feat: init efl 😋

2025-09-05 19:39:45 +08:00
parent 2677ed4594
commit 3f206e08c2
5 changed files with 105 additions and 1 deletions
--- a/config/hosts/imxyy-nix-server/default.nix
+++ b/config/hosts/imxyy-nix-server/default.nix
@@ -22,5 +22,7 @@
    ./minio.nix
    ./build.nix
    ./immich.nix
+
+    ./efl.nix
  ];
 }
--- a/config/hosts/imxyy-nix-server/docker.nix
+++ b/config/hosts/imxyy-nix-server/docker.nix
@@ -5,5 +5,10 @@
    enable = true;
    dockerCompat = true;
    dockerSocket.enable = true;
+    defaultNetwork.settings.dns_enabled = true;
+  };
+  # avoid collision with dnsmasq
+  virtualisation.containers = {
+    containersConf.settings.network.dns_bind_port = 5353;
  };
 }
--- a/config/hosts/imxyy-nix-server/efl.nix
+++ b/config/hosts/imxyy-nix-server/efl.nix
@@ -0,0 +1,52 @@
+{ config, secrets, ... }:
+{
+  sops.secrets.efl-tuwunel-env = {
+    sopsFile = secrets.efl-tuwunel;
+    format = "dotenv";
+  };
+  virtualisation.oci-containers.containers = {
+    tuwunel = {
+      image = "jevolk/tuwunel:latest";
+      volumes = [
+        "tuwunel_db:/var/lib/tuwunel"
+      ];
+      ports = [ "6167:6167" ];
+      networks = [ "podman" ];
+      environment = {
+        TUWUNEL_SERVER_NAME = "mtx.eflx.top";
+        TUWUNEL_PORT = "6167";
+        TUWUNEL_ADDRESS = "0.0.0.0";
+      };
+      environmentFiles = [
+        config.sops.secrets.efl-tuwunel-env.path
+      ];
+    };
+    mautrix-telegram = {
+      image = "dock.mau.dev/mautrix/telegram:latest";
+      ports = [ "8099:8099" ];
+      networks = [ "podman" ];
+      extraOptions = [ "--ip=10.88.0.254" ];
+      volumes = [ "/var/lib/efl-mautrix-telegram:/data" ];
+    };
+
+    send = {
+      image = "lanol/filecodebox:latest";
+      ports = [ "12345:12345" ];
+      volumes = [ "/var/lib/send:/app/data:rw" ];
+    };
+  };
+  services.caddy.virtualHosts."mtx.eflx.top" = {
+    extraConfig = ''
+      reverse_proxy :6167 {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+  services.caddy.virtualHosts."send.eflx.top" = {
+    extraConfig = ''
+      reverse_proxy :12345 {
+        header_up X-Real-IP {remote_host}
+      }
+    '';
+  };
+}
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -408,6 +408,35 @@
          localPort = 443;
          customDomains = [ "memo.imxyy.top" ];
        }
+
+        {
+          name = "efl-matrix-http";
+          type = "http";
+          localIP = "127.0.0.1";
+          localPort = 80;
+          customDomains = [ "mtx.eflx.top" ];
+        }
+        {
+          name = "efl-matrix-https";
+          type = "https";
+          localIP = "127.0.0.1";
+          localPort = 443;
+          customDomains = [ "mtx.eflx.top" ];
+        }
+        {
+          name = "efl-send-http";
+          type = "http";
+          localIP = "127.0.0.1";
+          localPort = 80;
+          customDomains = [ "send.eflx.top" ];
+        }
+        {
+          name = "efl-send-https";
+          type = "https";
+          localIP = "127.0.0.1";
+          localPort = 443;
+          customDomains = [ "send.eflx.top" ];
+        }
      ];
    };
  };
@@ -553,7 +582,6 @@
        "music"
        "ai"
        "sy"
-        "minio"
        "immich"
      ];
    in