From e2f4de4538587dc46ce2d79edfb1efe7f89532aa Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 8 May 2025 13:08:22 +0200 Subject: [PATCH] feat(etna): add zipline --- secrets/etna/ziplineEnv.age | 14 ++++++++++++++ secrets/secrets.nix | 1 + systems/etna/default.nix | 1 + systems/etna/zipline.nix | 32 ++++++++++++++++++++++++++++++++ systems/vesuvio/nginx.nix | 14 ++++++++++++++ 5 files changed, 62 insertions(+) create mode 100644 secrets/etna/ziplineEnv.age create mode 100644 systems/etna/zipline.nix diff --git a/secrets/etna/ziplineEnv.age b/secrets/etna/ziplineEnv.age new file mode 100644 index 0000000..26bb2c2 --- /dev/null +++ b/secrets/etna/ziplineEnv.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWndERU42a1JlVFFpZEJR +d09Jd0RMK3kwd3hDUDZKYjhtSnpyaHd2VUdVCnQzWFF5Q25BSjlWdm5ZNy9idm5x +U2xtRlYxKzRDYnN4QitUcTQ5ZXhZbmsKLT4gWDI1NTE5IHNQM0lrQUNLamF2RUlE +UFNSN2RyckViRTRqbGpwTGwwMXdkYjhxUHhrd1kKbktsMExhUlNWUE1EUWRyUnVw +NmhjL1JOWElGbURoSUh5Z2RnRmNpK0xmbwotPiBYMjU1MTkgZ1VVVTlJM1lUMGdk +WUkvQTlDOTNuU0ZMS3lMaUdReVVoNlcwS1ZGL0tVOApRd2ZDR0UxRmFIZVRGUk5Q +MDZRT1E0ZFRZN1lWenN5bVgyb1F2RWlWZ21JCi0+IFgyNTUxOSAwYTdQTTNiRnhi +eGdqOTBsMzVjTGRaMnZrSlpKSnh6SUZERFZQTGNMVkFnClNZejhKS3l4SVRmTUVB +TCt5eGFveUxQNjFMTWhRZ0xsUnpVVVBSd21GZTAKLS0tIGtjUlhtN29TNldaVHRO +U2dGeWNPRk1GTVhaZDQ5YkpJcVlKU25ONzMvK1UK/fnAIrL0/ZSsCR5A2wcukmnD +7/7j83j/lgV64f0ZV4z/W6c8IvaXFZe+J1N0NNV49b/LhHbskuKj1YVRchsSS+Tz +aZkjeTBeFi9IvMzhDWVFy8d0G9xc2w7fDEzDavFvYwWRXBdra2lKpp6r6Q== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 10c2df9..6dee400 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,6 +43,7 @@ in "etna/cobaltTokens.age".publicKeys = main ++ [ etna ]; "etna/slskdEnv.age".publicKeys = main ++ [ etna ]; "etna/reposiliteDbPass.age".publicKeys = main ++ [ etna ]; + "etna/ziplineEnv.age".publicKeys = main ++ [ etna ]; "vesuvio/gatusEnv.age".publicKeys = main ++ [ vesuvio ]; "vesuvio/maddyEnv.age".publicKeys = main ++ [ vesuvio ]; diff --git a/systems/etna/default.nix b/systems/etna/default.nix index 31caf7a..823204f 100644 --- a/systems/etna/default.nix +++ b/systems/etna/default.nix @@ -68,6 +68,7 @@ in ./uku.nix ./ups.nix ./vaultwarden.nix + ./zipline.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/systems/etna/zipline.nix b/systems/etna/zipline.nix new file mode 100644 index 0000000..02a9cc3 --- /dev/null +++ b/systems/etna/zipline.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + _utils, + ... +}: +let + envFile = _utils.setupSingleSecret config "ziplineEnv" { }; +in +{ + imports = [ envFile.generate ]; + + services.zipline = { + enable = true; + database.createLocally = true; + environmentFiles = [ envFile.path ]; + + settings = { + CORE_HOSTNAME = "0.0.0.0"; + CORE_PORT = 3001; + DATASOURCE_TYPE = "local"; + DATASOURCE_LOCAL_DIRECTORY = "/data/zipline"; + FFMPEG_PATH = lib.getExe pkgs.ffmpeg; + }; + }; + + systemd.services.zipline.serviceConfig = { + ReadWritePaths = [ "/data/zipline" ]; + ProtectProc = lib.mkForce "default"; + }; +} diff --git a/systems/vesuvio/nginx.nix b/systems/vesuvio/nginx.nix index 4228c10..e8c40b2 100644 --- a/systems/vesuvio/nginx.nix +++ b/systems/vesuvio/nginx.nix @@ -34,5 +34,19 @@ recommendedProxySettings = true; }; }; + + "zipline.uku3lig.net" = { + serverAliases = [ "v.uku.moe" ]; + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:3001"; + recommendedProxySettings = true; + }; + + extraConfig = '' + client_max_body_size 1000M; + ''; + }; }; }