pc: frp add stcp

2026-01-12 04:39:23 +08:00 · 2023-11-11 19:13:16 +08:00
parent 333ed600ef
commit d274730437
4 changed files with 79 additions and 3 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -204,6 +204,7 @@
                  enable = true;
                  serverName = "frp.chn.moe";
                  user = "pc";
+                  stcp."yy.vnc".localPort = 6187;
                };
                nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
                smartd.enable = true;
--- a/modules/services/huginn.nix
+++ b/modules/services/huginn.nix
@@ -0,0 +1,73 @@
+inputs:
+{
+  options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    hostname = mkOption { type = types.str; default = "huginn.chn.moe"; };
+  };
+  config =
+    let
+      inherit (inputs.lib) mkIf;
+      inherit (inputs.localLib) attrsToList;
+      inherit (inputs.config.nixos.services) huginn;
+      inherit (builtins) map listToAttrs toString;
+    in mkIf huginn.enable
+    {
+      virtualisation.oci-containers.containers.huginn =
+      {
+        image = "huginn/huginn:2d5fcafc507da3e8c115c3479e9116a0758c5375";
+        imageFile = inputs.pkgs.dockerTools.pullImage
+        {
+          imageName = "ghcr.io/huginn/huginn";
+          imageDigest = "sha256:aa694519b196485c6c31582dde007859fc8b8bbe9b1d4d94c6db8558843d0458";
+          sha256 = "0471v20d7ilwx81kyrxjcb90nnmqyyi9mwazbpy3z4rhnzv7pz76";
+          finalImageName = "huginn/huginn";
+          finalImageTag = "2d5fcafc507da3e8c115c3479e9116a0758c5375";
+        };
+        ports = [ "127.0.0.1:3000:3000/tcp" ];
+        extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
+        environmentFiles = [ inputs.config.sops.templates."huginn/env".path ];
+      };
+      sops =
+      {
+        templates."huginn/env".content =
+        ''
+          MYSQL_PORT_3306_TCP_ADDR=host.docker.internal
+          HUGINN_DATABASE_NAME=huginn
+          HUGINN_DATABASE_USERNAME=huginn
+          HUGINN_DATABASE_PASSWORD=${inputs.config.sops.placeholder."mariadb/huginn"}
+          DOMAIN=${huginn.hostname}
+          RAILS_ENV=production
+          FORCE_SSL=true
+          INVITATION_CODE=xxx
+          SMTP_DOMAIN=mail.chn.moe
+          SMTP_USER_NAME=bot@chn.moe
+          SMTP_PASSWORD="xxx"
+          SMTP_SERVER=mail.chn.moe
+          SMTP_SSL=true
+          EMAIL_FROM_ADDRESS=bot@chn.moe
+          TIMEZONE=Beijing
+
+          BASE_URL=https://${send.hostname}
+          MAX_FILE_SIZE=17179869184
+          REDIS_HOST=host.docker.internal
+          REDIS_PORT=9184
+          REDIS_PASSWORD=${inputs.config.sops.placeholder."redis/send"}
+        '';
+      };
+      nixos =
+      {
+        services =
+        {
+          nginx =
+          {
+            enable = true;
+            https."${huginn.hostname}".location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; };
+          };
+          redis.instances.huginn = { user = "root"; port = 9184; };
+        };
+        # TODO: root docker use config of rootless docker?
+        virtualization.docker.enable = true;
+      };
+    };
+}
--- a/modules/services/send.nix
+++ b/modules/services/send.nix
@@ -18,7 +18,7 @@ inputs:
        image = "timvisee/send:1ee4951";
        imageFile = inputs.pkgs.dockerTools.pullImage
        {
-          imageName = "timvisee/send";
+          imageName = "registry.gitlab.com/timvisee/send";
          imageDigest = "sha256:1ee495161f176946e6e4077e17be2b8f8634c2d502172cc530a8cd5affd7078f";
          sha256 = "1dimqga35c2ka4advhv3v60xcsdrhc6c4hh21x36fbyhk90n2vzs";
          finalImageName = "timvisee/send";
--- a/secrets/pc.yaml
+++ b/secrets/pc.yaml
@@ -4,6 +4,8 @@ acme:
    cloudflare.ini: ENC[AES256_GCM,data:hPNpTclYvRbcbFO6aR9PNyHt3kDUmjeUgg4NPsr+c/yxKPundoiziNYBRfF7/axlw8Hu32jf/cDlcWaEmqCBQJY=,iv:bdGCD/a6AnGQhiFNyZ+fD1f/rILsEcPXC2qRDsAO4n8=,tag:MLZak9uSqsg/0Ldx2Wgb6A==,type:str]
 frp:
    token: ENC[AES256_GCM,data:0mE8/cWqHKNquCIiqgbjcNhipKk7KEfbZ+qRYbu+iZr7AH9QjfYZQiMJNp4Aa3JWwBLYAnpf,iv:ID4cc8Tn0H9b1CimXlPamMlhlAkafhRApDHo/CCQ4BE=,tag:BUuU/BCj16R7FlKlpubawA==,type:str]
+    stcp:
+        yy.vnc: ENC[AES256_GCM,data:IsZWkNGYHrbQcgvOSURDnA==,iv:4XO8RFBdNopLKYxCACmkXLMPu0wIVx64y0C7m2bsTVA=,tag:fMHzU9aQm0bRr8pTKwpuHQ==,type:str]
 store:
    signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
 nginx:
@@ -40,8 +42,8 @@ sops:
            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-03T10:45:13Z"
-    mac: ENC[AES256_GCM,data:9O1o1uNvrSu4yEpVmvPLESrCqtkf+MXUud54hVgjd/Mmchsy0eTi3gMzbAb0i6vaaNH7hHVOT0GnSNiS67UjYemvx9xHOPuJxysmoUAvT6aVzap4XZirnnsKgfYGUwn/iECsEF3dGa2c4nCiPxdtac2BaGBlxFKuh1fWBKWrow0=,iv:a+xHAakjIPhDQRYJnb0BFxdXc0uXZmmZYv8kvOPoKBA=,tag:hWpzT1tMILYZKhQXgdmhXg==,type:str]
+    lastmodified: "2023-11-11T11:10:21Z"
+    mac: ENC[AES256_GCM,data:ro3ROIx/9+pnS2Cdz44NKYZ0kDDdLPZJyXkBpYSuCrkotLzyDrx9Kjx1FR4CrQQeA4hOPQ9Z5qJVC1shef+UgwDwemiUhR3zq9BQv0PmsRYilT19o2W9tmgfbM0NiXISeN9w0MttlBUASq7mBUDbTFRViL9fAppRixkANLxVxmw=,iv:YR6QQNYQoK3v6RHUUWerM2cXU5oYQkSRfr58QDnw5H4=,tag:6Ig+RlVySAYEEiZTo8bs3A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3