diff --git a/newinfra/nix/apps/upload-files/default.nix b/newinfra/nix/apps/upload-files/default.nix new file mode 100644 index 0000000..aa108b5 --- /dev/null +++ b/newinfra/nix/apps/upload-files/default.nix @@ -0,0 +1,19 @@ +{ upload-files, pkgs, lib, config, ... }: { + age.secrets.upload_files_s3_secret.file = ../../secrets/upload_files_s3_secret.age; + + systemd.services.upload-files = { + description = "upload.files.noratrieb.dev file uploader for files.noratrieb.dev"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment = { + UPLOAD_FILES_NORATRIEB_DEV_BUCKET = "files.noratrieb.dev"; + UPLOAD_FILES_NORATRIEB_DEV_ENDPOINT = "http://localhost:3900"; + UPLOAD_FILES_NORATRIEB_DEV_REGION = "garage"; + }; + serviceConfig = { + DynamicUser = true; + ExecStart = "${lib.getExe (upload-files {inherit pkgs;})}"; + EnvironmentFile = [ config.age.secrets.upload_files_s3_secret.path ]; + }; + }; +} diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 87357ef..6410db8 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -20,6 +20,7 @@ pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/${my-projects-versions.pretense}.tar.gz"); quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/${my-projects-versions.quotdd}.tar.gz"); does-it-build = import (fetchTarball "https://github.com/Noratrieb/does-it-build/archive/${my-projects-versions.does-it-build}.tar.gz"); + upload-files = import (fetchTarball "https://github.com/Noratrieb/upload.files.noratrieb.dev/archive/${my-projects-versions."upload.files.noratrieb.dev"}.tar.gz"); inherit my-projects-versions; @@ -183,6 +184,7 @@ ./apps/killua ./apps/forgejo ./apps/openolat + ./apps/upload-files ]; deployment.tags = [ "caddy" "eu" "apps" "website" ]; diff --git a/newinfra/nix/modules/caddy/vps1.Caddyfile b/newinfra/nix/modules/caddy/vps1.Caddyfile index 38e5607..5260a87 100644 --- a/newinfra/nix/modules/caddy/vps1.Caddyfile +++ b/newinfra/nix/modules/caddy/vps1.Caddyfile @@ -52,6 +52,12 @@ olat.noratrieb.dev:8088 { reverse_proxy * localhost:5011 } +upload.files.noratrieb.dev { + log + encode zstd gzip + reverse_proxy * localhost:3050 +} + ################################################################ # redirects diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix index c1e43c0..9a4da25 100644 --- a/newinfra/nix/modules/dns/noratrieb.dev.nix +++ b/newinfra/nix/modules/dns/noratrieb.dev.nix @@ -57,7 +57,11 @@ let # --- website stuff blog = vps1; www = vps1; - files = combine [ vps1 vps3 vps4 ]; + files = combine [ vps1 vps3 vps4 ] // { + subdomains = { + upload = vps1; + }; + }; # --- legacy crap old-docker = vps2; diff --git a/newinfra/nix/modules/garage/README.md b/newinfra/nix/modules/garage/README.md index f788a5f..c16f1d1 100644 --- a/newinfra/nix/modules/garage/README.md +++ b/newinfra/nix/modules/garage/README.md @@ -25,6 +25,8 @@ - key `backups` RW - `forgejo` - key `forgejo` RW +- `files.noratrieb.dev` + - key `upload-files` RW ## keys diff --git a/newinfra/nix/my-projects.json b/newinfra/nix/my-projects.json index b709b0a..1a72324 100644 --- a/newinfra/nix/my-projects.json +++ b/newinfra/nix/my-projects.json @@ -4,5 +4,6 @@ "slides": "0401f35c22b124b69447655f0c537badae9e223c", "pretense": "270b01fc1118dfd713c1c41530d1a7d98f04527d", "quotdd": "e922229e1d9e055be35dabd112bafc87a0686548", - "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1" + "does-it-build": "81790825173d87f89656f66f12a123bc99e2f6f1", + "upload.files.noratrieb.dev": "84ae7746fd554b18351d377aab8ea6739493d156" } diff --git a/newinfra/nix/secrets/backup_s3_secret.age b/newinfra/nix/secrets/backup_s3_secret.age index 9298136..6e4b2ae 100644 Binary files a/newinfra/nix/secrets/backup_s3_secret.age and b/newinfra/nix/secrets/backup_s3_secret.age differ diff --git a/newinfra/nix/secrets/caddy_s3_key_secret.age b/newinfra/nix/secrets/caddy_s3_key_secret.age index 6b75178..a0e5c46 100644 Binary files a/newinfra/nix/secrets/caddy_s3_key_secret.age and b/newinfra/nix/secrets/caddy_s3_key_secret.age differ diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age index bc89cad..3d42d33 100644 --- a/newinfra/nix/secrets/docker_registry_password.age +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -1,7 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg +BQUq++K4fbTXFQXdZwoVKaeRY75C96A1vnn5gUo5WY -jxUb+nX0t0OIhJxgdaOwTvviVnGoPlAKcmXIRW7FhEM ---- plPYamLI4c2gzNcPkNeEdh68k3i3STrazb5sTG7txUY - GAv°( -\9N -wJ`Y.x.lq 93 \ No newline at end of file +-> ssh-ed25519 qM6TYg QziuzHQxmWyRdv8dUPBWTgnMxFtqR6ttP16Z3XdvD3Y +Krxmha5J+gTU0DjzPDTDIwz1mW0Q84XR2FgQyPm4bf4 +--- t4Mea1Y35o5t2dhREnp8Zq1AyR4DAWMFW7Vv3CkgGKw +lTS+Ƴ6yrOn&c`ϰ :7V-tfpuwIw \ No newline at end of file diff --git a/newinfra/nix/secrets/forgejo_s3_key_secret.age b/newinfra/nix/secrets/forgejo_s3_key_secret.age index 93ae17a..6bfaa64 100644 Binary files a/newinfra/nix/secrets/forgejo_s3_key_secret.age and b/newinfra/nix/secrets/forgejo_s3_key_secret.age differ diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age index 25936cc..57eb61b 100644 --- a/newinfra/nix/secrets/garage_secrets.age +++ b/newinfra/nix/secrets/garage_secrets.age @@ -1,12 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg dSNo/WHtuVibuLghfNnznYw6+zsMJOWvi7LitHSn3AY -pfZti2of1OZVOgVR+wXZrhGggtZ2W3jyUADDWVxQHfs --> ssh-ed25519 XzACZQ d5+ZaKmyb1yTZJ0mvPYl6On9XaOp8Z59zNQXVtEj6F8 -+Ku4GwagVLPZHzOpkaFPZ1i5NoB9Z+Eyd0tuY28yS5Y --> ssh-ed25519 51bcvA PxNLpJLMnUrlyzKUairI6Y+f6BYn7N9e/OURoiHcWQk -FsXdpP0pM+Xvst93kHIG+KsDlwrRRks4jxl+Q487Msc --> ssh-ed25519 vT7ExA PE9zzE4bKcexXg6LuoQnUOJbvNlqQF//qm1fgB6sM0M -YSzgtZ+zGoTljLHrxeIY7MQV7xmLNDPFEeVrSq37QHA ---- VGV6MkGwLwYmCq73bDzIJaRRTESJ9a1fieP1AJNiAUs -j\_I9dUK F1^ouJo - P"ltֱv%anEZX2שS; J$~jcg\~5$ք* ]" ٠jS+qΗ@w編˚N1F@k$_a…;Z |XLKh0 6"<ّ \ No newline at end of file +-> ssh-ed25519 qM6TYg B17o68OCsoljQLd4yLx1gZbt9zsFhQE8/QJeZ3Gx+AI +ADxN8iqNN5ApzHMtIXMnMTN4qe/7ba+ZoqkpHDpq9dE +-> ssh-ed25519 XzACZQ Jp5WvbUVmfecvN95vM6+DQmJicVf4u94Vm0mYtBVODw +XAdVpk6bAwAU7OQxvedepr3g8HQo5sY5efy3lYhf1xA +-> ssh-ed25519 51bcvA DUkgjLS805iAsnaCl3B8BOP6cdKOJCx0aK23UEDmTyw +dUZhXJiYkCZvassxSg0Cgf9c+ta2Oc2PNhLdvHBP24M +-> ssh-ed25519 vT7ExA 0Z2/GFY2aqO2HJJet3CRSh3yxchGt7AYTzkl0D2aoEQ +GuMqW7tbsEl/SskgN1hPa0B/aWtet/+pHxmbwsTzPCM +--- vgf72fLRkTVRtJoxh+qfim9YYELE0W74L6ZVjpo+8vI +=&C#/nܤ29o[S+ uWʶ4f/hA#Os_RVEVAlT/VtJNU;nGQݣO{x[#PH9P:z +yX`]%>+~)`Vx۰i-F$xH)TMcZ \ No newline at end of file diff --git