jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add tandoor

Browse source
This commit is contained in:
Jakob Lechner 2025-04-18 02:01:27 +02:00
parent d677595ed8
commit 5c7a68e74f
5 changed files with 49 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/magnesium/persistence.nix
View file

@ -34,6 +34,12 @@
"/var/lib/nixos"
"/var/lib/private/mealie"
"/var/lib/private/ntfy-sh"
{
directory = "/var/lib/private/tandoor-recipes";
user = "tandoor_recipes";
group = "tandoor_recipes";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/var/lib/trilium";
user = "trilium";

1
hosts/magnesium/ports.nix
View file

@ -12,6 +12,7 @@
nginx-http.tcp = 80;
nginx-https.tcp = 443;
ntfy.tcp = 12474;
tandoor.tcp = 9001;
trilium.tcp = 12783;
wireguard-public-ip-tunnel.udp = 51000;
};

6
hosts/magnesium/secrets.yaml
View file

@ -4,6 +4,8 @@ gitlab-runner_fablab-nea-hcloud-labsync: ENC[AES256_GCM,data:+znVO8cQxjDdhch7oUA
forgejo-mail: ENC[AES256_GCM,data:eZv9dM0a06wFJaDUZjo=,iv:L32ab5k/AX8HqSACJA5w+WbzLlBijA5++Gcr2SrnYIU=,tag:ddyTXikWTMnxq86IijgyYg==,type:str]
hedgedoc-session-secret: ENC[AES256_GCM,data:AYUiUF7R+5C3F5kNRL0R95e1l3Y59tIP388uY0IYCskBhR0H0XMVvyrX/gIM33Twwkc5it+fQtNPNXsbrAnoKQ==,iv:Q6pDEdFplp845/DCHutwni/g7Ch39pTCvfNs4Eh28CQ=,tag:aqVGs3iThmepT7iJusLOMA==,type:str]
mealie: ENC[AES256_GCM,data:4LlxJjDstTPZCD7Xyb+0CRkeDafP9a9oMuYDnXznINe+LrfkJGKwQIwP0B3VpeMmZ0Rwe7Tvje0ZWySFGADireb2r7TjDyASAoXJDyNNJ8byRc5Zt77zL2dp/W4xVt8WpQvwsXosjDv3NN6we831wWUrfNtp0g34YLqSU3F/9i7AaU7nVKnQ9QtJRVg5O57nhs/ZXopKOBUdiKAmxcl0hNNdQdaQX6xkDCWrV4432IOckqyqEQyd9KeCURuWeTUgPmTmnt9Cj8KkaQ39fd0LAGRjOBsKo4C4,iv:o5BPW4Wcg4KcFkJHc/mdrO4Rh+1nifxulYkF+iM3LEw=,tag:KXwDr3VHxjeHkyo23SPJgA==,type:str]
tandoor:
secret_key: ENC[AES256_GCM,data:8aVuOBljF+vnEXOzi0r2xUtUGlZM50MuBXK70XW78Q9jNq4ZuRciGabnYwFfknb2/tA=,iv:KN7DwcMH5NN5BgWFgO/V1dfSyiHfAM2wS86atYcBdlQ=,tag:wQA7QL8VqP5d4uBSNQLsnQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -19,8 +21,8 @@ sops:
elNwdVlJS2NCWUlXcEZvZWsvZ29FRnMK/qa6Qj1yQc91PWk9tMKSyFkMfYcHIKpQ
jcPmGWbpi2NPL/F0Xz2X/zQQxWzs9uzlS1VH+y8JRe1EPMYJ78NXZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-14T23:06:22Z"
mac: ENC[AES256_GCM,data:FSJSzA9xGKH9FBMWHPJwgbltkeRoumgpeFeftsgUWrMcc2O+sldNa/Gl1Pnmz5AwXNT5zRGv/zcnrt3lQMY+1vPrg3+DRrv5fn2OtHIZxN0cz+okqEoE40w7WLUZSyj9IESjlJKOL/nOdXf7EkXL64ZWDAZ6YKYe7JwD5oCGMOM=,iv:xKFdHYTqLCWtJFWIiZjtzJZpG1RZWPdeE1i6PQqYNsk=,tag:DfzN2iDjavGA/uEjLKZotw==,type:str]
lastmodified: "2025-04-17T23:26:44Z"
mac: ENC[AES256_GCM,data:Dl4/6wrIwOsCRK979O9lSKyi4LKAG0CfgTGS3RwNu23MvhhaBNru4P1gPWWu7/YC6ad63Ip/RuVB69A1kUmgrYimZcU6E3iPg7vsqskmTU0caMD54CHemj57EYS7r8tcloBEgkOvM6Vn/Bs1dV1/EKAv9Kr6r4x6xb3UOofDcwM=,iv:pzRSKp3EnUpgMdwLDKrExpEkm+uZbU6/pYkVLbcnjrY=,tag:Z6DIPVcNUa8QihV1lsmUMA==,type:str]
pgp:
- created_at: "2025-04-08T22:53:53Z"
enc: |-

1
hosts/magnesium/services/default.nix
View file

@ -7,6 +7,7 @@
./mealie.nix
./ntfy.nix
./public-ip-tunnel.nix
./tandoor.nix
./trilium.nix
./webserver.nix
];

37
hosts/magnesium/services/tandoor.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, ... }:
let
domain = "tandoor.jalr.de";
cfg = config.services.tandoor-recipes;
inherit (config.networking) ports;
in
{
sops.secrets."tandoor/secret_key" = {
sopsFile = ../secrets.yaml;
};
services.tandoor-recipes = {
enable = true;
port = ports.tandoor.tcp;
};
systemd.services.tandoor-recipes = {
serviceConfig = {
LoadCredential = [
"secret_key:${config.sops.secrets."tandoor/secret_key".path}"
];
Environment = [
"SECRET_KEY_FILE=%d/secret_key"
];
};
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
}