Compare commits
No commits in common. "0f0dc24de08771ce6e74676b2cfdbfc65c33986e" and "007038f1be1d44f04194b5c29d7efa7c52a50eee" have entirely different histories.
0f0dc24de0
...
007038f1be
@ -4,11 +4,9 @@
|
||||
../../modules/commons
|
||||
../../modules/nixos/core-server.nix
|
||||
../../modules/nixos/user-group.nix
|
||||
../../modules/programs/nginx.nix
|
||||
../../modules/programs/nixvim
|
||||
../../modules/programs/nomad
|
||||
../../modules/programs/gitea
|
||||
../../modules/programs/vaultwarden
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [tailscale];
|
||||
|
@ -83,6 +83,4 @@
|
||||
# Required for containers with `--restart=always`
|
||||
enableOnBoot = true;
|
||||
};
|
||||
|
||||
zramSwap.enable = true;
|
||||
}
|
||||
|
@ -66,7 +66,17 @@ in {
|
||||
};
|
||||
users.groups.git = {};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "chinmaydpai@gmail.com";
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
serverName = "${domain}";
|
||||
|
@ -1,14 +0,0 @@
|
||||
{...}: {
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "chinmaydpai@gmail.com";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
}
|
@ -1,52 +0,0 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
domain = "bw.deku.moe";
|
||||
in {
|
||||
age.secrets.vaultwarden = {
|
||||
file = ../../../secrets/vaultwarden.age;
|
||||
owner = "vaultwarden";
|
||||
group = "vaultwarden";
|
||||
};
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
package = pkgs.vaultwarden;
|
||||
|
||||
environmentFile = config.age.secrets.vaultwarden.path;
|
||||
dbBackend = "postgresql";
|
||||
|
||||
config = {
|
||||
domain = "https://${domain}";
|
||||
signupsAllowed = false;
|
||||
|
||||
rocketAddress = "127.0.0.1";
|
||||
rocketPort = 33003;
|
||||
|
||||
databaseUrl = "postgres:///vaultwarden?host=/var/run/postgresql";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql.ensureDatabases = ["vaultwarden"];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "vaultwarden";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
serverName = "${domain}";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -10,5 +10,4 @@ let
|
||||
users = thunderbottom ++ codingcoffee;
|
||||
in {
|
||||
"gitea.age".publicKeys = users ++ servers;
|
||||
"vaultwarden.age".publicKeys = users ++ servers;
|
||||
}
|
||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user