diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index 8ee960f..7024c1a 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -14,7 +14,7 @@ services.openssh.passwordAuthentication = false; networking = { hostName = "lkk-nix-1"; - firewall.enable = false; + firewall.enable = true; firewall.allowedTCPPortRanges = [{ from = 3000; to = 3100; @@ -30,6 +30,8 @@ secrets = { mj-smtp-user.file = ../../secrets/mj-smtp-user.age; mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age; + + billbee-api-key.file = ../secrets/billbee-api-key.age; }; identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; }; diff --git a/hosts/lkk-nix-1/services/containers/baserow.nix b/hosts/lkk-nix-1/services/containers/baserow.nix index eef7a0f..92c6ee4 100644 --- a/hosts/lkk-nix-1/services/containers/baserow.nix +++ b/hosts/lkk-nix-1/services/containers/baserow.nix @@ -1,6 +1,6 @@ { config, outputs, ...}: { virtualisation.oci-containers.containers."baserow" = { - image = "docker.io/baserow/baserow:1.13.3"; + image = "docker.io/baserow/baserow:1.14.0"; environment = { BASEROW_PUBLIC_URL = "https://db.lanakk.com"; EMAIL_SMTP = "in-v3.mailjet.com"; @@ -15,7 +15,12 @@ }; services.caddy.extraConfig = '' db.lanakk.com { - reverse_proxy localhost:3001 + reverse_proxy localhost:3001 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + } } ''; diff --git a/hosts/lkk-nix-1/services/n8n.nix b/hosts/lkk-nix-1/services/n8n.nix index dd16a87..6249845 100644 --- a/hosts/lkk-nix-1/services/n8n.nix +++ b/hosts/lkk-nix-1/services/n8n.nix @@ -9,7 +9,7 @@ }; }; systemd.services.n8n.environment = { - BILLBEE_API_KEY = "12345"; + BILLBEE_API_KEY = config.age.secrets.bilbee-api-key.path;; }; services.caddy.extraConfig = '' wf.lanakk.com { diff --git a/secrets.nix b/secrets.nix index b485410..967defc 100644 --- a/secrets.nix +++ b/secrets.nix @@ -3,4 +3,6 @@ let in { "mj-smtp-user.age".publicKeys = [ root ]; "mj-smtp-pass.age".publicKeys = [ root ]; + + "billbee-api-key.age".publicKeys = [ root ]; } diff --git a/secrets/billbee-api-key.age b/secrets/billbee-api-key.age new file mode 100644 index 0000000..d616890 --- /dev/null +++ b/secrets/billbee-api-key.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-rsa DQlE7w +hsfO6BW9zwZ2Uii6c/Dl5o7z4rrYoMw0nQlWCx+2breLo2ye4RQD677onmQ2e0Ke +82jseYfcziCl7VtRh5UrDjij3SEdGaYGj8dPQWhYo5/MamZkYM/YVSLhrnKryVeN +Rg8PDIytDbS5ZXy9SiVt9ZqCg/UqCs/Kz00cYIT8DiKt7Xx+PfyA7Vrl7DXKKYPa +o1xZF67AYVb575jnZO4UxmbFpSJBa+KF9/U/ZMQS0ldaHX5mSID86llvbvJV0zTY +aHTyNPCYSUMrI/rbO3au4hOy3YLenfeKDgv4TkK7fxt7EsCFM4vbDuLcycA71/W/ +KoRS3LgdcLHonUbnOu9fx37yAteYF2MI4Qk5EfqEMi4NO+BVhro4zs5rQXthdtAb +d5XBEL1+RlY38a7wL0Z/YqRb7oWo++TcMcsuvZjxRAU+TyZN0Vp5yDPhICS8sife +Q4EXpNEcJKS2312xpZ0dXw71O8oXo+my0ExvBHJj7NF4Xdq/FKoUguJC36Yse3CZ + +-> XXd~>vui-grease A,Rdm +{~m? HWTg'I9 oeNG +lj0k8zN4AnwtVkHbRlLVkOg +--- LjepOuTYZK+lgRjTbmLgyIBHDCFEYzxMSvAA15/Rw08 + ÊÃM›Œû™~Г7WGÀ,®ß£Üm®Å· rÂ}䋤=ýHɨ°/™ÄUðBFÒup,R