diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index bdcd1fa..0acc33e 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -14,6 +14,7 @@ sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8P writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str] writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str] ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str] +mollysocket-vapid-key: ENC[AES256_GCM,data:w0tcRqjXrhjem+4rfZuSSfeex+Fpi0du3EhUdPsBRCuO7L2OdVml1CU2QA==,iv:bGfYc1T+21/rcGdkHAFqteSffXPUhvoateSqbiSPb10=,tag:XqrU5f5f0sxHTkARFdNVeA==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +30,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-23T00:03:37Z" - mac: ENC[AES256_GCM,data:uRXXG8sDFqMyuhSSJrD3gDmZd2uGdrV/vHxfrAzTHYa+rtq7EjsIynxa9obpBKEbCSHa5UHgNxoP9VpSd9n9ENaRDxKFdaANcREjUihTDv0rFoMyaiBPcjWjj5/W8rA2ki7V4M0tgERUmq+UOcW5uZg01jPrHm7TFgdwZezFPfI=,iv:FX7DrwjA2DYKRif4EdhQ7rQKfQdk4NrQBIA+LB/3xkI=,tag:swckRXnUoVVdBsx8tDqIKA==,type:str] + lastmodified: "2025-01-14T12:47:32Z" + mac: ENC[AES256_GCM,data:HxttRqB9RgMP9xkVTPXUE9MyGon3VJ7DW6gyNIII3svgcZItl39HIG3aYTsS3jAWShZQ/iSxERXbwusAb/wAC8VNXNI04BZGK9WbExSJKXzAzBLXI4ajUsJ27POf+4mi/8fwdSSRpmZdfYhbxuzBs8jI6/CJ40B9Dbp/DtndXTk=,iv:GPSoTNfsBEFNwCqAnOpylbl0LJckrR5lCznzzi/BAI8=,tag:kRwqzIh0TWz4MR66vKwgSA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/nixos/server/package-configs/default.nix b/nixos/server/package-configs/default.nix index 4dd970f..91ff838 100644 --- a/nixos/server/package-configs/default.nix +++ b/nixos/server/package-configs/default.nix @@ -13,5 +13,6 @@ #./cinny #./firefox-sync ./writefreely + ./mollysocket ]; } diff --git a/nixos/server/package-configs/mollysocket/default.nix b/nixos/server/package-configs/mollysocket/default.nix new file mode 100644 index 0000000..3baf77d --- /dev/null +++ b/nixos/server/package-configs/mollysocket/default.nix @@ -0,0 +1,26 @@ +{config, ...}: { + sops.secrets."mollysocket-vapid-key".mode = "0440"; + sops.secrets."mollysocket-vapid-key".owner = config.users.users.root.name; + + services.mollysocket = { + enable = true; + settings = { + port = 4381; + vapid_key_file = config.sops.secrets."mollysocket-vapid-key".path; + allowed_endpoints = ["molly.gladtherescake.eu" "nextcloud.gladtherescake.eu"]; + allowed_uuids = ["*"]; + webserver = true; + }; + }; + services.nginx = { + virtualHosts = { + "molly.gladtherescake.eu" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:4381"; + }; + }; + }; + }; +}