diff --git a/devices/nas/default.nix b/devices/nas/default.nix index 7f8a55fc..60f412ab 100644 --- a/devices/nas/default.nix +++ b/devices/nas/default.nix @@ -55,6 +55,7 @@ inputs: nextcloud = {}; freshrss = {}; send = {}; + huginn = {}; httpapi = {}; gitea = {}; grafana = {}; diff --git a/devices/nas/secrets.yaml b/devices/nas/secrets.yaml index d6daea64..bd2a2b88 100644 --- a/devices/nas/secrets.yaml +++ b/devices/nas/secrets.yaml @@ -54,10 +54,13 @@ vaultwarden: admin_token: ENC[AES256_GCM,data:TrgqQwXBoCdsLeWQYkur4zS+Z4nCoDDoePnN5vm+AIcgYXVwjxcf/0AwXQIxVNEypYysPpoHKOigwhkf5kLazAMiBZ0goAflJT/S4nOLo90s+9kDCADXWnCeHNhBUg8fUulNPBbpqdfFKCJgJCD2WTI+V5yFLQ==,iv:maKU6pcxis7Cyrx9x26cUTBzA6ZKcKJWSP23w+MDehw=,tag:GYpPHp2slC6V8aKA1FHFAg==,type:str] mariadb: freshrss: ENC[AES256_GCM,data:Qjg5GIX13ccZi/DuqtWK0qzr2GK0GzzUdEZWXDhUhGxFWzgosADxDCc8wfOchItaJFefnVrpPxdAPvT+4TEH0g==,iv:oGii3o6sJYVc11kdQMh0Pa3GUbWqttFgjvSVEbTycZc=,tag:8GWWwuJjQBwDFl9pJvg90g==,type:str] + huginn: ENC[AES256_GCM,data:/hFQdG/RGrX75qd0+WgwhnwR7p/CEVx1vPksRSudxmc1m4VO/AVzgMCWAz4310ctTEnn4GZinvD6QGFta5IOSA==,iv:mrPDZA6Bnw+SPVDDe64tivvvQtHWvCsPJbEnPqm12g4=,tag:ihXbIJwwtQ0RfaNfcaop4Q==,type:str] nextcloud: admin: ENC[AES256_GCM,data:DJK+u19VP9cFvq4/P0+f7erXxZkRWI4NRrX9HdHO96xy9wZMtB+hEDN3zLQnkTTtmd2ZLs9+c9BsUNXZperGDQ==,iv:zX8Nxt5+O/mGVt5l1j8IojBkgxg5oDae6KWTXYz0hRE=,tag:MRyMx0OXYTCmtaySP/umNw==,type:str] freshrss: chn: ENC[AES256_GCM,data:wwHntnMeiGZ5v8CE7CGV,iv:snIdYdFpvv5HvcR5qucD2pZXXef3dhSU+2wK5SPrDjw=,tag:2RnujKKkQSoxvSNZPLS9Pg==,type:str] +huginn: + invitationCode: ENC[AES256_GCM,data:E8rEdAfUQX9oJEnvxVF5PmYFMd9PN8+K,iv:gZtUf+AkICLHD4h2beHbEfyoL4bcoOv0sivDFDB3vVY=,tag:4tlsPuED6jCXNE0iOayXsg==,type:str] grafana: secret: ENC[AES256_GCM,data:O2L0+R9QvOMJLKa941nxn+FeuZ5nOAm1iDlKW2vvk5Dyod0XLdGL1seWuYzpx+NL16qmC1u8jydDcBfUT+PAeA==,iv:Pqsr+POPAr8djdVMK5U4PiS1zUnZXLH3q588D/jOMys=,tag:QziP0kKT5oyI/RHaYHr2mw==,type:str] chn: ENC[AES256_GCM,data:xMwWBYChRIxw5KDjgCYBJWkbRRo5FUtyhZ0+SVRIgjQ=,iv:EIjECQHx3/2t+oMC16B1Xfwa8guiST2pdIKM1hNcuFA=,tag:BP8ElnMevqF6urDgBP/UAg==,type:str] @@ -87,7 +90,7 @@ sops: by9Rd0U0bzNiK21BQTNxN1RuQ09DQVkKJmSlzV5ppEkZFljsS17ZWmoI++fz4tJh kTdoAStG1zsKASHyZTsmdm3RBDO3qV1KhQC2gC7d4EiwNZngxOOZJg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-19T03:10:32Z" - mac: ENC[AES256_GCM,data:xPqumB7DAGPi9HGSCnxnmr8zgOT+7smCREs4qSEKQ5ZikxIVuWQPqQaThIuAAFB/dQu0Gm92I4Lj+F+w4+9NlVTnku0HY8CWD5PlNcun+0CEAX9byuVrfEH8zwqOX+SRrHIEU0h3TWI492EiJm7lgchWe/o50seS7RT6d0q8IfQ=,iv:5PYqHhzvLYhIu8PT+TAyoDmtj7+AB3iCVZMX8PfKQQc=,tag:9+6VGz8bDmLqVWCdysXk1g==,type:str] + lastmodified: "2025-12-04T17:33:50Z" + mac: ENC[AES256_GCM,data:MjCnibcdkR927418wAlPUj5IXfbCQMS4QQOKvWRHdqqZHBQFw886Nx8YOXvH2PTgAhDWjzhuhnkF3InaY63zYqamJcKKwp/aIjZ97UXNKsZPKaVo48S9rBuHPFI/NceDSoMPZvgrMhgNguegdc6B8D2fwJPdtdSa6pJez1WQ9r8=,iv:kZnVRglmmWkR7f80bCX9Y5Th3dNI8TtUxx6P40d7E1o=,tag:5L0bfCYJq/EpvaT8BJA2QQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/devices/vps9/default.nix b/devices/vps9/default.nix index 9bdbdd9d..06ecb662 100644 --- a/devices/vps9/default.nix +++ b/devices/vps9/default.nix @@ -31,7 +31,7 @@ inputs: (site: { name = "${site}.chn.moe"; value.upstream.address = "tinc0.nas.chn.moe"; }) [ "xn--s8w913fdga" "matrix" "send" "git" "grafana" "peertube" "rsshub" "misskey" "synapse" "vaultwarden" - "nextcloud" "freshrss" "api" "webdav" + "nextcloud" "freshrss" "huginn" "api" "webdav" ]); }; }; diff --git a/flake/dns/config/chn.moe.nix b/flake/dns/config/chn.moe.nix index b1549b2b..c5dc43a8 100644 --- a/flake/dns/config/chn.moe.nix +++ b/flake/dns/config/chn.moe.nix @@ -24,7 +24,7 @@ let [ "initrd.vps9" "xserver2.vps9" # to nas - "git" "grafana" "peertube" "send" "vikunja" "xservernas" "freshrss" "nextcloud" + "git" "grafana" "peertube" "send" "vikunja" "xservernas" "freshrss" "huginn" "nextcloud" "rsshub" "vaultwarden" "webdav" "synapse" "misskey" "api" ]; }; diff --git a/flake/src.nix b/flake/src.nix index fe752ab7..3d73f6be 100644 --- a/flake/src.nix +++ b/flake/src.nix @@ -55,6 +55,14 @@ }; }; }; + huginn = pkgs.dockerTools.pullImage + { + imageName = "ghcr.io/huginn/huginn"; + imageDigest = "sha256:68e2c7082cd51d417e5ce76fe123810e9d52f4ab2018569df5b74b913ed3bc64"; + sha256 = "0jpdysdphy1lyj6zwx2b1kbgs6bfnpkkx85mf1b9ybh3is6gaz6s"; + finalImageName = "ghcr.io/huginn/huginn"; + finalImageTag = "latest"; + }; misskey = {}; lumerical = { diff --git a/modules/services/huginn.nix b/modules/services/huginn.nix new file mode 100644 index 00000000..e7db37e4 --- /dev/null +++ b/modules/services/huginn.nix @@ -0,0 +1,53 @@ +inputs: +{ + options.nixos.services.huginn = let inherit (inputs.lib) mkOption types; in mkOption + { + type = types.nullOr (types.submodule { options = + { + hostname = mkOption { type = types.str; default = "huginn.chn.moe"; }; + };}); + default = null; + }; + config = let inherit (inputs.config.nixos.services) huginn; in inputs.lib.mkIf (huginn != null) + { + virtualisation.oci-containers.containers.huginn = + { + image = "ghcr.io/huginn/huginn:latest"; + imageFile = inputs.topInputs.self.src.huginn; + ports = [ "127.0.0.1:3000:3000/tcp" ]; + environmentFiles = [ inputs.config.nixos.system.sops.templates."huginn/env".path ]; + }; + nixos = + { + services = + { + nginx.https.${huginn.hostname}.location."/".proxy = { upstream = "http://127.0.0.1:3000"; websocket = true; }; + mariadb.instances.huginn = {}; + podman = {}; + }; + system.sops = + { + templates."huginn/env".content = let inherit (inputs.config.nixos.system.sops) placeholder; in + '' + MYSQL_PORT_3306_TCP_ADDR=host.containers.internal + HUGINN_DATABASE_NAME=huginn + HUGINN_DATABASE_USERNAME=huginn + HUGINN_DATABASE_PASSWORD=${placeholder."mariadb/huginn"} + DOMAIN=${huginn.hostname} + RAILS_ENV=production + FORCE_SSL=true + INVITATION_CODE=${placeholder."huginn/invitationCode"} + SMTP_DOMAIN=mail.chn.moe + SMTP_USER_NAME=bot@chn.moe + SMTP_PASSWORD="${placeholder."mail/bot"}" + SMTP_SERVER=mail.chn.moe + SMTP_SSL=true + EMAIL_FROM_ADDRESS=bot@chn.moe + TIMEZONE=Beijing + DO_NOT_CREATE_DATABASE=true + ''; + secrets = { "huginn/invitationCode" = {}; "mail/bot" = {}; }; + }; + }; + }; +}