dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

feat: anonimize domains and add auth support

Browse Source
This commit is contained in:
Guz
2024-11-08 20:33:20 -03:00
parent f24fa66785
commit 756f4e3c5d
3 changed files with 80 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
capytal/caddy.nix
View File

@@ -11,7 +11,7 @@ in {
services.caddy.xcaddy.enable = true;
services.caddy.email = secrets.capytal.caddy.email;
services.caddy.extraConfig = ''
(capytal_tls) {
(capytal_env) {
tls {
dns cloudflare {
zone_token {env.CAPYTAL_CF_ZONE_TOKEN}
@@ -19,7 +19,7 @@ in {
}
}
}
(home_tls) {
(home_env) {
tls {
dns cloudflare {
zone_token {env.HOME_CF_ZONE_TOKEN}
@@ -28,7 +28,7 @@ in {
}
}
'';
services.caddy.virtualHosts = let
services.caddy.virtualHosts = with builtins; let
caddyCfg = secrets.capytal.caddy;
setConfig = c: let
reverse_proxy =
@@ -42,18 +42,34 @@ in {
if c ? redir
then "redir ${c.redir}"
else "";
auth =
if c ? auth
then ''
basic_auth {
${
concatStringsSep "\n" (map (v: "${v.user} ${v.passwd}") c.auth)
}
}
''
else "";
in {
extraConfig = ''
${reverse_proxy}
${redir}
${auth}
import ${
if c ? env
then c.env
else "capytal_tls"
else "capytal_env"
}
'';
};
hosts = lib.attrsets.mapAttrs (n: v: setConfig v) caddyCfg.hosts;
hosts = listToAttrs (map (v: {
name = v.pattern;
value = setConfig v.config;
})
caddyCfg.hosts);
in
hosts;
systemd.services.caddy.serviceConfig = {

