Please work

2023-06-25 12:15:18 +02:00 · 2023-06-25 12:15:18 +02:00 · d7e82621c8
commit d7e82621c8
parent 5315feb612
16 changed files with 179 additions and 42 deletions
--- a/modules/hercules-ci/default.nix
+++ b/modules/hercules-ci/default.nix
@ -12,4 +12,25 @@
      # secretsJsonPath = config.hercules-ci-secrets.path;
    };
  };
+
+  # Popola /var/lib/hercules-ci-agent/.ssh/ e /root/ con chiavi in grado di accedere root@cache.aciceri.dev
+
+  # systemd.tmpfiles.rules = [
+  #   "d ${config.users.users.root.home}/.aws 770 root root"
+  #   "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent"
+  # ];
+
+  # system.activationScripts.aws-credentials = ''
+  #   install ${config.age.secrets.aws-credentials.path} \
+  #     ${config.users.users.hercules-ci-agent.home}/.aws/credentials \
+  #     -D \
+  #     --owner=hercules-ci-agent \
+  #     --group=hercules-ci-agent \
+  #     --mode=770
+
+  #   install \
+  #     ${config.age.secrets.aws-credentials.path} \
+  #     -D \
+  #     ${config.users.users.root.home}/.aws/credentials
+  # '';
 }
--- a/modules/minio/default.nix
+++ b/modules/minio/default.nix
@ -0,0 +1,17 @@
+{config, ...}: {
+  imports = [../nginx-base];
+
+  services.minio = {
+    enable = true;
+    rootCredentialsFile = config.age.secrets.minio-credentials.path;
+    region = "eu-central-1";
+  };
+
+  services.nginx.virtualHosts."cache.aciceri.dev" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:9000";
+    };
+  };
+}
--- a/modules/nix-serve/default.nix
+++ b/modules/nix-serve/default.nix
@ -16,7 +16,7 @@ in {
    services.nix-serve = {
      enable = true;
      secretKeyFile = config.age.secrets.cache-private-key.path;
-      # Public key: cache.aciceri.dev:4e9sFjWPUOjGwTJE98PXinJJZLwPz0m5nKsAe63MY3E=
+      # Public key: cache.aciceri.dev-1:aNP6f+rRTuDHi/45L1VBzlGchuj54/mI2N/22qTWgzE=
    };
    services.nginx.virtualHosts."${cfg.domain}" = {
      forceSSL = true;
--- a/modules/proxy/default.nix
+++ b/modules/proxy/default.nix
@ -0,0 +1,19 @@
+{
+  imports = [../nginx-base];
+  services.nginx.virtualHosts = {
+    "bubbleupnp.mothership.aciceri.dev" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://rock5b.fleet:58050";
+      };
+    };
+    "transmission.mothership.aciceri.dev" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://rock5b.fleet:9091";
+      };
+    };
+  };
+}
--- a/modules/transmission/default.nix
+++ b/modules/transmission/default.nix
@ -12,6 +12,11 @@
      rpc-whitelist-enabled = false;
      rpc-host-whitelist-enabled = false;

+      rpc-authentication-required = true;
+      rpc-username = "andrea";
+      # Generated with https://github.com/tomwijnroks/transmission-pwgen
+      rpc-password = "{9d03dda3243ebddfa44b0bebe099f611941e2fc31/0vvwdP";
+
      upload-slots-per-torrent = 1000;

      alt-speed-up = 1000; # 1MB/s