Home

infra @main - refs - log -
-
https://git.jolheiser.com/infra.git
dragonwell flake
infra / dragonwell / pubserve.nix
- raw
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{ pkgs, lib, ... }:
let
  user = "pubserve";
  path = "/var/lib/pubserve";
in
{
  users.users.${user} = {
    group = user;
    home = path;
    createHome = true;
    isSystemUser = true;
    isNormalUser = false;

  };
  users.groups.${user} = { };

  systemd.services =
    let
      commonArgs = [
        "-i '127.0.0.1'"
        "-H"
        "-D"
        "-F"
        "--hide-theme-selector"
        "--readme"
        path
      ];
    in
    {
      pubserve = {
        description = "Miniserve Public File Server";
        after = [ "network.target" ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.miniserve}/bin/miniserve -t 'PubServe' -p 3454 ${lib.concatStringsSep " " commonArgs}";
          Restart = "on-failure";
          User = user;
          Group = user;
        };
      };
      privserve = {
        description = "Miniserve Public File Server (Admin)";
        after = [ "network.target" ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${pkgs.miniserve}/bin/miniserve -u -U -o -t 'PrivServe' -p 3455 ${lib.concatStringsSep " " commonArgs}";
          Restart = "on-failure";
          User = user;
          Group = user;
        };
      };
    };
  services.tailproxy = {
    pubserve = {
      enable = true;
      hostname = "pubserve";
      funnel = true;
      port = 3454;
      authKey = "tskey-auth-kJrnknpMsL11CNTRL-ot1kkasErR2cLZZmfuKYR2b9za7fCzVR"; # One-time key
    };
    privserve = {
      enable = true;
      hostname = "privserve";
      port = 3455;
      authKey = "tskey-auth-kKFv865ykk11CNTRL-dfmxUREHP5evuuMsfPy55ehXECXrLF1N7"; # One-time key
    };
  };
}