79
secrets/spacestation.lesser.json
View File

@@ -11,36 +11,69 @@
"caddy": {
"email": "ENC[AES256_GCM,data:OwCqxT+aiwmyoY3i4vO+i8FAyHzN/wU=,iv:8Gw0cqrW1OKyyANlmIIKXKisch1CGYaznIfTjGYyZa8=,tag:xvTKXhag6Gp0V7xmv8NBhg==,type:str]",
"defaultIp": "ENC[AES256_GCM,data:u+sITdDcl9TzabF8Pg==,iv:3GEn3lERvdbyKKf2r7qTxPOjq9/Im6TJraSKnrtOzWA=,tag:7A31e17vqsgI72Aj0kZqjA==,type:str]",
"hosts": {
"forgejo.i.capytal.company": {
"redir": "ENC[AES256_GCM,data:Qxo0iumZ9K2m/zFkPkDc6/7/7gkeCc8ThUzLfk+/qa7U,iv:aaaHns2oc9NDwxNQ8jKfKF5tCpNFL7mGGxsQ31WDK7w=,tag:pnvTcKsPX9ZLAcHzTwYaTQ==,type:str]"
"hosts": [
{
"pattern": "ENC[AES256_GCM,data:cj3RCHnPQqnDVrHECNsKcSfrYxCScisSVg==,iv:IzmtlDXQiIEQmCX7Vgf5Q/YWmJAlyqlDCHTyAtuj4Ss=,tag:G4MYjx3p2G1Fzwu5dQVpiw==,type:str]",
"config": {
"redir": "ENC[AES256_GCM,data:AiVHPAITKBhu2nMfNGJRqJaqPm04eH1e3KETkjJaHuzI,iv:yo7VnT2IBnIYxEcRsU1Ez04k5Y5k07FK63JNRVYq3ks=,tag:r/zSBU08gUqo1vdIX10kFQ==,type:str]"
}
},
"gadmin.i.capytal.company": {
"port": "ENC[AES256_GCM,data:1BPSyA==,iv:QIFh79CReD7PmTfdJfkHOrJXUSK7+17/+OM4Y+a34uM=,tag:vKVC1CAZjE6rAw15M84I4A==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:CXqDhBeiI+JvOZ5VgGKV8RCBD/1xrTg0,iv:nrp3iAUb3mQlPGw/CF6Ec8n1s6QVLS2WUzRYAeF8B6Q=,tag:9fNae5dqVdQ0PFbBvYW8dQ==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:hLsg+g==,iv:AUBzBTW77WfZ++WuXI3Qt8S+hUVDadGGU0hutF/xj5o=,tag:GdxguYHjbwK2orkTgHDNRw==,type:float]"
}
},
"gapi.i.capytal.company": {
"port": "ENC[AES256_GCM,data:WWBl+w==,iv:saxQfd1zikI2F25eTPBrH07v1BOwdQlBFTkkRDCEJfI=,tag:I6Gq7fJ7BOV1pJyt4woZXQ==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:isvmRsofmk/icmu0XOLytLJWQvRNmA==,iv:/5Qh/HzHoW8heMqPR6ZMfhrW83/v92n3ycZuRjasYoY=,tag:Y/NJWB3VnZ7iOsAErRx3+Q==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:B3mFfw==,iv:DJvviYYCINzcEmXkd657UQR4lgcedGWCbtE1M+CZPVc=,tag:m8Yl11jTRH08H6QjM48ggw==,type:float]"
}
},
"gk2v.i.capytal.company": {
"port": "ENC[AES256_GCM,data:3kgX1Q==,iv:sDQdX1rh7v2W8iWrTPZQ3MceA1sofww/K3tmuyswgdY=,tag:166LvzOI5QXbWFQDCfCF+g==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:TlyclBJgutYVottPkEEYm2o9hz9TVw==,iv:FVccv+ac/eqVCMSFcp2jjuquPG5armboYvLaAc+PHpI=,tag:YR6TVaTG4msI8ggdzqPTzA==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:9AAArA==,iv:sveBGP4ltKbeBD6IRerSHQxzjFy958DAzw1MSs0R7Hw=,tag:AnJcyGU4rJq0m3IvwwRZ3w==,type:float]"
}
},
"grpc.i.capytal.company": {
"port": "ENC[AES256_GCM,data:lRwqLQ==,iv:YcX79E4u47lsoOKq5EPSDVuTGSq9nwQ3nAGbwTwUkog=,tag:KQ7EJvcCiljmViR3OIWHFg==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:7631wlUSUfvV+uNECvMoYr74lQZMug==,iv:GF9H4rEHVX3MnxGpAnNDDm0uhxCZzqApnPrKr8VsogQ=,tag:A+Q139PKx32hOpU1ammcKA==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:RZtqyQ==,iv:XHS+fbJwNx+i4TJHe/REO0ZGg7HDSEuhc9rZ/eDSCQ0=,tag:nVvx9cuk2CmvKlAnHJ3T4A==,type:float]"
}
},
"gweb.i.capytal.company": {
