diff --git a/modules/modules.nix b/modules/modules.nix index ada6071..a5e3470 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -40,6 +40,7 @@ in ./nix/build.nix ./users/nixremote.nix ./network/firewall.nix + ./network/nginx.nix ]; options.my = { localhost = lib.mkOption { diff --git a/modules/network/nginx.nix b/modules/network/nginx.nix new file mode 100644 index 0000000..c7ce57e --- /dev/null +++ b/modules/network/nginx.nix @@ -0,0 +1,100 @@ +{ lib, config, ... }: +let + setup = import ../servers/setup.nix { inherit lib config; }; + + standardProxyServices = { + "firefox-syncserver" = { + type = "proxyReverse"; + }; + "readeck" = { + type = "proxyReverse"; + }; + "microbin" = { + type = "proxyReverse"; + }; + "ryot" = { + type = "proxyReverse"; + }; + "bazarr" = { + type = "proxyReverse"; + }; + "shiori" = { + type = "proxyReverse"; + }; + "metube" = { + type = "proxyReverse"; + }; + "maloja" = { + type = "proxyReverse"; + }; + "vaultwarden" = { + type = "proxyReverse"; + }; + "mealie" = { + type = "proxyReverse"; + }; + "kavita" = { + type = "proxyReverse"; + }; + "multi-scrobbler" = { + type = "proxyReverse"; + }; + "nix-serve" = { + type = "proxyReverse"; + }; + "audiobookshelf" = { + type = "proxyReverseFix"; + }; + "lidarr" = { + type = "proxyReverseFix"; + }; + "gitea" = { + type = "proxyReverseFix"; + }; + "prowlarr" = { + type = "proxyReverseFix"; + }; + "ombi" = { + type = "proxyReverseFix"; + }; + "radarr" = { + type = "proxyReverseFix"; + }; + "sonarr" = { + type = "proxyReverseFix"; + }; + "stash" = { + type = "proxyReverseFix"; + }; + "atticd" = { + type = "proxyReverseFix"; + }; + "homepage" = { + type = "proxyReversePrivate"; + }; + }; + + generateProxyConfig = + serviceName: serviceConfig: + let + cfg = config.my.servers.${serviceName}; + proxyFunc = + if serviceConfig.type == "proxyReverse" then + setup.proxyReverse + else if serviceConfig.type == "proxyReverseFix" then + setup.proxyReverseFix + else if serviceConfig.type == "proxyReversePrivate" then + setup.proxyReversePrivate + else + throw "Unknown proxy type: ${serviceConfig.type}"; + in + lib.nameValuePair cfg.host (lib.mkIf cfg.enableProxy (proxyFunc cfg)); + + standardProxyConfigs = lib.mapAttrs' generateProxyConfig standardProxyServices; + +in +{ + config = lib.mkIf config.my.enableProxy { + services.nginx.virtualHosts = standardProxyConfigs; + }; +} diff --git a/modules/servers/atticd.nix b/modules/servers/atticd.nix index a608e62..7971396 100644 --- a/modules/servers/atticd.nix +++ b/modules/servers/atticd.nix @@ -7,30 +7,27 @@ in options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343; config = lib.mkIf cfg.enable { sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml; - services = { - atticd = { - enable = true; - environmentFile = config.sops.secrets."private_cache_keys/atticd".path; - settings = { - listen = "[::]:${toString cfg.port}"; - jwt = { }; - chunking = { - nar-size-threshold = 64 * 1024; # 64 KiB - min-size = 16 * 1024; # 16 KiB - avg-size = 64 * 1024; # 64 KiB - max-size = 256 * 1024; # 256 KiB - }; - compression = { - type = "xz"; - level = 16; - }; - garbage-collection = { - interval = "7 days"; - default-retention-period = "7 days"; - }; + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."private_cache_keys/atticd".path; + settings = { + listen = "[::]:${toString cfg.port}"; + jwt = { }; + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + min-size = 16 * 1024; # 16 KiB + avg-size = 64 * 1024; # 64 KiB + max-size = 256 * 1024; # 256 KiB + }; + compression = { + type = "xz"; + level = 16; + }; + garbage-collection = { + interval = "7 days"; + default-retention-period = "7 days"; }; }; - nginx.virtualHosts."cache.rotehaare.art" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); }; }; } diff --git a/modules/servers/audiobookshelf.nix b/modules/servers/audiobookshelf.nix index 17e7957..a400a50 100644 --- a/modules/servers/audiobookshelf.nix +++ b/modules/servers/audiobookshelf.nix @@ -7,14 +7,11 @@ in options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; config = { my.servers.audiobookshelf.enableSocket = true; - services = { - audiobookshelf = lib.mkIf cfg.enable { - inherit (cfg) port; - enable = true; - host = cfg.ip; - group = "piracy"; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); + services.audiobookshelf = lib.mkIf cfg.enable { + inherit (cfg) port; + enable = true; + host = cfg.ip; + group = "piracy"; }; }; } diff --git a/modules/servers/bazarr.nix b/modules/servers/bazarr.nix index 9368ab8..d4fd3ba 100644 --- a/modules/servers/bazarr.nix +++ b/modules/servers/bazarr.nix @@ -5,13 +5,8 @@ let in { options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; - config = { - services = { - bazarr = lib.mkIf cfg.enable { - enable = true; - group = "piracy"; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); - }; + config.services.bazarr = lib.mkIf cfg.enable { + enable = true; + group = "piracy"; }; } diff --git a/modules/servers/firefox-syncserver.nix b/modules/servers/firefox-syncserver.nix index 0196d1f..001489d 100644 --- a/modules/servers/firefox-syncserver.nix +++ b/modules/servers/firefox-syncserver.nix @@ -7,20 +7,17 @@ in options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; config = { # sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml; - services = { - firefox-syncserver = { - inherit (cfg) enable; - # secrets = config.sops.secrets.firefox-syncserver; - settings.port = cfg.port; - singleNode = { - enable = true; - enableTLS = true; - enableNginx = true; - hostname = config.networking.hostName; - # url = cfg.host; - }; + services.firefox-syncserver = { + inherit (cfg) enable; + # secrets = config.sops.secrets.firefox-syncserver; + settings.port = cfg.port; + singleNode = { + enable = true; + enableTLS = true; + enableNginx = true; + hostname = config.networking.hostName; + # url = cfg.host; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; }; } diff --git a/modules/servers/gitea.nix b/modules/servers/gitea.nix index b042252..f8b1609 100644 --- a/modules/servers/gitea.nix +++ b/modules/servers/gitea.nix @@ -80,7 +80,6 @@ in inherit (pkgs.xorg) libX11; }; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); }; }; } diff --git a/modules/servers/homepage.nix b/modules/servers/homepage.nix index 1d9c26d..f7cb8f7 100644 --- a/modules/servers/homepage.nix +++ b/modules/servers/homepage.nix @@ -15,24 +15,21 @@ in }; }; my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path; - services = { - homepage-dashboard = lib.mkIf cfg.enable { - enable = true; - listenPort = cfg.port; - environmentFile = config.sops.secrets.homepage.path; - settings = { - providers.openweathermap = "ca54bc3999f608a5ad6e48b9c6c002ec"; - layout = import ./homepage/layout.nix; - }; - widgets = import ./homepage/widgets.nix; - services = import ./homepage/services.nix { inherit lib config; }; - bookmarks = - builtins.readDir ./homepage/bookmarks - |> builtins.attrNames - |> builtins.filter (file: builtins.match ".*\\.nix" file != null) - |> map (file: import ./homepage/bookmarks/${file}); + services.homepage-dashboard = lib.mkIf cfg.enable { + enable = true; + listenPort = cfg.port; + environmentFile = config.sops.secrets.homepage.path; + settings = { + providers.openweathermap = "ca54bc3999f608a5ad6e48b9c6c002ec"; + layout = import ./homepage/layout.nix; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReversePrivate cfg); + widgets = import ./homepage/widgets.nix; + services = import ./homepage/services.nix { inherit lib config; }; + bookmarks = + builtins.readDir ./homepage/bookmarks + |> builtins.attrNames + |> builtins.filter (file: builtins.match ".