noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

minio for static-sites

Browse source
This commit is contained in:
41666 2025-05-13 20:40:49 -07:00
parent 7bf303b3e1
commit 3eeff16012
7 changed files with 150 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

77
flake.lock generated
View file

@ -39,11 +39,11 @@
},
"crane_2": {
"locked": {
"lastModified": 1737689766,
"narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
"lastModified": 1746291859,
"narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=",
"owner": "ipetkov",
"repo": "crane",
"rev": "6fe74265bbb6d016d663b1091f015e2976c4a527",
"rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5",
"type": "github"
},
"original": {
@ -331,11 +331,11 @@
]
},
"locked": {
"lastModified": 1746287478,
"narHash": "sha256-z3HiHR2CNAdwyZTWPM2kkzhE1gD1G6ExPxkaiQfNh7s=",
"lastModified": 1747184352,
"narHash": "sha256-GBZulv50wztp5cgc405t1uOkxQYhSkMqeKLI+iSrlpk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "75268f62525920c4936404a056f37b91e299c97e",
"rev": "7c1cefb98369cc85440642fdccc1c1394ca6dd2c",
"type": "github"
},
"original": {
@ -397,11 +397,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1740256865,
"narHash": "sha256-KhcnH5vgn9QMXeiYmpk1jtqr3hEAOuLoRuLmhVvr5FA=",
"lastModified": 1746820998,
"narHash": "sha256-lLccmUibSUDF6omWoOx8eAtRee2WV3jiY75rIPfmqgM=",
"owner": "4jx",
"repo": "l5p-keyboard-rgb",
"rev": "2fd9dba693f9bed89fb07c672dd6c522e6cf4301",
"rev": "01e3ac051ee83f41e9b435f29217319cccb30f21",
"type": "github"
},
"original": {
@ -523,11 +523,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1745955289,
"narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=",
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"type": "github"
},
"original": {
@ -642,11 +642,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1746307609,
"narHash": "sha256-KyXS1SBYHC3rOuU+03n7FsK29dyYutDDhGGm+PclhuU=",
"lastModified": 1747187148,
"narHash": "sha256-xE8/ML8PrY2qO0NlMmI94BdjIZ4gTgyq6cKmwbLvBnE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b440606b4212f01eac9d24e5fbb9ab0b281b5548",
"rev": "e481f916e39560b6d9327037f8001bf43e3f336f",
"type": "github"
},
"original": {
@ -658,11 +658,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1746183838,
"narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=",
"lastModified": 1746957726,
"narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bf3287dac860542719fe7554e21e686108716879",
"rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
"type": "github"
},
"original": {
@ -674,11 +674,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1746232882,
"narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=",
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {
@ -706,18 +706,15 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1737717945,
"narHash": "sha256-ET91TMkab3PmOZnqiJQYOtSGvSTvGeHoegAv4zcTefM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ecd26a469ac56357fd333946a99086e992452b6a",
"type": "github"
"lastModified": 1743583204,
"narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=",
"path": "/nix/store/fwhfa9pbx8vdi8nd5pcys665baz6xdxf-source",
"rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434",
"type": "path"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_4": {
@ -754,11 +751,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1746232882,
"narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=",
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {
@ -928,11 +925,11 @@
]
},
"locked": {
"lastModified": 1737771740,
"narHash": "sha256-lWIdF4qke63TdCHnJ0QaUHfG8YvsDrBqzL4jiHYQd+Y=",
"lastModified": 1746758179,
"narHash": "sha256-JECUw1YBEsTsVauvupRzE5ykZaJoyhHCpoY87ZZJGas=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "cfaaa1dddd280af09aca84af84612fbccd986ae2",
"rev": "4fd00513eac6b6140c5dced3e1b8133e2369a0f8",
"type": "github"
},
"original": {
@ -967,11 +964,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1745310711,
"narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
"lastModified": 1746485181,
"narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
"rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -89,12 +89,10 @@
nixConfig = {
extra-substituters = [
"https://nix-community.cachix.org"
"https://0uptime.cachix.org"
];
extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
];
};

