diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix index c452874..825c922 100644 --- a/machines/dragonwell/default.nix +++ b/machines/dragonwell/default.nix @@ -13,6 +13,7 @@ in ./golink.nix ./gotosocial.nix ./miniserve.nix + ./pubserve.nix ./restic.nix ./soju.nix ./tandoor.nix diff --git a/machines/dragonwell/pubserve.nix b/machines/dragonwell/pubserve.nix new file mode 100644 index 0000000..ed05fc5 --- /dev/null +++ b/machines/dragonwell/pubserve.nix @@ -0,0 +1,68 @@ +{ pkgs, lib, ... }: +let + user = "pubserve"; + path = "/var/lib/pubserve"; +in +{ + users.users.${user} = { + group = user; + home = path; + createHome = true; + isSystemUser = true; + isNormalUser = false; + + }; + users.groups.${user} = { }; + + systemd.services = + let + commonArgs = [ + "-i '127.0.0.1'" + "-H" + "-D" + "-F" + "--hide-theme-selector" + "--readme" + path + ]; + in + { + pubserve = { + description = "Miniserve Public File Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.miniserve}/bin/miniserve -t 'PubServe' -p 3454 ${lib.concatStringsSep " " commonArgs}"; + Restart = "on-failure"; + User = user; + Group = user; + }; + }; + privserve = { + description = "Miniserve Public File Server (Admin)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.miniserve}/bin/miniserve -u -U -o -t 'PrivServe' -p 3455 ${lib.concatStringsSep " " commonArgs}"; + Restart = "on-failure"; + User = user; + Group = user; + }; + }; + }; + services.tailproxy = { + pubserve = { + enable = true; + hostname = "pubserve"; + funnel = true; + port = 3454; + authKey = "tskey-auth-kJrnknpMsL11CNTRL-ot1kkasErR2cLZZmfuKYR2b9za7fCzVR"; # One-time key + }; + privserve = { + enable = true; + hostname = "privserve"; + port = 3455; + authKey = "tskey-auth-kKFv865ykk11CNTRL-dfmxUREHP5evuuMsfPy55ehXECXrLF1N7"; # One-time key + }; + }; +}