a/newinfra/nix/secrets/grafana_admin_password.age b/newinfra/nix/secrets/grafana_admin_password.age index 41f0ce1..aa33f26 100644 Binary files a/newinfra/nix/secrets/grafana_admin_password.age and b/newinfra/nix/secrets/grafana_admin_password.age differ diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age index 4107bb3..1c4ea95 100644 Binary files a/newinfra/nix/secrets/hugochat_db_password.age and b/newinfra/nix/secrets/hugochat_db_password.age differ diff --git a/newinfra/nix/secrets/killua_env.age b/newinfra/nix/secrets/killua_env.age index a687f62..54a0777 100644 Binary files a/newinfra/nix/secrets/killua_env.age and b/newinfra/nix/secrets/killua_env.age differ diff --git a/newinfra/nix/secrets/loki_env.age b/newinfra/nix/secrets/loki_env.age index 2906c38..f071802 100644 Binary files a/newinfra/nix/secrets/loki_env.age and b/newinfra/nix/secrets/loki_env.age differ diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 654e4c3..bf78046 100644 Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ diff --git a/newinfra/nix/secrets/openolat_db_password.age b/newinfra/nix/secrets/openolat_db_password.age index 3aad0a6..a9e307c 100644 Binary files a/newinfra/nix/secrets/openolat_db_password.age and b/newinfra/nix/secrets/openolat_db_password.age differ diff --git a/newinfra/nix/secrets/registry_htpasswd.age b/newinfra/nix/secrets/registry_htpasswd.age index 15f74b3..738862b 100644 Binary files a/newinfra/nix/secrets/registry_htpasswd.age and b/newinfra/nix/secrets/registry_htpasswd.age differ diff --git a/newinfra/nix/secrets/registry_s3_key_secret.age b/newinfra/nix/secrets/registry_s3_key_secret.age index 91288e1..3b6cb41 100644 Binary files a/newinfra/nix/secrets/registry_s3_key_secret.age and b/newinfra/nix/secrets/registry_s3_key_secret.age differ diff --git a/newinfra/nix/secrets/s3_mc_admin_client.age b/newinfra/nix/secrets/s3_mc_admin_client.age index f8b93d8..719f1ed 100644 Binary files a/newinfra/nix/secrets/s3_mc_admin_client.age and b/newinfra/nix/secrets/s3_mc_admin_client.age differ diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix index dbc1da9..1d3b484 100644 --- a/newinfra/nix/secrets/secrets.nix +++ b/newinfra/nix/secrets/secrets.nix @@ -23,6 +23,7 @@ in "s3_mc_admin_client.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "killua_env.age".publicKeys = [ vps1 ]; "forgejo_s3_key_secret.age".publicKeys = [ vps1 ]; + "upload_files_s3_secret.age".publicKeys = [ vps1 ]; "wg_private_dns1.age".publicKeys = [ dns1 ]; "wg_private_dns2.age".publicKeys = [ dns2 ]; "wg_private_vps1.age".publicKeys = [ vps1 ]; diff --git a/newinfra/nix/secrets/upload_files_s3_secret.age b/newinfra/nix/secrets/upload_files_s3_secret.age new file mode 100644 index 0000000..a556152 Binary files /dev/null and b/newinfra/nix/secrets/upload_files_s3_secret.age differ diff --git a/newinfra/nix/secrets/wg_private_dns1.age b/newinfra/nix/secrets/wg_private_dns1.age index 39f0f71..0f4a0d0 100644 Binary files a/newinfra/nix/secrets/wg_private_dns1.age and b/newinfra/nix/secrets/wg_private_dns1.age differ diff --git a/newinfra/nix/secrets/wg_private_dns2.age b/newinfra/nix/secrets/wg_private_dns2.age index 3657409..8495f12 100644 Binary files a/newinfra/nix/secrets/wg_private_dns2.age and b/newinfra/nix/secrets/wg_private_dns2.age differ diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age index 3e7321e..c4e3f87 100644 --- a/newinfra/nix/secrets/wg_private_vps1.age +++ b/newinfra/nix/secrets/wg_private_vps1.