22
nixos/hosts/ingress-proxy/default.nix
View file

@ -17,8 +17,12 @@ in rec {
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
services.nginx = {
package = pkgs.tengine;
services.nginx = let
commonExtra = ''
add_header Alt-Svc 'h3=":443"; ma=86400' always;
'';
in {
package = pkgs.nginxQuic.override { withSlice = true; };
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
@ -60,6 +64,10 @@ in rec {
inactive = "720m";
};
commonHttpConfig = ''
ssl_early_data on;
'';
virtualHosts = let
defaultConfig = {
listen = [
@ -70,8 +78,10 @@ in rec {
];
http2 = true;
http3 = true;
quic = true;
forceSSL = lib.mkDefault true;
enableACME = true;
extraConfig = commonExtra;
};
internalConfig = {
@ -105,7 +115,7 @@ in rec {
} // defaultConfig;
in rec {
"mekanoe.com" = staticSite;
"noe.sh" = staticSite // { forceSSL = false; };
"noe.sh" = staticSite;
"foxxolay.com" = staticSite;
"kitsu.love" = staticSite;
"doll.repair" = staticSite;
@ -131,6 +141,7 @@ in rec {
proxyWebsockets = true;
};
extraConfig = ''
${commonExtra}
allow 127.0.0.1;
allow 10.0.0.0/8;
allow 100.64.0.0/10;
@ -150,6 +161,7 @@ in rec {
proxyPass = "https://censusdbg";
};
extraConfig = ''
${commonExtra}
allow 127.0.0.1;
allow 100.64.0.0/10;
allow 10.0.0.0/8;
@ -207,7 +219,9 @@ in rec {
"kat.cafe" = {
serverAliases = ["dripping.blood.pet"];
locations."/" = {
extraConfig = "return 302 https://noe.sh;";
extraConfig = ''
return 302 https://bad.horse;
'';
};
locations."/s" = {
recommendedProxySettings = true;

28
nixos/hosts/static-sites/default.nix
View file

@ -7,6 +7,7 @@ in rec {
../../features/dns-cache.nix
../../features/nginx.nix
../../features/telemetry/nginx.nix
./minio.nix
];
networking.hostName = "static-sites";
@ -41,6 +42,31 @@ in rec {
'';
};
} // defaultConfig;
minio = bucket: {
locations."/" = {
proxyPass = "http://127.0.0.1:9000/${bucket}/";
recommendedProxySettings = true;
extraConfig = ''
proxy_intercept_errors on;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-bucket-region;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-meta-s3cmd-attrs;
proxy_hide_header x-ratelimit-limit;
proxy_hide_header x-ratelimit-remaining;
proxy_hide_header x-minio-deployment-id;
proxy_hide_header strict-transport-security;
proxy_hide_header x-firefox-spdy;
proxy_hide_header x-xss-protection;
proxy_hide_header x-content-type-options;
proxy_hide_header vary;
rewrite ^/$ /${bucket}/index.html break;
rewrite (.*)/$ /$1/index.html;
rewrite ^([^.]*[^/])$ /$1/ permanent;
'';
};
} // defaultConfig;
in rec {
"noe.sh" = static { src = flakePackage "noe-sh"; aliases = [ "mekanoe.com" ]; } // {
locations."=/" = {
@ -53,7 +79,7 @@ in rec {
};
# "3d.noe.sh" = static { src = flakePackage "3d-noe-sh"; aliases = [ "art.mekanoe.com" ]; };
"doll.repair" = static { src = flakePackage "doll-repair"; };
"doll.repair" = minio "doll.repair";
"blood.pet" = static { src = flakePackage "blood-pet"; };
"foxxolay.com" = static {

20
nixos/hosts/static-sites/minio.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, ... }: {
sops.secrets.minio_root_user = {
sopsFile = ../../../secrets/static-sites/default.yaml;
};
sops.secrets.minio_root_pass = {
sopsFile = ../../../secrets/static-sites/default.yaml;
};
sops.templates."minio-root-credentials" = {
content = ''
MINIO_ROOT_USER=${config.sops.placeholder.minio_root_user}
MINIO_ROOT_PASSWORD=${config.sops.placeholder.minio_root_pass}'';
};
services.minio = {
enable = true;
rootCredentialsFile = config.sops.templates."minio-root-credentials".path;
};
}

4
pkgs/mspaint/default.nix
View file

@ -19,4 +19,8 @@ in pkgs.stdenvNoCC.mkDerivation {
];
desktopItems = [ desktopItem ];
installPhase = ''
'';
}

