From 9877335f4b35b465fcbb00de1dc882f57ce01e97 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 13 Feb 2025 21:49:52 -0500
Subject: [PATCH] add zipline

---
 .sops.yaml                    |  5 +++++
 hosts/chunk/default.nix       |  4 ++++
 modules/default.nix           |  1 +
 modules/zipline.nix           | 38 +++++++++++++++++++++++++++++++++++
 secrets/services/zipline.yaml | 31 ++++++++++++++++++++++++++++
 5 files changed, 79 insertions(+)
 create mode 100644 modules/zipline.nix
 create mode 100644 secrets/services/zipline.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 0fd042a..96b61cd 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -113,3 +113,8 @@ creation_rules:
       - age:
           - *yt
           - *cy
+  - path_regex: secrets/services/zipline.yaml
+    key_groups:
+      - age:
+          - *chunk
+          - *cy
diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix
index 9577771..aeb7906 100644
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@@ -72,6 +72,9 @@
     "tailscale/auth" = {
       sopsFile = ../../secrets/services/tailscale.yaml;
     };
+    "zipline/env" = {
+      sopsFile = ../../secrets/services/zipline.yaml;
+    };
   };
 
   boot = {
@@ -207,4 +210,5 @@
   environment.enableAllTerminfo = true;
 
   my.roundcube.enable = true;
+  my.zipline.enable = true;
 }
diff --git a/modules/default.nix b/modules/default.nix
index 810c2f4..96ea519 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -4,5 +4,6 @@
     ./backup.nix
     ./caddy.nix
     ./roundcube.nix
+    ./zipline.nix
   ];
 }
diff --git a/modules/zipline.nix b/modules/zipline.nix
new file mode 100644
index 0000000..9647525
--- /dev/null
+++ b/modules/zipline.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.my.zipline;
+in
+{
+  options.my.zipline = {
+    enable = lib.mkEnableOption "zipline";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.zipline = {
+      enable = true;
+      settings = {
+        CORE_PORT = 3001;
+        DATASOURCE_TYPE = "s3";
+        DATASOURCE_S3_ENDPOINT = "e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
+        DATASOURCE_S3_BUCKET = "cything";
+        DATASOURCE_S3_REGION = "us-east-1";
+        DATASOURCE_S3_USE_SSL = "true";
+        DATASOURCE_S3_FORCE_S3_PATH = "false";
+        FEATURES_THUMBNAILS = "true";
+        EXIF_REMOVE_GPS = "true";
+        CHUNKS_CHUNKS_SIZE = "50mb";
+        CHUNKS_MAX_SIZE = "95mb";
+      };
+      environmentFiles = [ config.sops.secrets."zipline/env".path ];
+    };
+
+    services.caddy.virtualHosts."host.cy7.sh".extraConfig = ''
+      import common
+      reverse_proxy 127.0.0.1:3001
+    '';
+  };
+}
diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml
new file mode 100644
index 0000000..21844ab
--- /dev/null
+++ b/secrets/services/zipline.yaml
@@ -0,0 +1,31 @@
+zipline:
+    env: ENC[AES256_GCM,data:0mWks20tBUtBVhJIqEyW5jm5cIgDPcyYS/Sl1ulCltandGHFOa+A7aP/VbvVp+7FO5VhtC3CtLt3Jtcr8/dEnJoMFWsrliZ0ZcR/Xm3TtJ4yfhmVbuK9lyUrgPP0RahQzFrQZo0ZCOug/f8suySm3mCnMz377L+Gu0+MMZPebVP724k2Xj5zpSyF288cnOG2QDNAo0DCrrFep31a7n8XbOduOupop5PRLax+8lFKRYgZbRSPaaFToFCoSxU8Y+W3tkB+mtwIsOtIeQigAVYEJ/O1kw==,iv:4n7s52m63gQ3fX+eW2jGWC8NXhPuq3nNSmmYYZxqqXg=,tag:FiYn7L7L4O0+nHI4n43Jqw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx
+            YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu
+            SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY
+            UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b
+            AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF
+            TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH
+            bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx
+            WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW
+            AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-14T01:48:13Z"
+    mac: ENC[AES256_GCM,data:kz+8dAnj4cDb/XOU3s1MvSk8W3vRI8vXm7hVVine+Lm4hQg9opZ4Z2w0J4zmLlb23NcRoB06E5bGj2+CmacgptBbz6MlEqw8G8VhR+9oKXZV1fwFHa9YZI9Vxj3tLZC68NrM6FORLD/BLK7geDn5oB1Mfl3zX/AkuixxOJSTXKA=,iv:xEsPexTskougBBFh/9dAW45QKdBGD08g162Tyqnz9LI=,tag:AYqVBq7OajFA1LaOI5MP4w==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4