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg vC8XBZQGff/q/SEsiIb+pyhfE/2MCWbo1m+suXpzyhY -r2R02FSzrpiPyoAeiPqWNdXc0Jqd6v2rv4hxo89LqD8 ---- NBCfTZYGNmAHQOABVhlcsgbJmKpmeUM15FdKLQjVazw -,t} | &-^uU6Z_&ue[w _벢 -^\(gPy-j;D \ No newline at end of file +-> ssh-ed25519 qM6TYg 4aRY2+KMkGoSJtRfdkTRwIj6bYGSQJvJjq669297MHE +Kjf7jo93e4oMRKmN5u3Xa3CUpIp9bZPoUAGqjdgOulw +--- wapYiQbpT4gfZyI5cMnB4O+LdM9PvsUxM7nTv954nNg +eVn?]Ł3!l0ر<[o[?B'W( \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age index ddb65ce..0e7dec1 100644 --- a/newinfra/nix/secrets/wg_private_vps3.age +++ b/newinfra/nix/secrets/wg_private_vps3.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 XzACZQ FnGfRDdT9kQXeYzv7yzwI+1fVXmeseC6YVCCzeoeLCQ -HydL6WRBzLmqAKNmf0kzBmZiFRQ8KM3dHEdx2676Nx0 ---- E7+8BYiNPPm3fI6FiEii2txlbsesfSXuE2Nxvb7Zlx4 -m5q~>R-e~+$T5PrnH:$4jkB$CqRuMmF`A4e \ No newline at end of file +-> ssh-ed25519 XzACZQ J67LUjHa64q/z1K8zZpx1rsnoQ94NzhkeXEpfNr4ZVQ +dy5Tre9IicxhLBHoqvQAZepG7bNg2dEXFT5iPRcWOcA +--- 9dJKhJeue6VNi0Sw05BX/t8jsxXyRIKz0K3/sy0kT7w +h9isM =TnwW)㲛\<2*%_ܳgLN5cD5@ͻ \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age index 15bf0d4..414c14b 100644 --- a/newinfra/nix/secrets/wg_private_vps4.age +++ b/newinfra/nix/secrets/wg_private_vps4.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 51bcvA IVcXj0PQpO6Rj7ovi4GgoQF77sRDdumHNavSVdQXcHI -O7j/05HqbjLvIYh9cT/iT8p6GMDn14vDOqU3Jh6tUIc ---- wt0viOUTFWu9ze3CcQ4i1xMrb+RLTOg2hcVsDwbzMzA -i-_rˣ*=@|D3e%nȭY'Rh3V%-=W; icS \ No newline at end of file +-> ssh-ed25519 51bcvA P7ouUh98Mfi9Jsu6MDWaWH0NB2alXRIK8hxBIs0Nylg +tUZ1sWLlvPizsSWhK3fnVVhr4C9Ign5rwowxePGXFII +--- PHPizXT8GPP9mIFg1paqqc8w3qsX63XpLkeT0APybik +B?*8-nLsj< k*.@6KUg '8 #h.l~S3%!VYKlR ؘo \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age index b38a13d..f677cad 100644 --- a/newinfra/nix/secrets/wg_private_vps5.age +++ b/newinfra/nix/secrets/wg_private_vps5.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 vT7ExA kxCR8CbPH5GgSS/ENXQ81zPQ+n041l7yV6zzQv1smwk -mhn18RlBXbpMfZAHrUam5ktlV5Z28UIg8Ufk4H/tfSA ---- WXmrUK2YnQQqZQgoW219LEVgBoHa+N3NqO4cqsF9Pr8 ->0:h`;D + -쎽*TYD 9/9:LwQNCx'QHdcMϣ8 \ No newline at end of file +-> ssh-ed25519 vT7ExA 9+j3VYkFAW1obbLc31nv+45SyPMqH1zZPkI+PU4lVH8 +G9QkkyTNH499EWhjiXCyXt7HgHlzJTZsaLiR+yOF18E +--- vq7bT3yTioJ1UsD7hSu5jyYKhOE6UMIMsosu4f5pK1w +QV#(7EY\Z?G٫_C I gNiVe]tx@w+ \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index a114651..105c8e5 100644 Binary files a/newinfra/nix/secrets/widetom_bot_token.age and b/newinfra/nix/secrets/widetom_bot_token.age differ diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age index 27f4f5d..13998d2 100644 Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ diff --git a/newinfra/secrets-git-crypt/upload_files_s3_secret b/newinfra/secrets-git-crypt/upload_files_s3_secret new file mode 100644 index 0000000..cd16464 Binary files /dev/null and b/newinfra/secrets-git-crypt/upload_files_s3_secret differ