pyrox.dev / nix
My Nix Configuration
fork atom

[marvin.services] pingvin-share: enable

pyrox.dev 35e02480 31a6380d

verified
options
unified split
Changed files
+129
lib
data
services.toml
packages
anubis-files
src
policies
pingvin-share.yaml
pingvin-share-config
default.nix
systems
x86_64-linux
marvin
default.nix
services
pingvin-share.nix
secrets
pingvin-secrets.age
secrets.nix
prefect
services
mailserver
logins.nix
+8
lib/data/services.toml 
···

       
83

       
83

       
 

       
host = "marvin"


     

       
84

       
84

       
 

       
tsHost = "yt"


     

       
85

       
85

       
 

       



     

       

       
86

       
+

       
[pingvin-share]


     

       

       
87

       
+

       
port = 6933


     

       

       
88

       
+

       
host = "marvin"


     

       

       
89

       
+

       
extUrl = "share.pyrox.dev"


     

       

       
90

       
+

       
anubis = 8410


     

       

       
91

       
+

       
be-port = 30104


     

       

       
92

       
+

       
be-anubis = 30105


     

       

       
93

       
+

       



     

       
86

       
94

       
 

       
[planka]


     

       
87

       
95

       
 

       
port = 6929


     

       
88

       
96

       
 

       
host = "marvin"
+7
packages/anubis-files/src/policies/pingvin-share.yaml 
···

       

       
1

       
+

       
bots:


     

       

       
2

       
+

       
  - import: (data)/bots/ai-robots-txt.yaml


     

       

       
3

       
+

       
  - import: CUSTOM/block/alibaba-cloud.yaml


     

       

       
4

       
+

       
  - import: (data)/common/keep-internet-working.yaml


     

       

       
5

       
+

       
  - import: CUSTOM/challenge/generic-browser.yaml


     

       

       
6

       
+

       



     

       

       
7

       
+

       
dnsbl: false
+19
packages/pingvin-share-config/default.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  pkgs,


     

       

       
3

       
+

       
  stdenv,


     

       

       
4

       
+

       
  settings ? { },


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  format = pkgs.formats.yaml { };


     

       

       
9

       
+

       
  file = format.generate "config.yaml" settings;


     

       

       
10

       
+

       
in


     

       

       
11

       
+

       
stdenv.mkDerivation {


     

       

       
12

       
+

       
  pname = "pingvin-share-config";


     

       

       
13

       
+

       
  version = "1.0.0";


     

       

       
14

       
+

       



     

       

       
15

       
+

       
  installPhase = ''


     

       

       
16

       
+

       
    mkdir $out


     

       

       
17

       
+

       
    cp ${file} $out/config.yaml


     

       

       
18

       
+

       
  '';


     

       

       
19

       
+

       
}
+1
systems/x86_64-linux/marvin/default.nix 
···

       
23

       
23

       
 

       
    ./services/nginx.nix


     

       
24

       
24

       
 

       
    ./services/nextcloud


     

       
25

       
25

       
 

       
    ./services/pinchflat.nix


     

       

       
26

       
+

       
    ./services/pingvin-share.nix


     

       
26

       
27

       
 

       
    ./services/planka.nix


     

       
27

       
28

       
 

       
    ./services/pocket-id.nix


     

       
28

       
29

       
 

       
    ./services/podman.nix
+89
systems/x86_64-linux/marvin/services/pingvin-share.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  lib,


     

       

       
3

       
+

       
  config,


     

       

       
4

       
+

       
  pkgs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  d = lib.py.data.services.pingvin-share;


     

       

       
9

       
+

       
  cfg = config.services.pingvin-share;


     

       

       
10

       
+

       
  configFile = pkgs.py.pingvin-share-config.overrideAttrs {


     

       

       
11

       
+

       
    settings = {


     

       

       
12

       
+

       
      general = {


     

       

       
13

       
+

       
        appName = "dishNet Files";


     

       

       
14

       
+

       
        secureCookies = "true";


     

       

       
15

       
+

       
      };


     

       

       
16

       
+

       
      share = {


     

       

       
17

       
+

       
        allowRegistration = "false";


     

       

       
18

       
+

       
        allowUnauthenticatedShares = "false";


     

       

       
19

       
+

       
      };


     

       

       
20

       
+

       
      email.enableShareEmailRecipients = "true";


     

       

       
21

       
+

       
      smtp = {


     

       

       
22

       
+

       
        enabled = "true";


     

       

       
23

       
+

       
        host = "mail.pyrox.dev";


     

       

       
24

       
+

       
        port = "465";


     

       

       
25

       
+

       
        email = "share@pyrox.dev";


     

       

       
26

       
+

       
        username = "share@pyrox.dev";


     

       

       
27

       
+

       
        password = "SMTP_PASSWORD";


     

       

       
28

       
+

       
      };


     

       

       
29

       
+

       
      ldap.enabled = "false";


     

       

       
30

       
+

       
      legal.enabled = "false";


     

       

       
31

       
+

       
      s3.enabled = "false";


     

       

       
32

       
+

       
      initUser = {


     

       

       
33

       
+

       
        enabled = true;


     

       

       
34

       
+

       
        username = "dish";


     

       

       
35

       
+

       
        email = "pyrox@pyrox.dev";


     

       

       
36

       
+

       
        password = "ADMIN_PASSWORD";


     

       

       
37

       
+

       
        isAdmin = true;


