https://git.jolheiser.com/infra.git
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
{ pkgs, lib, ... }: let user = "pubserve"; path = "/var/lib/pubserve"; in { users.users.${user} = { group = user; home = path; createHome = true; isSystemUser = true; isNormalUser = false; }; users.groups.${user} = { }; systemd.services = let commonArgs = [ "-i '127.0.0.1'" "-H" "-D" "-F" "--hide-theme-selector" "--readme" path ]; in { pubserve = { description = "Miniserve Public File Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.miniserve}/bin/miniserve -t 'PubServe' -p 3454 ${lib.concatStringsSep " " commonArgs}"; Restart = "on-failure"; User = user; Group = user; }; }; privserve = { description = "Miniserve Public File Server (Admin)"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.miniserve}/bin/miniserve -u -U -o -t 'PrivServe' -p 3455 ${lib.concatStringsSep " " commonArgs}"; Restart = "on-failure"; User = user; Group = user; }; }; }; services.tailproxy = { pubserve = { enable = true; hostname = "pubserve"; funnel = true; port = 3454; authKey = "tskey-auth-kJrnknpMsL11CNTRL-ot1kkasErR2cLZZmfuKYR2b9za7fCzVR"; # One-time key }; privserve = { enable = true; hostname = "privserve"; port = 3455; authKey = "tskey-auth-kKFv865ykk11CNTRL-dfmxUREHP5evuuMsfPy55ehXECXrLF1N7"; # One-time key }; }; }