From 839d0c386ef27e7035441211557b4e67991b60df Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Fri, 10 Jan 2025 13:34:13 -0500 Subject: [PATCH] Make immich-kiosk available via https + basic auth --- modules/hosts/nixos/nixnuc/default.nix | 19 +++++++++++++++++++ modules/hosts/nixos/nixnuc/secrets.yaml | 7 ++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/modules/hosts/nixos/nixnuc/default.nix b/modules/hosts/nixos/nixnuc/default.nix index fa1d288..353e08f 100644 --- a/modules/hosts/nixos/nixnuc/default.nix +++ b/modules/hosts/nixos/nixnuc/default.nix @@ -343,6 +343,21 @@ in { send_timeout 600s; ''; }; + "immich-kiosk.${home_domain}" = { + listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; + enableACME = true; + acmeRoot = null; + forceSSL = true; + basicAuthFile = config.sops.secrets.immich_kiosk_basic_auth.path; + locations."/".proxyPass = "http://${backend_ip}:3001"; + locations."/".proxyWebsockets = true; + extraConfig = '' + client_max_body_size 0; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + }; "jellyfin.${home_domain}" = { listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }]; enableACME = true; @@ -453,6 +468,10 @@ in { age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; secrets = { + immich_kiosk_basic_auth = { + owner = config.users.users.nginx.name; + restartUnits = ["nginx.service"]; + }; local_git_config = { owner = "${username}"; path = "${config.users.users.${username}.home}/.gitconfig-local"; diff --git a/modules/hosts/nixos/nixnuc/secrets.yaml b/modules/hosts/nixos/nixnuc/secrets.yaml index f42306c..4d0dd68 100644 --- a/modules/hosts/nixos/nixnuc/secrets.yaml +++ b/modules/hosts/nixos/nixnuc/secrets.yaml @@ -1,6 +1,7 @@ tailscale_key: ENC[AES256_GCM,data:aB3KUD4QYm+ZDrjjLcU3gQ8kneVGkVYBsrkVcioOhxunal2FekLDrpKxJwNXuiwx2M5vipnGAEPO,iv:e+tPPfVYkv4U0KRGwspWb1O3ZQom/WFFGm9H9cd/KKE=,tag:ZG5z1C18bj1L7DcGzunQ0w==,type:str] local_git_config: ENC[AES256_GCM,data:Nqwog5C4wnRzNoS4oqaYQ4J1DIj7fUL1y/nXESquR0N7KQ+ebhvuJnM=,iv:Q6o45LZStS3k8iO7s2P6u7OrKFu5alplshZuGgeRKmk=,tag:NcLJrI9AK4eDroODX15lcA==,type:str] local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str] +immich_kiosk_basic_auth: ENC[AES256_GCM,data:R/vaYXe0SRwSUg8zC367vA/OYhjIcgfbHxR3OhLt1YYUhPNXVuUGmn199zLD,iv:GBEjJKvbwHAS75negE2whTlI4wS8K2nQYNm3015DFoY=,tag:zs+bJEr9JlIrJtikHycN4g==,type:str] mealie: ENC[AES256_GCM,data:HuO2c5na5r271x98GLqYBP/ME+phH58e2scelEH7F3R+2liLRGK9xCA0ciHLJCo8,iv:bo6hTIsWfnWueRCiLcpxYoiol8oGOoPTHDgPQ7FnYqM=,tag:rHRfIv4vnIjO/eotxYmI/Q==,type:str] nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str] psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str] @@ -21,8 +22,8 @@ sops: bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-14T20:03:31Z" - mac: ENC[AES256_GCM,data:HBQLqcgvYQMgI9gsaWHeO/aaU1BAB94S/Amo2eNiFwbF4Fv75Leb+7tA/Us4WrsVpjAPCNL8rz6bB8eqqhB3z6WRZPsBaTSNcw0zD+CMevviMrTvXI2LDrQKbuKBXbUQrr++Yfwasw47XstdpeqlBsr7vwqTXN9uBiGAEN6pMyw=,iv:StSyeRw528BlMGVxDHFqth7DSWp2p2PGJv8/Ud8rKVc=,tag:TIPiIkmwzi3GpqWnSfI40A==,type:str] + lastmodified: "2025-01-10T16:08:06Z" + mac: ENC[AES256_GCM,data:bwPvp28nSVurnSdyuLoFCZ5XbyZlAqeXVjSUk97H1R5EuMx+2UWGNIBm5Llgm+MwsUUkOpEI/V49M1zS8wRuKxsUA1JkmXG4nis856Tx2tl0SDoIkVdCYiq+8nZTWRv1BAYblny6HHUeBzWX3Sgx8NvXC+Qfkl1fuwJcSP2zvCk=,iv:WfzIryQ78UR4Rc9kOJFgBtpV5PkTt2qT3yx/4vDcASI=,tag:49RBwahEAIvicte0S89idw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.2