thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:0f0dc24de08771ce6e74676b2cfdbfc65c33986e
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:007038f1be1d44f04194b5c29d7efa7c52a50eee
Branches Tags
thunderbottom:main
thunderbottom:master

No commits in common. "0f0dc24de08771ce6e74676b2cfdbfc65c33986e" and "007038f1be1d44f04194b5c29d7efa7c52a50eee" have entirely different histories.
0f0dc24de0 ... 007038f1be

7 changed files with 10 additions and 71 deletions
Show Stats Expand all files Collapse all files

2
machines/trench/default.nix
View File

@ -4,11 +4,9 @@
../../modules/commons ../../modules/commons
../../modules/nixos/core-server.nix ../../modules/nixos/core-server.nix
../../modules/nixos/user-group.nix ../../modules/nixos/user-group.nix
../../modules/programs/nginx.nix
../../modules/programs/nixvim ../../modules/programs/nixvim
../../modules/programs/nomad ../../modules/programs/nomad
../../modules/programs/gitea ../../modules/programs/gitea
../../modules/programs/vaultwarden
]; ];
environment.systemPackages = with pkgs; [tailscale]; environment.systemPackages = with pkgs; [tailscale];

2
modules/nixos/core-server.nix
View File

@ -83,6 +83,4 @@
# Required for containers with `--restart=always` # Required for containers with `--restart=always`
enableOnBoot = true; enableOnBoot = true;
}; };
zramSwap.enable = true;
} }

10
modules/programs/gitea/default.nix
View File

@ -66,7 +66,17 @@ in {
}; };
users.groups.git = {}; users.groups.git = {};
security.acme = {
acceptTerms = true;
email = "chinmaydpai@gmail.com";
};
services.nginx = { services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
serverName = "${domain}"; serverName = "${domain}";

14
modules/programs/nginx.nix
View File

@ -1,14 +0,0 @@
{...}: {
security.acme = {
acceptTerms = true;
email = "chinmaydpai@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
};
}

52
modules/programs/vaultwarden/default.nix
View File

@ -1,52 +0,0 @@
{
config,
pkgs,
...
}: let
domain = "bw.deku.moe";
in {
age.secrets.vaultwarden = {
file = ../../../secrets/vaultwarden.age;
owner = "vaultwarden";
group = "vaultwarden";
};
services.vaultwarden = {
enable = true;
package = pkgs.vaultwarden;
environmentFile = config.age.secrets.vaultwarden.path;
dbBackend = "postgresql";
config = {
domain = "https://${domain}";
signupsAllowed = false;
rocketAddress = "127.0.0.1";
rocketPort = 33003;
databaseUrl = "postgres:///vaultwarden?host=/var/run/postgresql";
};
};
services.postgresql.ensureDatabases = ["vaultwarden"];
services.postgresql.ensureUsers = [
{
name = "vaultwarden";
ensureDBOwnership = true;
}
];
services.nginx = {
virtualHosts = {
"${domain}" = {
serverName = "${domain}";
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}/";
};
};
};
};
}

1
secrets/secrets.nix
View File

@ -10,5 +10,4 @@ let
users = thunderbottom ++ codingcoffee; users = thunderbottom ++ codingcoffee;
in { in {
"gitea.age".publicKeys = users ++ servers; "gitea.age".publicKeys = users ++ servers;
"vaultwarden.age".publicKeys = users ++ servers;
} }

BIN
secrets/vaultwarden.age
View File

Binary file not shown.