imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

feat: init efl 😋

Browse Source
This commit is contained in:
imxyy_soope_
2025-09-05 19:39:45 +08:00
parent 2677ed4594
commit 3f206e08c2
5 changed files with 105 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/hosts/imxyy-nix-server/default.nix
View File

@@ -22,5 +22,7 @@
./minio.nix ./minio.nix
./build.nix ./build.nix
./immich.nix ./immich.nix
./efl.nix
]; ];
} }

5
config/hosts/imxyy-nix-server/docker.nix
View File

@@ -5,5 +5,10 @@
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
dockerSocket.enable = true; dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
# avoid collision with dnsmasq
virtualisation.containers = {
containersConf.settings.network.dns_bind_port = 5353;
}; };
} }

52
config/hosts/imxyy-nix-server/efl.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, secrets, ... }:
{
sops.secrets.efl-tuwunel-env = {
sopsFile = secrets.efl-tuwunel;
format = "dotenv";
};
virtualisation.oci-containers.containers = {
tuwunel = {
image = "jevolk/tuwunel:latest";
volumes = [
"tuwunel_db:/var/lib/tuwunel"
];
ports = [ "6167:6167" ];
networks = [ "podman" ];
environment = {
TUWUNEL_SERVER_NAME = "mtx.eflx.top";
TUWUNEL_PORT = "6167";
TUWUNEL_ADDRESS = "0.0.0.0";
};
environmentFiles = [
config.sops.secrets.efl-tuwunel-env.path
];
};
mautrix-telegram = {
image = "dock.mau.dev/mautrix/telegram:latest";
ports = [ "8099:8099" ];
networks = [ "podman" ];
extraOptions = [ "--ip=10.88.0.254" ];
volumes = [ "/var/lib/efl-mautrix-telegram:/data" ];
};
send = {
image = "lanol/filecodebox:latest";
ports = [ "12345:12345" ];
volumes = [ "/var/lib/send:/app/data:rw" ];
};
};
services.caddy.virtualHosts."mtx.eflx.top" = {
extraConfig = ''
reverse_proxy :6167 {
header_up X-Real-IP {remote_host}
}
'';
};
services.caddy.virtualHosts."send.eflx.top" = {
extraConfig = ''
reverse_proxy :12345 {
header_up X-Real-IP {remote_host}
}
'';
};
}

30
config/hosts/imxyy-nix-server/net.nix
View File

@@ -408,6 +408,35 @@
localPort = 443; localPort = 443;
customDomains = [ "memo.imxyy.top" ]; customDomains = [ "memo.imxyy.top" ];
} }
{
name = "efl-matrix-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "mtx.eflx.top" ];
}
{
name = "efl-matrix-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "mtx.eflx.top" ];
}
{
name = "efl-send-http";
type = "http";
localIP = "127.0.0.1";
localPort = 80;
customDomains = [ "send.eflx.top" ];
}
{
name = "efl-send-https";
type = "https";
localIP = "127.0.0.1";
localPort = 443;
customDomains = [ "send.eflx.top" ];
}
]; ];
}; };
}; };
@@ -553,7 +582,6 @@
"music" "music"
"ai" "ai"
"sy" "sy"
"minio"
"immich" "immich"
]; ];
in in

