harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(sgx): add opencode web server

Browse source
This commit is contained in:
Harald Hoyer 2026-05-03 14:49:44 +02:00
parent f74928ce5f
commit 0989b8ae46
4 changed files with 60 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
systems/x86_64-linux/sgx/acme.nix
View file

@ -18,6 +18,7 @@
"status.hoyer.world"
"firefly.hoyer.world"
"firefly-import.hoyer.world"
"opencode.sgx.hoyer.world"
];
};
};

1
systems/x86_64-linux/sgx/default.nix
View file

@ -13,6 +13,7 @@
./searx.nix
./uptime-kuma.nix
./firefly.nix
./opencode.nix
];
boot.tmp.useTmpfs = false;

12
systems/x86_64-linux/sgx/nginx.nix
View file

@ -41,5 +41,17 @@
proxyWebsockets = true;
};
};
"opencode.sgx.hoyer.world" = {
enableACME = false;
useACMEHost = "internal.hoyer.world";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4196";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
};
}

46
systems/x86_64-linux/sgx/opencode.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
pkgs,
lib,
...
}:
let
port = 4196;
user = "harald";
homeDir = "/home/harald";
in
{
systemd.services.opencode-serve = {
description = "OpenCode Web Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HOME = homeDir;
};
serviceConfig = {
Type = "simple";
User = user;
Group = "users";
WorkingDirectory = homeDir;
ExecStart = "${pkgs.opencode}/bin/opencode serve --hostname 127.0.0.1 --port ${toString port}";
Restart = "always";
RestartSec = 5;
EnvironmentFile = config.sops.secrets.opencode-web-password.path;
# Security hardening
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = false;
NoNewPrivileges = true;
ReadWritePaths = [ homeDir ];
};
};
sops.secrets.opencode-web-password = {
sopsFile = ../../../.secrets/sgx/opencode-web.yaml;
owner = user;
};
}