     

       

       
38

       
+

       
      };


     

       

       
39

       
+

       
    };


     

       

       
40

       
+

       
  };


     

       

       
41

       
+

       
in


     

       

       
42

       
+

       
{


     

       

       
43

       
+

       
  services = {


     

       

       
44

       
+

       
    pingvin-share = {


     

       

       
45

       
+

       
      enable = true;


     

       

       
46

       
+

       
      backend.port = d.be-port;


     

       

       
47

       
+

       
      frontend.port = d.port;


     

       

       
48

       
+

       
      hostname = "share.pyrox.dev";


     

       

       
49

       
+

       
      https = true;


     

       

       
50

       
+

       
    };


     

       

       
51

       
+

       
    anubis.instances = lib.mkIf cfg.enable {


     

       

       
52

       
+

       
      pingvin-share-be = {


     

       

       
53

       
+

       
        settings = {


     

       

       
54

       
+

       
          BIND = ":${toString d.be-anubis}";


     

       

       
55

       
+

       
          POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pingvin-share.yaml";


     

       

       
56

       
+

       
          TARGET = "http://localhost:${toString d.be-port}";


     

       

       
57

       
+

       
        };


     

       

       
58

       
+

       
      };


     

       

       
59

       
+

       
      pingvin-share-fe = {


     

       

       
60

       
+

       
        settings = {


     

       

       
61

       
+

       
          BIND = ":${toString d.anubis}";


     

       

       
62

       
+

       
          POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pingvin-share.yaml";


     

       

       
63

       
+

       
          TARGET = "http://localhost:${toString d.port}";


     

       

       
64

       
+

       
        };


     

       

       
65

       
+

       
      };


     

       

       
66

       
+

       
    };


     

       

       
67

       
+

       
  };


     

       

       
68

       
+

       
  systemd.services.init-pingvin-config = {


     

       

       
69

       
+

       
    enable = cfg.enable;


     

       

       
70

       
+

       
    description = "Pingvin Share configuration setup";


     

       

       
71

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
72

       
+

       
    before = [ "pingvin-share.service" ];


     

       

       
73

       
+

       
    path = [ pkgs.gnused ];


     

       

       
74

       
+

       
    script = ''


     

       

       
75

       
+

       
      rm ${cfg.dataDir}/config.yaml


     

       

       
76

       
+

       
      chmod o-rwx ${cfg.dataDir}/config.yaml


     

       

       
77

       
+

       
      chmod ug-x ${cfg.dataDir}/config.yaml


     

       

       
78

       
+

       
      cp ${configFile}/config.yaml ${cfg.dataDir}/config.yaml


     

       

       
79

       
+

       
      sed -i "s/SMTP_PASSWORD/$SMTP_PASSWORD/" ${cfg.dataDir}/config.yaml


     

       

       
80

       
+

       
      sed -i "s/ADMIN_PASSWORD/$ADMIN_PASSWORD/" ${cfg.dataDir}/config.yaml


     

       

       
81

       
+

       
    '';


     

       

       
82

       
+

       
    serviceConfig = {


     

       

       
83

       
+

       
      EnvironmentFile = config.age.secrets.pingvin-secrets.path;


     

       

       
84

       
+

       
      User = cfg.user;


     

       

       
85

       
+

       
      Group = cfg.group;


     

       

       
86

       
+

       
      ReadWritePaths = [ "${cfg.dataDir}/config.yaml" ];


     

       

       
87

       
+

       
    };


     

       

       
88

       
+

       
  };


     

       

       
89

       
+

       
}
systems/x86_64-linux/marvin/services/secrets/pingvin-secrets.age

This is a binary file and will not be displayed.

+1
systems/x86_64-linux/marvin/services/secrets/secrets.nix 
···

       
35

       
35

       
 

       
  "../nextcloud/nextcloud-admin-pw.age".publicKeys = marvinDefault;


     

       
36

       
36

       
 

       
  "nix-serve-priv.age".publicKeys = marvinDefault;


     

       
37

       
37

       
 

       
  "pinchflat-secrets.age".publicKeys = marvinDefault;


     

       

       
38

       
+

       
  "pingvin-secrets.age".publicKeys = marvinDefault;


     

       
38

       
39

       
 

       
  "planka-env.age".publicKeys = marvinDefault;


     

       
39

       
40

       
 

       
  "pocket-id-secrets.age".publicKeys = marvinDefault;


     

       
40

       
41

       
 

       
  "vaultwarden-vars.age".publicKeys = marvinDefault;
+4
systems/x86_64-linux/prefect/services/mailserver/logins.nix 
···

       
33

       
33

       
 

       
      hashedPassword = "$2b$05$uZoLVdCo48rLVBFdG0.UXua8a.84w1PzmLYOpJ1qTNo25KCdQlflm";


     

       
34

       
34

       
 

       
      sendOnly = true;


     

       
35

       
35

       
 

       
    };


     

       

       
36

       
+

       
    "share@pyrox.dev" = {


     

       

       
37

       
+

       
      hashedPassword = "$2b$05$GTK7WRECM2FKlpqUWhsE1e9QaXX5fQ41id.W/PV2TZnOwNtrKJZHe";


     

       

       
38

       
+

       
      sendOnly = true;


     

       

       
39

       
+

       
    };


     

       
36

       
40

       
 

       
  };


     

       
37

       
41

       
 

       
}