"port": "ENC[AES256_GCM,data:6estbA==,iv:552X7bzCuxynn+tvhy3+Ah+hf8O55J3H62OM7QX3qoo=,tag:Mf6lkzJxz+aQ1c0VW/9buQ==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:2bwI6saJvcuQTKdE0C1qElMEP6TE8A==,iv:ptTIxkMqRYZb3AD1lA3jr3cjlnJij4+f64aTb34BkGo=,tag:BCwTM+dHEaRfsd+3k19V4w==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:oxlscg==,iv:C7PiR6yMzieXnPl/E5aNTRMsH8xgIlv5CRyyom2bDqw=,tag:xuTtIIB8N1eTknRx43Q6Iw==,type:float]"
}
},
"sqld.i.capytal.company": {
"port": "ENC[AES256_GCM,data:qnTTIw==,iv:CD6nvM/3cghGuXJ0Nz2dZdEo6YXE4bODIvIVy+j4Nus=,tag:N5CjPGpwj4WkmgG9wcLksA==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:VheGanizkj6hZvI95A4FBkQayNFaJQ==,iv:mDFzX3k6G3Q9OUVU3gTFYZDGv58mnZA7FrAWO5yyLlQ=,tag:Bk/n+pJGHtEClJlwai9CyQ==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:hGsChw==,iv:SF42YLgM20LLEKXLvelZHeWM/q2OztAKQHhhcc5ovN4=,tag:PYCKwv/etrtJvKT7GqvM0Q==,type:float]"
}
},
"sqld-grpc.i.capytal.company": {
"port": "ENC[AES256_GCM,data:sPjt7w==,iv:JcGc6ckArrin/q7yrwfaYfCce3j+mD20wIE5yECMUUM=,tag:nFm5it3tqsm+FkBunHeWXw==,type:float]"
{
"pattern": "ENC[AES256_GCM,data:XdHkPDrUajh8LIVewnirgDrBkHRAickE2BHH,iv:CuXWgpLo+YZ1YBoqNYW1YyIbN6vQYdHLplNTX46HODo=,tag:E8c3ms9zsaZjOidzIjpyKw==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:ARzYdw==,iv:IXtZkdkfesNcAi78K/+5jx9GZju0T0OjfIgn0Jg0H1w=,tag:uyt/iLEPomARsDeHA/DdMQ==,type:float]"
}
},
"adguard.h.guz.one": {
"port": "ENC[AES256_GCM,data:wSRtbw==,iv:klATChefaOf+kTSiham7c3fyHb2u72qXOFTD2IPRQfg=,tag:JukmGXxwM65EB7SRGaXj/w==,type:float]",
"env": "ENC[AES256_GCM,data:xP7W2nShNU0=,iv:L6sAD6v5P1gvszgurIOndISRwAqaNpgGmwWS5EpEAy0=,tag:KmsMZYYQpaDbQGSodfTsLw==,type:str]"
{
"pattern": "ENC[AES256_GCM,data:aLoMiLJn3We5EjBzzr3GY0A=,iv:CZ05BwoPdkE+b6yP07YfSiz0GlWNKKKHbZ7ru5+SMrA=,tag:3QmqBjbKZ3xu/yltMjdLcg==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:JRy9OQ==,iv:WWdjQVc12IAKWqsQnXC5WYALmc6QcJlJGnQGbkPWWBQ=,tag:mJE45PfqIMqOjXSVyPBNBw==,type:float]",
"env": "ENC[AES256_GCM,data:7VCj6pEXmpY=,iv:nVrrzX4SufKFcZVv+X+KnTs+RrEzzcWfwhucOqrcxbs=,tag:PTbnoPKJL1WAiGptiZtzhA==,type:str]",
"auth": [
{
"user": "ENC[AES256_GCM,data:XogBJ61GPQ==,iv:VECpTjq+5f+uJ4LHIXJjjqkjxKTEee8I+tahiqqhu4I=,tag:aM4o19REPU1IMZZPw6kXKA==,type:str]",
"passwd": "ENC[AES256_GCM,data:TBHBmtRbUdnP1fh9FKW5iBduo6cMixL8ubXzYI2WoKSgVu2qLayEY/Z+NX4wVEv6ZOvdTn8T+0LoBnNy,iv:/QZQMlU6DMK14CBTnKxtNTSZ3JCHht38BNFVKOzG8Zs=,tag:4JrgPJRORi4HlxXbbOXQcg==,type:str]"
}
]
}
}
}
]
},
"services": {
"forgejo": {
@@ -99,8 +132,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-08T13:45:54Z",
"mac": "ENC[AES256_GCM,data:B4jGOsd66wcETxULNdAcLL6rhQWkTnAJ/arjrMfdamdDS5X9Qke47v/Epg/cTfVqx7Mijn1v/YEHdzG8x0ZPRxZIVsBaEWOvJnE5Uw2Gs2It/PNef9oVtJHfiA6PntpdJkkwJYV3RIgdBlN5sS+VJuLY19MUPGN49pcHqSHqWJk=,iv:FUNX8jlXOBDmiuVHU0Q4XvPjCZDcjR/ZcL5se8BTc6k=,tag:pKpG3fDUPJyb3WAgH+HIGw==,type:str]",
"lastmodified": "2024-11-08T23:18:01Z",
"mac": "ENC[AES256_GCM,data:lsnLJVWJD7RPhnOrlvDTM+LN+/OZU6+5joMzNoecqIi4YZ8rGqiegppvhexHB1VBhDxTvWkhIme2cb/8tcl3mjoUGn4CrYeROs0ao9zM1VuJR/X/NoOAqOkPqu4+msFq7ikije+KJiN6oMKDGo/A8yIAscWeLmB8ImwcD2cA8o0=,iv:kSw4knHyjhJOfs+RBCmVItlFE51mXuMbAK+UUomR3VA=,tag:JOcjdGuHhurOiEksllB1nA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"

