jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

thrall: Enable hledger web interface

Browse source
This commit is contained in:
Alexander Kobjolke 2023-04-17 00:29:44 +02:00
parent 407d1d2ad0
commit df600c917c
3 changed files with 33 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/thrall/default.nix
View file

@ -38,6 +38,12 @@ in {
mailPass.file = ../../secrets/mailPass.age; mailPass.file = ../../secrets/mailPass.age;
paperless-mail.file = ../../secrets/paperless-mail.age; paperless-mail.file = ../../secrets/paperless-mail.age;
wireguard-thrall.file = ../../secrets/wireguard-thrall.age; wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
hledger-web = {
file = ../../secrets/hledger-web.htaccess.age;
mode = "440";
owner = "nginx";
group = "nginx";
};
}; };
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
@ -228,6 +234,17 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
# hledger
"ledger.failco.de" = {
forceSSL = true;
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://127.0.0.1:3003/";
proxyWebsockets = true;
};
};
}; };
services.gitea = { services.gitea = {
@ -303,7 +320,6 @@ in {
loginAccounts = { loginAccounts = {
"me@failco.de" = { "me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
# nix run github:ryantm/agenix -- -i <identity> -e password.age
hashedPasswordFile = config.age.secrets.mailPass.path; hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [ "lx@failco.de" "alex@failco.de" ]; aliases = [ "lx@failco.de" "alex@failco.de" ];

10
secrets/hledger-web.htaccess.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 ntNFHjGdIlYJTbloT8Ujpn8Yh+oAaX/m0DHrq9ukLHQ
CTj9AefZLuZ0sBuFatp8/lEL8bUf2IXOHW00XJEdSVY
-> ssh-ed25519 NCz+gA kj420yScWjDD95LtvEb/62uXVzJU/v0ZSuJ+15MRdS8
vFZNC94TxoXh1vVjHFPwPIV+nta5rWgdYWTokbBitxE
-> 9-grease %8XR5/t }
22U6Glc0+L2vlRnrx1Sd1g9b4sfpt/1d0ihfEk5ZQOgEcy45+eNmbHTLQHYzpkFo
PmIBJrRj07B93Pp1MR4sHmOMtK358D9l1LSURdWQtmtcocOoKdQWmPq+IQ
--- 1F50mU6ZhA2vbJq1Nkae6KWzxGY1DGdPNhlA6S3r2GM
—F<EFBFBD>£œMÑ®æ<14>L~š†:5vÖ3 ß<>d? õ¬l~½Š:_€Õ„ZùDøÔJÝR„Õ+<2B>"

10
secrets/secrets.nix
View file

@ -1,12 +1,14 @@
# nix run github:ryantm/agenix -- -i <identity> -e password.age
let let
thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re"; thrall =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a"; alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
systems = [ thrall ]; systems = [ thrall ];
users = [ alex ]; users = [ alex ];
in in {
{
"mailPass.age".publicKeys = users ++ systems; "mailPass.age".publicKeys = users ++ systems;
"paperless-mail.age".publicKeys = users ++ systems; "paperless-mail.age".publicKeys = users ++ systems;
"wireguard-thrall.age".publicKeys = [thrall]; "wireguard-thrall.age".publicKeys = [ thrall ];
"hledger-web.htaccess.age".publicKeys = users ++ systems;
} }