17
secrets/efl-tuwunel.env Normal file
View File

@@ -0,0 +1,17 @@
TUWUNEL_DATABASE_PATH=ENC[AES256_GCM,data:PDrE2yQT59HJvKd97nJumQ==,iv:KkNRd/rblupTE3PyV39nSYmapd/dCTvTW0RmlIAeTTI=,tag:uEx2tENmJrsjVNLUFqtXTg==,type:str]
TUWUNEL_MAX_REQUEST_SIZE=ENC[AES256_GCM,data:3yJltQjTuRA=,iv:bhHWY7/IeleHYZyqSUluCnQgM8kb0rgBa4m+msu1BvU=,tag:gjY3u9v8yrnmTObtYDwnfg==,type:str]
TUWUNEL_ALLOW_REGISTRATION=ENC[AES256_GCM,data:m32CHg==,iv:SW+9oZLVmd8Sf24NLkxagy+sOsK5ysTc8JHdomu6Ft4=,tag:ATTLG2dezibrAzyQuQrbYw==,type:str]
TUWUNEL_REGISTRATION_TOKEN=ENC[AES256_GCM,data:IQgfTI/aLhcS/7/VCVN0KgdMwv43845ueHGREmYqjtpKTybb2qWLDdPAiVrj,iv:huwZXpY7+aDNxOINLlPaCaUiptAN5tOJ068ASItGafA=,tag:UBkDgWV9CdE2LObnyWk5ng==,type:str]
TUWUNEL_ALLOW_FEDERATION=ENC[AES256_GCM,data:4mKscA==,iv:iJhWpcEvJ0n2wVPLNntOcSYyKO/wvQfXdd8WLuU8ets=,tag:ywbpkpnfQTy+zuSGat8dEQ==,type:str]
TUWUNEL_TRUSTED_SERVERS=ENC[AES256_GCM,data:xlYagLxkJ4jPNAWEX+W5fq/io/eC7Y3DW1RM,iv:pjApkV2hCpnMr2acEw4P+kWDEjfx0yRQXVn8w9RGa5s=,tag:QnmhL4WK6K+Q5jBACEzuAA==,type:str]
TUWUNEL_ALLOW_OUTGOING_PRESENCE=ENC[AES256_GCM,data:7iQU4TA=,iv:ljwU5yt2Qj7zWI08JnwT/E4mheRloy3KE0RMtQAF2IE=,tag:Icw5hay9cRfs/SEDMNfmxQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSAwVjFh\naTdScGZia1BGSWZBUWkyellzMzlkbDkxLzhRMW5Pdm5WdXdZMm44CmNrMkRNRERH\nWTVJZUxWcGxSQ2xzMjRVclBaTHdNLzF4WE5LUlpxZW9GTjAKLS0tICtzNitCSUJu\nbzAza0kzNzlaUFdmcDdaeis5ZVlSOXd1SW5GZW5rdXJjSWsK9LuRScqfr/EcHcEI\nykvGH/ATkza41/ilj0tRyPMZN7AhrJcf5eqEFP5ixd/p9oTecCN5jbaekZJ3bGjL\n2MXgJQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyBBUThQ\nNVJoY1RyazJDaTlQRVdEdDd1UVpBNlVrclFrU0NjenlubEF1STB3CjhIM01uVFhp\ncWJQdnFqbUtVMENOWVlwVVhyS1pHRmk5b2tJRHZlN3JEdzQKLS0tIERTZWZWcWR5\nUVVJcEdkOWpFaWRDa3FNcGVNRjNyQkJSRWo0VXVtams0OHcK0SEYcPiFfxb55Pua\nt/tl6Y+b+tH3s58Evt1oQs6JkwqtnwF74UHYEDNKRcZxNemVVp5D8/gKm85k6bwT\nlUWRRg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBoaGdD\nWXZTL2puRzFCSjlIZ1J0Q0ZYMXhHYjA2QkI4dmhtT3pTOXdLMEFFCktnaExmY1BY\nYWVZREg1bXNCR0xzaHVrZnJNUVI4V3V0Z1NXSU9VOWhoMTgKLS0tIHduZU95VVBM\nRGhmc0ZBaUF6SWlYZzVBQjgyRkxJbUQ5MU1uVVdlTVZjQ0EKl1Dh0+uNZgG2TUBw\nsKMW2ryk4WtGduPG7OzlaGAGABSeHfe3qy3nGmNPVm5e+7nicB0IFgR0uL29rU9c\nj/PHlQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/
sops_lastmodified=2025-09-14T00:38:59Z
sops_mac=ENC[AES256_GCM,data:oA5ZHVIW00lIawVu1wgwfDr+DLuEpRA65VuVtO+8St+gOmob66tfNCSmlj8zvEW7Z8HpxHxEyq4XVuLn2Ia9Uvj9eXfVeqmsguIlK3KJ334G1E8VTRO+Nxgdz6itMFjwf1bDw3GA+zeQZ+VFwxUhU4HqMggsqFuPtP2BgnK67ME=,iv:+ksYve10uG2JUqDIk5PJjPIxeYLL9Re2+IGPeV1q1Gc=,tag:AUyZB7OUBnE+6cxVDZG6Cg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2