From 9877335f4b35b465fcbb00de1dc882f57ce01e97 Mon Sep 17 00:00:00 2001 From: cy Date: Thu, 13 Feb 2025 21:49:52 -0500 Subject: [PATCH] add zipline --- .sops.yaml | 5 +++++ hosts/chunk/default.nix | 4 ++++ modules/default.nix | 1 + modules/zipline.nix | 38 +++++++++++++++++++++++++++++++++++ secrets/services/zipline.yaml | 31 ++++++++++++++++++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 modules/zipline.nix create mode 100644 secrets/services/zipline.yaml diff --git a/.sops.yaml b/.sops.yaml index 0fd042a..96b61cd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -113,3 +113,8 @@ creation_rules: - age: - *yt - *cy + - path_regex: secrets/services/zipline.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9577771..aeb7906 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -72,6 +72,9 @@ "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; + "zipline/env" = { + sopsFile = ../../secrets/services/zipline.yaml; + }; }; boot = { @@ -207,4 +210,5 @@ environment.enableAllTerminfo = true; my.roundcube.enable = true; + my.zipline.enable = true; } diff --git a/modules/default.nix b/modules/default.nix index 810c2f4..96ea519 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,5 +4,6 @@ ./backup.nix ./caddy.nix ./roundcube.nix + ./zipline.nix ]; } diff --git a/modules/zipline.nix b/modules/zipline.nix new file mode 100644 index 0000000..9647525 --- /dev/null +++ b/modules/zipline.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.zipline; +in +{ + options.my.zipline = { + enable = lib.mkEnableOption "zipline"; + }; + + config = lib.mkIf cfg.enable { + services.zipline = { + enable = true; + settings = { + CORE_PORT = 3001; + DATASOURCE_TYPE = "s3"; + DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + DATASOURCE_S3_BUCKET = "cything"; + DATASOURCE_S3_REGION = "us-east-1"; + DATASOURCE_S3_USE_SSL = "true"; + DATASOURCE_S3_FORCE_S3_PATH = "false"; + FEATURES_THUMBNAILS = "true"; + EXIF_REMOVE_GPS = "true"; + CHUNKS_CHUNKS_SIZE = "50mb"; + CHUNKS_MAX_SIZE = "95mb"; + }; + environmentFiles = [ config.sops.secrets."zipline/env".path ]; + }; + + services.caddy.virtualHosts."host.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:3001 + ''; + }; +} diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml new file mode 100644 index 0000000..21844ab --- /dev/null +++ b/secrets/services/zipline.yaml @@ -0,0 +1,31 @@ +zipline: + env: ENC[AES256_GCM,data:0mWks20tBUtBVhJIqEyW5jm5cIgDPcyYS/Sl1ulCltandGHFOa+A7aP/VbvVp+7FO5VhtC3CtLt3Jtcr8/dEnJoMFWsrliZ0ZcR/Xm3TtJ4yfhmVbuK9lyUrgPP0RahQzFrQZo0ZCOug/f8suySm3mCnMz377L+Gu0+MMZPebVP724k2Xj5zpSyF288cnOG2QDNAo0DCrrFep31a7n8XbOduOupop5PRLax+8lFKRYgZbRSPaaFToFCoSxU8Y+W3tkB+mtwIsOtIeQigAVYEJ/O1kw==,iv:4n7s52m63gQ3fX+eW2jGWC8NXhPuq3nNSmmYYZxqqXg=,tag:FiYn7L7L4O0+nHI4n43Jqw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx + YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu + SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY + UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b + AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF + TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH + bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx + WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW + AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-14T01:48:13Z" + mac: ENC[AES256_GCM,data:kz+8dAnj4cDb/XOU3s1MvSk8W3vRI8vXm7hVVine+Lm4hQg9opZ4Z2w0J4zmLlb23NcRoB06E5bGj2+CmacgptBbz6MlEqw8G8VhR+9oKXZV1fwFHa9YZI9Vxj3tLZC68NrM6FORLD/BLK7geDn5oB1Mfl3zX/AkuixxOJSTXKA=,iv:xEsPexTskougBBFh/9dAW45QKdBGD08g162Tyqnz9LI=,tag:AYqVBq7OajFA1LaOI5MP4w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4