From 465725894cd4b9f5e2d5b3e7e587edce44324b1e Mon Sep 17 00:00:00 2001 From: teidesu Date: Tue, 16 Jul 2024 22:57:04 +0300 Subject: [PATCH] feat(koi): verdaccio instance --- hosts/koi/configuration.nix | 1 + .../containers/verdaccio/config/config.yaml | 38 +++++++++++++ hosts/koi/containers/verdaccio/default.nix | 56 +++++++++++++++++++ hosts/koi/services/coredns.nix | 1 + secrets/verdaccio-htpasswd.age | 5 ++ 5 files changed, 101 insertions(+) create mode 100644 hosts/koi/containers/verdaccio/config/config.yaml create mode 100644 hosts/koi/containers/verdaccio/default.nix create mode 100644 secrets/verdaccio-htpasswd.age diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix index 56cd748..97316cf 100755 --- a/hosts/koi/configuration.nix +++ b/hosts/koi/configuration.nix @@ -23,6 +23,7 @@ ./containers/torrent.nix ./containers/puffer.nix ./containers/vaultwarden.nix + ./containers/verdaccio ./containers/sharkey ./containers/pds ./containers/zond diff --git a/hosts/koi/containers/verdaccio/config/config.yaml b/hosts/koi/containers/verdaccio/config/config.yaml new file mode 100644 index 0000000..add3a3d --- /dev/null +++ b/hosts/koi/containers/verdaccio/config/config.yaml @@ -0,0 +1,38 @@ +# path to a directory with all packages +storage: /verdaccio/storage + +web: + enable: true + title: alina's personal registry + primary_color: "#be15dc" + +uplinks: + npmjs: + url: https://registry.npmjs.org/ + +auth: + htpasswd: + file: /verdaccio/htpasswd + max_users: -1 # disable registrations +security: + api: + jwt: + sign: + expiresIn: 60d + notBefore: 1 + web: + sign: + expiresIn: 60d + +packages: + '**': + access: $all + publish: $authenticated + +middlewares: + audit: + enabled: true + +logs: + - { type: stdout, format: pretty, level: trace } + diff --git a/hosts/koi/containers/verdaccio/default.nix b/hosts/koi/containers/verdaccio/default.nix new file mode 100644 index 0000000..8930f6c --- /dev/null +++ b/hosts/koi/containers/verdaccio/default.nix @@ -0,0 +1,56 @@ +{ abs, pkgs, config, ... } @ inputs: + +let + secrets = import (abs "lib/secrets.nix"); + trivial = import (abs "lib/trivial.nix") inputs; + + configDrv = trivial.storeDirectory ./config; + + UID = 1100; +in { + imports = [ + (secrets.declare [{ + name = "verdaccio-htpasswd"; + owner = "verdaccio"; + }]) + ]; + + users.users.verdaccio = { + isNormalUser = true; + uid = UID; + }; + + virtualisation.oci-containers.containers.verdaccio = { + image = "verdaccio/verdaccio:5.31@sha256:c77fec2127a1c3d17fc0795786f1e1bd88258e6d7af1835786ced4f7c7287da8"; + volumes = [ + "${configDrv}:/verdaccio/conf" + "${secrets.file config "verdaccio-htpasswd"}:/verdaccio/htpasswd" + "/srv/verdaccio/storage:/verdaccio/storage" + "/srv/verdaccio/plugins:/verdaccio/plugins" + ]; + environment = { + VERDACCIO_PUBLIC_URL = "https://npm.tei.su"; + }; + user = builtins.toString UID; + }; + + systemd.tmpfiles.rules = [ + "d /srv/verdaccio 0755 verdaccio verdaccio -" + ]; + + services.nginx.virtualHosts."npm.tei.su" = { + forceSSL = true; + useACMEHost = "tei.su"; + + locations."/" = { + proxyPass = "http://verdaccio.docker:4873/"; + + # https://verdaccio.org/docs/reverse-proxy + extraConfig = '' + proxy_set_header X-Forwarded-For $http_x_forwarded_for; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + ''; + }; + }; +} \ No newline at end of file diff --git a/hosts/koi/services/coredns.nix b/hosts/koi/services/coredns.nix index dbc75cf..ef3e2d8 100644 --- a/hosts/koi/services/coredns.nix +++ b/hosts/koi/services/coredns.nix @@ -53,6 +53,7 @@ in docker:53 { import local_only docker { + domain docker compose_domain docker } } diff --git a/secrets/verdaccio-htpasswd.age b/secrets/verdaccio-htpasswd.age new file mode 100644 index 0000000..47a6298 --- /dev/null +++ b/secrets/verdaccio-htpasswd.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 sj88Xw yItJ/mDVaS/n0uLV5hPzM+x4+5r5i8jcuCvkKb1PI1o +HltOTI1jVrUqDdKnqONIQSwTvUFst4Gy+y0pFiynk2o +--- +n21OZb7XyusqWn3aLHIDpuywQK8h961cvI1/JuU4DM +<1ÕÕjRíêŠfmø¸‰ôR#pu”ê9ÎâxÀ¤ZGÁé~ïTº\æ5Ãé4UP”å¾ÍŒ6X’< h˜7HMžDú•n4Ï¿d-®œD«  \ No newline at end of file