Compare commits
2 Commits
007038f1be
...
0f0dc24de0
Author | SHA1 | Date | |
---|---|---|---|
0f0dc24de0 | |||
0e2abbd17b |
@ -4,9 +4,11 @@
|
|||||||
../../modules/commons
|
../../modules/commons
|
||||||
../../modules/nixos/core-server.nix
|
../../modules/nixos/core-server.nix
|
||||||
../../modules/nixos/user-group.nix
|
../../modules/nixos/user-group.nix
|
||||||
|
../../modules/programs/nginx.nix
|
||||||
../../modules/programs/nixvim
|
../../modules/programs/nixvim
|
||||||
../../modules/programs/nomad
|
../../modules/programs/nomad
|
||||||
../../modules/programs/gitea
|
../../modules/programs/gitea
|
||||||
|
../../modules/programs/vaultwarden
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [tailscale];
|
environment.systemPackages = with pkgs; [tailscale];
|
||||||
|
@ -83,4 +83,6 @@
|
|||||||
# Required for containers with `--restart=always`
|
# Required for containers with `--restart=always`
|
||||||
enableOnBoot = true;
|
enableOnBoot = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
zramSwap.enable = true;
|
||||||
}
|
}
|
||||||
|
@ -66,17 +66,7 @@ in {
|
|||||||
};
|
};
|
||||||
users.groups.git = {};
|
users.groups.git = {};
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
email = "chinmaydpai@gmail.com";
|
|
||||||
};
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
serverName = "${domain}";
|
serverName = "${domain}";
|
||||||
|
14
modules/programs/nginx.nix
Normal file
14
modules/programs/nginx.nix
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
{...}: {
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
email = "chinmaydpai@gmail.com";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
};
|
||||||
|
}
|
52
modules/programs/vaultwarden/default.nix
Normal file
52
modules/programs/vaultwarden/default.nix
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
domain = "bw.deku.moe";
|
||||||
|
in {
|
||||||
|
age.secrets.vaultwarden = {
|
||||||
|
file = ../../../secrets/vaultwarden.age;
|
||||||
|
owner = "vaultwarden";
|
||||||
|
group = "vaultwarden";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.vaultwarden;
|
||||||
|
|
||||||
|
environmentFile = config.age.secrets.vaultwarden.path;
|
||||||
|
dbBackend = "postgresql";
|
||||||
|
|
||||||
|
config = {
|
||||||
|
domain = "https://${domain}";
|
||||||
|
signupsAllowed = false;
|
||||||
|
|
||||||
|
rocketAddress = "127.0.0.1";
|
||||||
|
rocketPort = 33003;
|
||||||
|
|
||||||
|
databaseUrl = "postgres:///vaultwarden?host=/var/run/postgresql";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql.ensureDatabases = ["vaultwarden"];
|
||||||
|
services.postgresql.ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "vaultwarden";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"${domain}" = {
|
||||||
|
serverName = "${domain}";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -10,4 +10,5 @@ let
|
|||||||
users = thunderbottom ++ codingcoffee;
|
users = thunderbottom ++ codingcoffee;
|
||||||
in {
|
in {
|
||||||
"gitea.age".publicKeys = users ++ servers;
|
"gitea.age".publicKeys = users ++ servers;
|
||||||
|
"vaultwarden.age".publicKeys = users ++ servers;
|
||||||
}
|
}
|
||||||
|
BIN
secrets/vaultwarden.age
Normal file
BIN
secrets/vaultwarden.age
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user