From 0819f48d04e8756693586db6a6bd108ade62df6e Mon Sep 17 00:00:00 2001 From: Jacob Bachmann Date: Sat, 7 Sep 2024 22:00:02 +0200 Subject: [PATCH] feat: add anki --- hosts/APPA/services/adguard-home.nix | 4 ++ hosts/APPA/services/anki.nix | 59 ++++++++++++++++++++++++++++ hosts/APPA/services/default.nix | 1 + hosts/APPA/services/nginx.nix | 5 +++ secrets/passwords/anki/admin.age | 9 +++++ secrets/secrets.nix | 1 + 6 files changed, 79 insertions(+) create mode 100644 hosts/APPA/services/anki.nix create mode 100644 secrets/passwords/anki/admin.age diff --git a/hosts/APPA/services/adguard-home.nix b/hosts/APPA/services/adguard-home.nix index be9eb8a..82f5c90 100644 --- a/hosts/APPA/services/adguard-home.nix +++ b/hosts/APPA/services/adguard-home.nix @@ -38,6 +38,10 @@ domain = config.services.gitea.domain; answer = "192.168.2.40"; } + { + domain = "anki.dryb.org"; + answer = "192.168.2.40"; + } ]; }; dhcp = { diff --git a/hosts/APPA/services/anki.nix b/hosts/APPA/services/anki.nix new file mode 100644 index 0000000..3bc648a --- /dev/null +++ b/hosts/APPA/services/anki.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: +let + stateDir = "/var/lib/anki"; + user = "anki"; + group = "anki"; + host = "127.0.0.1"; + port = 8004; + + anki-sync-server-run = pkgs.writeShellScriptBin "anki-sync-server-run" '' + export SYNC_USER1=admin:"$(cat "$1")" + exec ${pkgs.anki-sync-server}/bin/anki-sync-server + ''; +in +{ + + users.users = { + "${user}" = { + description = "Anki Sync Server"; + home = stateDir; + createHome = true; + useDefaultShell = true; + group = group; + isSystemUser = true; + }; + }; + + users.groups = { + "${group}" = { }; + }; + + age.secrets.passwords-anki-admin = { + file = ../../../secrets/passwords/anki/admin.age; + mode = "640"; + owner = user; + group = group; + }; + + systemd.services.anki-sync-server = { + description = "anki-sync-server: Anki sync server built into Anki"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + SYNC_BASE = stateDir; + SYNC_HOST = host; + SYNC_PORT = toString port; + }; + + serviceConfig = { + Type = "simple"; + User = user; + Group = group; + ExecStart = "${anki-sync-server-run}/bin/anki-sync-server-run ${config.age.secrets.passwords-anki-admin.path}"; + Restart = "always"; + }; + }; + + networking.firewall.allowedTCPPorts = [ port ]; + +} diff --git a/hosts/APPA/services/default.nix b/hosts/APPA/services/default.nix index 3ef8546..0a2de03 100644 --- a/hosts/APPA/services/default.nix +++ b/hosts/APPA/services/default.nix @@ -1,6 +1,7 @@ { imports = [ ./adguard-home.nix + ./anki.nix ./gitea.nix ./homepage-dashboard.nix ./nginx.nix diff --git a/hosts/APPA/services/nginx.nix b/hosts/APPA/services/nginx.nix index e1a401c..caa25f2 100644 --- a/hosts/APPA/services/nginx.nix +++ b/hosts/APPA/services/nginx.nix @@ -17,6 +17,11 @@ proxyPass = "http://127.0.0.1:8003"; }; }; + virtualHosts."anki.dryb.org" = { + locations."/" = { + proxyPass = "http://127.0.0.1:8004"; + }; + }; }; networking.firewall = { diff --git a/secrets/passwords/anki/admin.age b/secrets/passwords/anki/admin.age new file mode 100644 index 0000000..0210eda --- /dev/null +++ b/secrets/passwords/anki/admin.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 OFTJeQ qy/IlsEuP0XEawKBvyf9nIsmARBbYDUtouzhieRxFB0 +2213E7TV/oEGhALPuNFAIwuumgMRx486ByZNysUw/08 +-> ssh-ed25519 lfMVeg 2wp3FfkpCQuVxOXF2ktm/U2GTgyzuApgVEF0QZvpXxQ +xiQAwbQRCm+Gb7O9Fcmz+rc04iLtqx0nLWAVYLQPqqE +-> ssh-ed25519 ueRyzQ 6wgTBHLIsmLGq2xfsjMUsTiiASd9GZQhxw52wxHRBGA +AJ9KNhbddyGNmQU87g/HAVGr/wmA/oW87Y1wbiLpvDA +--- jSgMMjdLvp9KbRehjZuxUdqw5ZeAemjT/4hugiQ4j6s + q,K?۝ 'c;i~DOc$ }j`᠏ |g5e+d11JerI \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 268495e..32a13f7 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,4 +20,5 @@ let in { "passwords/gitea/db.age".publicKeys = users ++ [ APPA ]; + "passwords/anki/admin.age".publicKeys = users ++ [ APPA ]; }