From dbbed7117a5fab4aa881fe8729e80fd382d6f54d Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Wed, 1 Oct 2025 18:40:39 +0000 Subject: [PATCH] Set up reverse proxy, configure hostname It was rather rediculously hard to get the CSRF settings correct. I don't think I can register new users on anything but the commandline at this point via: podman exec -it podman-label-studio /bin/bash label-studio start --username --password Where should actually be an email. --- modules/system/label-studio.nix | 3 +++ secrets/label-studio.env | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/system/label-studio.nix b/modules/system/label-studio.nix index 57dc9e6..3763cc2 100644 --- a/modules/system/label-studio.nix +++ b/modules/system/label-studio.nix @@ -4,6 +4,9 @@ with lib; options.myModules.label-studio.enable = mkEnableOption "custom label-studio configuration"; config = mkIf config.myModules.label-studio.enable { + services.caddy.virtualHosts."label-studio.gleipnir.technology".extraConfig = '' + reverse_proxy http://localhost:10070 + ''; services.postgresql = { ensureDatabases = [ "label-studio" ]; ensureUsers = [{ diff --git a/secrets/label-studio.env b/secrets/label-studio.env index 25260f3..276b0fb 100644 --- a/secrets/label-studio.env +++ b/secrets/label-studio.env @@ -1,9 +1,11 @@ +CSRF_TRUSTED_ORIGINS=ENC[AES256_GCM,data:HPYhZbUzzX4hllx+vxukvBt5pQmhtuQOyUdMMcN2Tfyb5qoFCp6bNg==,iv:6kPzUq/vVb6BcdDR/416sayXtdbzrMK8R4YzF5oFcpw=,tag:ti60NmwO+HXP9T9Svan27w==,type:str] DJANGO_DB=ENC[AES256_GCM,data:5p2whEaP0g==,iv:IDLzn0xPKr63sd5wThrSIvqTWtcjkdc3iGje9HEb++I=,tag:pfGm8XSkufXEbewM5vtzTQ==,type:str] +LABEL_STUDIO_HOST=ENC[AES256_GCM,data:gMfXulE5Bi51D3Aqg3mYKcBWv6FUey5MeY6CWTxu8Y3FpTCYwMQTaQ==,iv:s5HIQ53jXa8V8GbGrWCDRZr+XKTcqo7bwQya9c8e85A=,tag:6wp9YCz4Dew9Aqw0ra7rjg==,type:str] POSTGRE_NAME=ENC[AES256_GCM,data:/wWte4TeVcdXOvnr,iv:3PuvF5pxB5uQNGIOXXD1W+W0o0juWGBjQgy+dRbPUes=,tag:4ubNBGK+dXpGQKznfHvThA==,type:str] POSTGRE_USER=ENC[AES256_GCM,data:LP53XnRnWw+oZ89v,iv:wWXhT7aES7G/HDIWEj9Pr7rXVhJMOeZHXznOELwIky8=,tag:iKgc09fO0d7fpoU5uZQocA==,type:str] POSTGRE_PASSWORD= POSTGRE_PORT=ENC[AES256_GCM,data:QYIANQ==,iv:AAvgTBLZ6rSnyo3of4PS4TKyIigsqiacEgsoswSCBvY=,tag:6yPCo8vUWHMU8P4CC86I2g==,type:str] -POSTGRE_HOST=ENC[AES256_GCM,data:lnqp/CVqL80QWU1s1Z3S,iv:rvx0cDQdjPd3DxePvNBsMVeJcFGwwKew4pIHtkIFeSw=,tag:fcOv++6Dr2StC8LgqnmyBA==,type:str] +POSTGRE_HOST=ENC[AES256_GCM,data:xWCzr+P+ZcjiSJhBidUQ,iv:VURrsclkJ9/VjbuCGTavrVOHBo1Vb8UzvIYVhbINpDo=,tag:l8YZ0WenX1oM00oLvTsBtw==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUXlUYkF1NmkzOEIzR0lJ\nRklXZGx3c1lpbjRkYkJXRjIwamtwU3hOUGhFCkJ1SnYxek9qVzA0RC95dGxwVjg0\nWDY3RlExWFZpWEUzTGdsT1JOeUxoN2cKLS0tIDdsWHZmVy94RVR2NWhRYjc1RWFu\nd1J4UkxsODVXd0F5cG43NlRPRmlXSFUKLzbLUI1xkY/mIf6AwjPiyZjsh/tdt1hr\n6ckHmwP2a2kWId5OxLSc+LbPOhlpFbPAJUHaEar1vvAkNpnH+/jgLA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmV24yb3NnYW1TeUdrdU1i\na1k5RHd3MkFQeHA4eURudVZkbEZSd2RYWUdzCjYxVjBraTFPUVRDc2IzSFdqN3NC\naERqbTZEQmFGQ1VhbXBWRVhWeG9TczQKLS0tIDZZVEtIU210ZldzSnpxNzNrbXRP\najBSaitoejVOMHhkUGlGSnlCS01tN1kKja04tl4il7cbnohzlhxqOjy6bI5gWKvi\nIOIEJR611q1WCEbbrYwhZgEnN/KBAwaPLRJqqT9CEPu9TV/4Op/I1g==\n-----END AGE ENCRYPTED FILE-----\n @@ -16,7 +18,7 @@ sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb2 sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cGJzeU51NjIzWXdCd3Fu\nZmlTVXlzQzVCUXVhRFZ1czkrRHpGbVRmRFE0Ci9HL3JKbnEwQWdRTDVObGh3UllD\ncXJuYkhkOFVyTithV3kyOUxKOFJHTVUKLS0tIE50ZzdEU3h1eXBrb1VMUHliYlBq\nK2hGTFFDS051MUp4c0JRaHB1YStjTncKAyVBB3UTdhguN7Nm7cfTN3E3aaInBi0y\nNdnp+ntwHSwdBKYvChA0eCR+32WjaW3Kfifj0wW3X/0Uh2RqGCsX8g==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7 -sops_lastmodified=2025-10-01T18:11:58Z -sops_mac=ENC[AES256_GCM,data:WOjhvA32tdUrpT1ebMnY855bxfCHp5Npawapv/K1ONWN5oBocDewZ3OjxKCoZMped9lsUMfqN6DfUH9JCTGcBFxKEaNIPMMY2RpDD6oMe2h0Pu8rAD7FvDBYvrkFS1uhlrfhKD62CKdbHyUZmMrh8TinVpRA3mMah8AjjdW8cF8=,iv:gh+//1P50CW46sJjS3u65C5Nx6V8YSkBdM/ycqlwHuc=,tag:EYpBfElcbNVUF2oE0s40Cw==,type:str] +sops_lastmodified=2025-10-01T18:37:01Z +sops_mac=ENC[AES256_GCM,data:5yAVptga9fPDoieMkR7EH/xztQDLHHTKvwBNQb8G7CDyGlklfMdb8UVtQm9zVAoER1dZdd7ZsZognkaQxJqAUMdP5KfTd/y6rkCiW45vp8YG9hmyZehpsvpZ0QO/ahWiLyDD++cIjbAQE4PAUirj7g1ZHQktD+2B+btT+s7qyTM=,iv:0LWsx+fyHR0ekaGfdbNYRzz9ss+QhxJi6K5YUvWhREQ=,tag:cLNcLNY1WcpGoJo1TsuoGw==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.10.2