02:00 · 2023-04-17 00:29:44 +02:00 · df600c917c
commit df600c917c
parent 407d1d2ad0
3 changed files with 33 additions and 5 deletions
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@ -38,6 +38,12 @@ in {
    mailPass.file = ../../secrets/mailPass.age;
    paperless-mail.file = ../../secrets/paperless-mail.age;
    wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
+    hledger-web = {
+      file = ../../secrets/hledger-web.htaccess.age;
+      mode = "440";
+      owner = "nginx";
+      group = "nginx";
+    };
  };

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
@ -228,6 +234,17 @@ in {
        proxyWebsockets = true;
      };
    };
+
+    # hledger
+    "ledger.failco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      basicAuthFile = config.age.secrets.hledger-web.path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3003/";
+        proxyWebsockets = true;
+      };
+    };
  };

  services.gitea = {
@ -303,7 +320,6 @@ in {
    loginAccounts = {
      "me@failco.de" = {
        # nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
-        # nix run github:ryantm/agenix -- -i <identity> -e password.age
        hashedPasswordFile = config.age.secrets.mailPass.path;

        aliases = [ "lx@failco.de" "alex@failco.de" ];
--- a/secrets/hledger-web.htaccess.age
+++ b/secrets/hledger-web.htaccess.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 ntNFHjGdIlYJTbloT8Ujpn8Yh+oAaX/m0DHrq9ukLHQ
+CTj9AefZLuZ0sBuFatp8/lEL8bUf2IXOHW00XJEdSVY
+-> ssh-ed25519 NCz+gA kj420yScWjDD95LtvEb/62uXVzJU/v0ZSuJ+15MRdS8
+vFZNC94TxoXh1vVjHFPwPIV+nta5rWgdYWTokbBitxE
+-> 9-grease %8XR5/t }
+22U6Glc0+L2vlRnrx1Sd1g9b4sfpt/1d0ihfEk5ZQOgEcy45+eNmbHTLQHYzpkFo
+PmIBJrRj07B93Pp1MR4sHmOMtK358D9l1LSURdWQtmtcocOoKdQWmPq+IQ
+--- 1F50mU6ZhA2vbJq1Nkae6KWzxGY1DGdPNhlA6S3r2GM
+—F<EFBFBD>£œMÑ®æ<14>L~š†:5vÖ3ß<>d?	õ¬l~½Š:_€Õ„ZùDøÔJÝR„Õ+<2B>"
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,12 +1,14 @@
+# nix run github:ryantm/agenix -- -i <identity> -e password.age
 let
-  thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
+  thrall =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
  alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
  systems = [ thrall ];

  users = [ alex ];
-in
-{
+in {
  "mailPass.age".publicKeys = users ++ systems;
  "paperless-mail.age".publicKeys = users ++ systems;
-  "wireguard-thrall.age".publicKeys = [thrall];
+  "wireguard-thrall.age".publicKeys = [ thrall ];
+  "hledger-web.htaccess.age".publicKeys = users ++ systems;
 }