44
secrets/static-sites/default.yaml Normal file
View file

@ -0,0 +1,44 @@
minio_root_user: ENC[AES256_GCM,data:9ift+w==,iv:D25le5OO38mHNwakYl8qMaP/fIEFIeO8m2EFpqiiqAs=,tag:OL8bB5HClPibUtq0XqpMxQ==,type:str]
minio_root_pass: ENC[AES256_GCM,data:Z0n2A7b+4JImsI8EikZR6hOf28Mae39lTRa6S/OiD4Bx/fcg7ecQ5g==,iv:K21e8oZ6ics9YUjSAqgTi0jp+58LVf3evUsLvYyanSk=,tag:NOmfZeThbDqAolLCoBR9mQ==,type:str]
sops:
age:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Z1I0MTRuRTVPaldwYXpE
dS9aTkVJai9iZG8zeFo2cHY1aGt0WkpYUjBvCk9BQzZtWTBSQkxNRTc4U0lUb1dN
ZlNOYnFSc2Mwc0FYRnoyWWhrOFQ5UkEKLS0tIG55dnduN08vSnY1WStrSWprU1lK
bUhnak1RZ2NEYTRlNGJQNU91dlpKUXcKPA1NHA75xRWllcbFLhogJS8V4ddwvGW5
FGXVBKZMTWFg7scpWOE6OVlMHFK2+5kCoB+kLuAqXS1aVq0okS9EbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkMG5RZUxySWZSdmZua0Ur
ZnJWSkJsUmdqY1laamdaWm14Q2J5dUxxNWdzCno4NDlEaWxwVE52Y2ptRDJlNTNt
TTdCMWJJL2JkYUFRVWY2OGpDTkdoSk0KLS0tIHcwYitYSThCcjhjaXVNV3Zzak03
YklSZm5XZ3BCSkNNWnErN0MwZEU1NlkK2jADPIG8/KkvOQ9bwi7EMVN77Wm8K4Lb
1v2jYHPIsb7Ab0dInJcXfmcEnFo4I/IJ7JFUcsSCNKhB7POt3a0JEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzaDFSNWJRc0xzUDFuaEhV
bm1Ncm5GV1l1MmlnOWtxbURMVVRGbCs0Q0NBCkwwVUR6V2pWSFN1dlJtMk1KQVB6
ejVCVUR6N0hDcTVhaUdXRkRwOVZPR00KLS0tIE1UQ05lRGNCY3MyMXFQck9lSEo0
azFtdzVwTTlwT3hpcVI0dDUxTjh1OEUKYK5VWYju936Y07dec4HTE/U4RG8pU/PG
+yx+dci5eRayoN0I+JDZg8ifxj4f9SGBEUiB+xfImh67+Gcyhr4YdQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s4hzwj982zk04kr7c5u0vlemkzalv72wtkttkgzt64xv8a4r25zqxra6u0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMR1dRanR6N3dnNTZ1SGpM
dlZ4UlIyMjJtVUR1eWZrN2E4Q0RYd09qeVFrCkNwd0Q5dDhEeXlWZnVkSzJlbENy
V0xrTktHOUtMSnZhN1hZN0ROc05aMmcKLS0tIEFsTDE3RzdJV0crUFBPaFNFNjJr
TzBkaEx6Z3VWYlB6aXJ0UEc1NnNTZWsKRE57cTa9yL8cKckISq9RlU0JwvJl0wuo
VKy9TczYN+Sykrq30MxCXQSnpKCUqJ1xuJS7+xJlpLs+jGZIjIg7+A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-14T02:13:37Z"
mac: ENC[AES256_GCM,data:E9iQOY3ZGsMAAN+FpIcAJLuylSlISvVBXYCndbqkh2zxQnvxnjO4EUw+0uqtknCiFJYqXl/tGudTZG0Xb091AHVjNzNPfhO8aNbHvugXCBTt2d55Zqjr3otYgE9lXV+aBhCkjo4CgrZPDRGLaG0iM0bLGuxgd9o1I0ILVOw33Bc=,iv:MsbhZSSHfvRt1Z4lg/OqNCCoebOrWC5CcBocXLGyMKc=,tag:Owf6/3IJLvgfvuOppfLzUw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2