From a42b3d8bb16b4211b8d32944b82211da02748ca3 Mon Sep 17 00:00:00 2001 From: Sukant Hajra Date: Mon, 18 Nov 2024 20:50:19 -0600 Subject: [PATCH] Mealie: Part 2 --- flake.lock | 8 +++---- machines/modules/ubiquity/default.nix | 14 +++++++++++- machines/modules/ubiquity/dummy.crt | 10 +++++++++ machines/modules/ubiquity/dummy.key | 9 ++++++++ machines/target/cake/default.nix | 32 ++++++++++++++++++++++++++- 5 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 machines/modules/ubiquity/dummy.crt create mode 100644 machines/modules/ubiquity/dummy.key diff --git a/flake.lock b/flake.lock index dfb93ea..3978009 100644 --- a/flake.lock +++ b/flake.lock @@ -1517,13 +1517,13 @@ }, "shajra-private": { "locked": { - "lastModified": 1731978327, - "narHash": "sha256-reCl2h457SilGSiaY3XiKUNYp5R27X/bvu291eQgNUQ=", + "lastModified": 1731997205, + "narHash": "sha256-gMZFRkKSQ0enssubWPVzukY5EQYOF7Cg1aPxB3Zg9bM=", "ref": "refs/heads/main", - "rev": "8bad7e4dd98fc596a1d5585296c45402951920ba", + "rev": "6c5d130b8e87c8f6e47cdb1da7640d673fd6bccb", "revCount": 3, "type": "git", - "url": "ssh://tnks@cake/~/src/shajra/shajra-private?branch=main" + "url": "ssh://tnks@cake/home/tnks/src/shajra/shajra-private?branch=main" }, "original": { "id": "shajra-private", diff --git a/machines/modules/ubiquity/default.nix b/machines/modules/ubiquity/default.nix index 6796f0b..b19c587 100644 --- a/machines/modules/ubiquity/default.nix +++ b/machines/modules/ubiquity/default.nix @@ -1,12 +1,24 @@ -{ build, ... }: +{ lib, build, ... }: let hostname = "cake"; user = build.config.provision.user."${hostname}".username; + certType = descExtra: default: lib.mkOption { + type = lib.types.path; + description = "Path to server SSL certificate${descExtra}."; + inherit default; + }; + in { imports = [ ../../../home/modules/ubiquity/theme/base.nix ]; + + options = { + services.mealie.sslCertificate = certType "" ./dummy.crt; + services.mealie.sslCertificateKey = certType " key" ./dummy.key; + }; + config = { nix.extraOptions = '' experimental-features = nix-command flakes diff --git a/machines/modules/ubiquity/dummy.crt b/machines/modules/ubiquity/dummy.crt new file mode 100644 index 0000000..ce7318a --- /dev/null +++ b/machines/modules/ubiquity/dummy.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBrTCCAVWgAwIBAgIJAJ7H+P8AKLJnMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM +CXlvdXItZG9tYWluMCAXDTIwMDEwMTAwMDAwMFoYDzIwNTAwMTAxMDAwMDAwWjAU +MRIwEAYDVQQDDAl5b3VyLWRvbWFpbjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BCb/y8C8kVmktQIMlq64rL+SH79bsXAzJpA4glxs6x8Jkbh+Hrs1Si+3VSdK4FHv +Wv1kFjeRtG/i2/q1ibwZk7CjUDBOMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL6t +9dqsKwzW62XxQpjQFUVHoKwrMB8GA1UdIwQYMBaAFL6t9dqsKwzW62XxQpjQFUVH +oKwrMAoGCCqGSM49BAMCA0cAMEQCICfguPMd5L9jyLUMv0RNDplZCojF8uo1cg2V +pE5GQ/MMAiBa+d6ThAe77/jhB3puZVq+dIQihqS2FJfovRhbXsUw== +-----END CERTIFICATE----- diff --git a/machines/modules/ubiquity/dummy.key b/machines/modules/ubiquity/dummy.key new file mode 100644 index 0000000..b6fa88e --- /dev/null +++ b/machines/modules/ubiquity/dummy.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAL5QOAFNDYVYVqMk+EO8yONMVV2GVOWA+uqlFAJgKjK/xYk7s+jR +Vwfpj8N9T+rfndtkAvT7dd7y9dh8OB+ZsUECAwEAAQJAV/oa0mVwjsJ58ukBOpJu +c6ivO+RxU9SD9nUwKDoXK94oNjpyAJGFcRx2+hGe/7Er9/B2RGPXT/E4+VVmb9NJ +MQIhAOzbm9GyKBkmg9RAH2L7khoNQ5GVnFw+LlRjHR+msH35AiEAztZbXhzLzXx9 +R/fKtuh5Zx9gHYFQnlh/HWMsdpWxx5sCIQDQDqh8PVKfpNxuzWVoaj17Wy/hwnvT +0mgYxe3LuOKn/QIhAJJoKn4s2HrxPH8kZ5PRIzPy3G6rdc9Y/PC3YMaAuVw/AiEA +t90Z6ubMjxfXyt+Gxq9nSmPqseYCboM/NMIEuYIsTcQ= +-----END RSA PRIVATE KEY----- diff --git a/machines/target/cake/default.nix b/machines/target/cake/default.nix index a4f1a27..827c71b 100644 --- a/machines/target/cake/default.nix +++ b/machines/target/cake/default.nix @@ -1,4 +1,4 @@ -{ pkgs, build, ... }: +{ config, pkgs, build, ... }: let @@ -85,6 +85,7 @@ in { location.longitude = -97.7431; networking.domain = "home.arpa"; + networking.firewall.allowedTCPPorts = [ 443 ]; networking.hostId = "2d58ff06"; networking.hostName = hostname; #networking.interfaces.eno1.useDHCP = false; @@ -127,6 +128,35 @@ in { services.libinput.mouse.scrollMethod = "button"; services.locate.enable = true; services.mealie.enable = true; + + services.nginx = { + enable = true; + virtualHosts = { + "meali.home.arpa" = { + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + forceSSL = true; + inherit (config.services.mealie) + sslCertificate + sslCertificateKey; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + ''; + }; + }; + }; + }; + services.ntp.enable = true; services.openssh.enable = true; services.openssh.extraConfig = ''AllowUsers tnks mzhajra'';