lab: add sftpgo as a web client

Related to #142

.github/workflows/check.yml

@@ -110,6 +110,19 @@ jobs:
         # https://github.com/NixOS/nix/issues/8881
         run: nix build --option sandbox false --print-build-logs .#checks.x86_64-linux.lab-restic-test
 
+  nix-flake-check-lab-sftpgo:
+    # Run after flake check
+    needs: [nix-flake-check-no-build]
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/[email protected]
+      - uses: DeterminateSystems/nix-installer-action@v13
+      - uses: DeterminateSystems/magic-nix-cache-action@v7
+      - name: nix build
+        # nix flake check doesn't have a way to specify a specific test to run
+        # https://github.com/NixOS/nix/issues/8881
+        run: nix build --option sandbox false --print-build-logs .#checks.x86_64-linux.lab-sftpgo-test
+
   nix-flake-check-vps-wagtail:
     # Run after flake check
     needs: [nix-flake-check-no-build]

flake.nix

@@ -134,6 +134,7 @@
             lab-bitwarden-test = import ./tests/lab-bitwarden.nix checkArgs;
             lab-immich-test = import ./tests/lab-immich.nix checkArgs;
             lab-restic-test = import ./tests/lab-restic.nix checkArgs;
+            lab-sftpgo-test = import ./tests/lab-sftpgo.nix checkArgs;
             vps-wagtail-test = import ./tests/vps-wagtail.nix checkArgs;
           };
       };

nixos/hosts/lab/default.nix

@@ -17,6 +17,7 @@
     ./immich
     ./rathole
     ./restic
+    ./sftpgo
   ];
 
   # System76 Pangolin Performance uses BIOS so we need to disable systemd-boot and use grub

nixos/hosts/lab/rathole/compose.rathole.sftpgo.yml

@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <[email protected]>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+services:
+  rathole:
+    links:
+      - sftpgo

nixos/hosts/lab/rathole/default.nix

@@ -13,7 +13,8 @@
     ahayzen.docker-compose-files = [ ./compose.rathole.yml ]
       ++ lib.optional config.ahayzen.lab.actual ./compose.rathole.actual.yml
       ++ lib.optional config.ahayzen.lab.bitwarden ./compose.rathole.bitwarden.yml
-      ++ lib.optional config.ahayzen.lab.immich ./compose.rathole.immich.yml;
+      ++ lib.optional config.ahayzen.lab.immich ./compose.rathole.immich.yml
+      ++ lib.optional config.ahayzen.lab.sftpgo ./compose.rathole.sftpgo.yml;
 
     age.secrets = lib.mkIf (!config.ahayzen.testing) {
       rathole_toml = {

nixos/hosts/lab/rathole/rathole.vm.toml

@@ -21,3 +21,6 @@ local_addr = "bitwarden:8080"
 
 [client.services.immich]
 local_addr = "immich-server:3001"
+
+[client.services.sftpgo]
+local_addr = "sftpgo:8080"

nixos/hosts/lab/sftpgo/compose.sftpgo.yml

@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <[email protected]>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+services:
+  sftpgo:
+    image: docker.io/drakkan/sftpgo:v2.6.2@sha256:05b8e197e796366f955a3816b42a8ed29a9ef400c0da23ecc62bbc22748d4ab8
+    environment:
+      # Allow for connections to continue for 5s before killing
+      SFTPGO_GRACE_TIME: 5
+      # Disable SFTP
+      SFTPGO_SFTPD__BINDINGS__0__PORT: 0
+    expose:
+      - 8080
+    restart: unless-stopped
+    volumes:
+      # SFTP backups
+      - /mnt/mapping-data-user1000/app/sftpgo/backups:/srv/sftpgo/backups
+      # SFTPGo home
+      - /mnt/mapping-data-user1000/user:/srv/sftpgo/data
+      # SFTP settings
+      - /var/lib/docker-compose-runner-user1000/sftpgo:/var/lib/sftpgo
+      # Other data
+      - /mnt/mapping-data-user1000/camera:/mnt/data/camera:ro

nixos/hosts/lab/sftpgo/default.nix

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <[email protected]>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+{ config, options, lib, pkgs, ... }:
+{
+  options.ahayzen.lab.sftpgo = lib.mkOption {
+    default = true;
+    type = lib.types.bool;
+  };
+
+  config = lib.mkIf (config.ahayzen.lab.sftpgo) {
+    ahayzen = {
+      docker-compose-files = [ ./compose.sftpgo.yml ];
+
+      # Take a snapshot of the database daily
+      periodic-daily-commands = [
+        ''/run/wrappers/bin/sudo --user=unpriv ${pkgs.sqlite}/bin/sqlite3 /var/lib/docker-compose-runner/sftpgo/sftpgo.db ".backup /var/lib/docker-compose-runner/sftpgo/sftpgo-snapshot-$(date +%w).db"''
+      ];
+    };
+  };
+}

nixos/hosts/vps/homepage/services.yaml

@@ -22,3 +22,9 @@
         icon: bitwarden.png
         description: "The #1 most trusted password manager"
         siteMonitor: "http://rathole:8080"
+
+    - SFTPGo:
+        href: https://home.hayzen.com/sftpgo/
+        icon: sftpgo.png
+        description: "Bring your file transfers anywhere"
+        siteMonitor: "http://rathole:8880"

nixos/hosts/vps/rathole/rathole.Caddyfile

@@ -8,6 +8,13 @@
 # eg actual IN CNAME ahayzen.com.
 #
 
+home.hayzen.uk {
+    # SFTPGo proxy
+    handle_path /sftpgo/* {
+        reverse_proxy rathole:8880
+    }
+}
+
 # Actual proxy
 actual.ahayzen.com {
     reverse_proxy rathole:8506

nixos/hosts/vps/rathole/rathole.vm.toml

@@ -14,3 +14,6 @@ bind_addr = "0.0.0.0:8080"
 
 [server.services.immich]
 bind_addr = "0.0.0.0:8301"
+
+[server.services.sftpgo]
+bind_addr = "0.0.0.0:8880"

tests/lab-actual.nix

@@ -89,6 +89,7 @@
           immich = false;
           rathole = true;
           restic = false;
+          sftpgo = false;
         };
       };
 

tests/lab-bitwarden.nix

@@ -89,6 +89,7 @@
           immich = false;
           rathole = true;
           restic = false;
+          sftpgo = false;
         };
       };
 

tests/lab-immich.nix

@@ -89,6 +89,7 @@
           immich = true;
           rathole = true;
           restic = false;
+          sftpgo = false;
         };
       };
 

tests/lab-restic.nix

@@ -28,6 +28,7 @@
           immich = false;
           rathole = false;
           restic = true;
+          sftpgo = false;
         };
       };