6
secrets/spacestation.yaml
View File

@@ -14,7 +14,7 @@ discord:
environment: ENC[AES256_GCM,data:014h9/uoqKr6LDd4eDK/Ji91i8MR42q+p3sS4U2fx3VgjX34Xlx1KHxdXaX6BF4QBO9saQNfW2QjN/qE6qILDEGd9uZA4DiRnjoJCOYAETWyiMiK9Se6kE4QbN33IwpIphcxpRm+HP0x5R08WIbWJ+CHSoSpgEcez8iuwqTdK1sC7jrILmqQLMGPmF+yYZcxbaPfNRj0mu0jPpRt6fnhDuHvJ00wXHDC1n5bgsxi7oUdsGYJegLhFcRqAsdgq5qB/vO+d5GVJ9IkF0CsYiSUQVvUVdbOHvcA657jLjB8Fz+KIqW/AM2mMcgRdpRReOLYEsVAaS6gRdZr,iv:hdhTSfBZHgabivcAQTtL8Nfy+Pog+OD5SOJTtL8sJJA=,tag:JxUgFpiHG+55OWOb5TCnKw==,type:str]
caddy:
capytal:
env: ENC[AES256_GCM,data:6V7iWEKf0BT1pwqygAct2VA9HMVNAPEeZkdxsKme/HZZFpAKHvzV8hkAXYxPoMWgX+iEM6CG1VjzVEfh/AoXk9wvfpDDe+9IBKHUGvynq4l5HQFryDlpkBlncBNeWAM0wuSMo22NuTo8S3tlF37bl4H4AUjjCk89cUbrHiTXxgsi+FZoDZuNtCAQELZxWTbelSlmXBqgp4Jy2rSmurXINlMOIqUxpD6K8v5I2+Tqr3wnUCJ6fGyqNCtTeCKWNzaCMGDyeBWVvUAZ6O078+l7+5xhP0tZADoCp4RKa2Oa1Yj9NYuFffsllRmHuhxj/JQGNipsSRs=,iv:3e6nKOKKrlPpQaKvfgJCHVcJD8t8jLbmlZlm2VJVNjg=,tag:GL/gmT+pQPG82eS09ywK7g==,type:str]
env: ENC[AES256_GCM,data:7t9Vv+S9LFzNIR/STpXzVeH9MCnog9Yb27gvrV3HGCWwN0139qvX36ja95iwLPpRK9SLFYTA+ToiMLiU4HK+imBC/4ZXbxKIPFGCoEx44fwxFrri/2s74BHLzGvo8kJujZ2GX+3TGSYxzqMB7VSIeBgefl9qu3Byn/hMJ4bTsBLjIrSAtlnhGbbGsU5xbU+sjPeqFHLmQm0vPYovW437j3/Ok+NxvxquKr+iPiCOuysldzaccOmuflrG8NhKZSAcAzJCiMVMyj7ERtUL6M4s+vdImVW1cDqavvXmt97v+pZPzGjrEeIzn8k9YUppvWYgN0tlL76mm4C9CbS6dMpaOXW6+s1ylPzdykhZ9Gq+Ye33qSs4Sw7taCplZr9T6c/UmBZ5ouABLHxiOuWPjUjyABhLvkMd2SLCsANOJOzgHWNpFERX5PFqeUWlSSVWoprWclUgBQ==,iv:pgEzAQHH/Vm66W+/QYulQc37/m3XJwY7krEBwgK0cTY=,tag:8BHfKFElXTFLRK6SINuRxw==,type:str]
sops:
kms: []
gcp_kms: []
@@ -30,8 +30,8 @@ sops:
amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-08T13:37:06Z"
mac: ENC[AES256_GCM,data:qOa5zdcTwutZvVKgrnrR66qJbWVRi36dyreqSZE5ugnGMIjAxQNewknCGk8/q9QUf22/84hHvEvO+uubm6tIIPOtmnfzUyhjk5vF+qPKDRE14lo1te0HZdgIJEi2dcjL7DyKBit4MqRBG+zQ/0eZ08/WIJtjGvMiRDl/e+Emq+I=,iv:gKMryS7SyTVKa1szEMT98gF7CCb96+6nUqQ2+j/lD0w=,tag:mn79m26+XxI2RJP989E4cw==,type:str]
lastmodified: "2024-11-08T14:30:52Z"
mac: ENC[AES256_GCM,data:Xrvfbm3JsCkalLrDbPVn9wnvmsNya3MSdK+EigsFHR90Ut7rNx0ol08nODDGeMNjNuNqVKfR6ppmb0fwU0LO/77SHgnfxTW5aueTGUlF+8H40IqeMqOKdGWCFxMFfi8XDmMjlQRzyIOrTYyL7yxetykP/T/p0uISldy8mhuc67M=,iv:wu4z2uC/jRrRhmD5ytUgLwU5MRy+/lWK9iW2NySOa5I=,tag:mlExbX4ojefFjUiY9p+dYw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0