*\\.nix" file != null) + |> map (file: import ./homepage/bookmarks/${file}); }; }; } diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix index 082633b..3ad8cd7 100644 --- a/modules/servers/kavita.nix +++ b/modules/servers/kavita.nix @@ -18,12 +18,9 @@ in "piracy" ]; }; - services = { - kavita = lib.mkIf cfg.enable { - enable = true; - tokenKeyFile = config.sops.secrets.kavita-token.path; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); + services.kavita = lib.mkIf cfg.enable { + enable = true; + tokenKeyFile = config.sops.secrets.kavita-token.path; }; }; } diff --git a/modules/servers/lidarr.nix b/modules/servers/lidarr.nix index ea28afc..b833dec 100644 --- a/modules/servers/lidarr.nix +++ b/modules/servers/lidarr.nix @@ -5,30 +5,27 @@ let in { options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686; - config = { - virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable { - autoStart = true; - image = "linuxserver/lidarr:version-2.13.3.4711"; - ports = [ "${toString cfg.port}:${toString cfg.port}" ]; - environment = { - TZ = config.my.timeZone; - PUID = toString config.users.users.jawz.uid; - PGID = toString config.users.groups.piracy.gid; - }; - volumes = [ - "/srv/pool/multimedia:/data" - "/srv/pool/multimedia/media/Music:/music" - "/srv/pool/multimedia/media/MusicVideos:/music-videos" - "/srv/pool/multimedia/downloads/usenet:/usenet" - "/srv/pool/multimedia/downloads/torrent:/torrent" - "${config.my.containerData}/lidarr/files:/config" - "${config.my.containerData}/lidarr/custom-services.d:/custom-services.d" - "${config.my.containerData}/lidarr/custom-cont-init.d:/custom-cont-init.d" - ]; - extraOptions = [ - "--network=host" - ]; + config.virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable { + autoStart = true; + image = "linuxserver/lidarr:version-2.13.3.4711"; + ports = [ "${toString cfg.port}:${toString cfg.port}" ]; + environment = { + TZ = config.my.timeZone; + PUID = toString config.users.users.jawz.uid; + PGID = toString config.users.groups.piracy.gid; }; - services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); + volumes = [ + "/srv/pool/multimedia:/data" + "/srv/pool/multimedia/media/Music:/music" + "/srv/pool/multimedia/media/MusicVideos:/music-videos" + "/srv/pool/multimedia/downloads/usenet:/usenet" + "/srv/pool/multimedia/downloads/torrent:/torrent" + "${config.my.containerData}/lidarr/files:/config" + "${config.my.containerData}/lidarr/custom-services.d:/custom-services.d" + "${config.my.containerData}/lidarr/custom-cont-init.d:/custom-cont-init.d" + ]; + extraOptions = [ + "--network=host" + ]; }; } diff --git a/modules/servers/maloja.nix b/modules/servers/maloja.nix index ba4c632..b9e7102 100644 --- a/modules/servers/maloja.nix +++ b/modules/servers/maloja.nix @@ -21,6 +21,5 @@ in }; volumes = [ "${config.my.containerData}/maloja:/mljdata" ]; }; - services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; } diff --git a/modules/servers/mealie.nix b/modules/servers/mealie.nix index 3877071..6e0d7e1 100644 --- a/modules/servers/mealie.nix +++ b/modules/servers/mealie.nix @@ -7,26 +7,23 @@ in options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925; config = { sops.secrets = lib.mkIf cfg.enable { mealie.sopsFile = ../../secrets/env.yaml; }; - services = { - mealie = lib.mkIf cfg.enable { - enable = true; - inherit (cfg) port; - settings = { - TZ = config.my.timeZone; - DEFAULT_GROUP = "Home"; - BASE_URL = cfg.url; - API_DOCS = "false"; - ALLOW_SIGNUP = "false"; - DB_ENGINE = "postgres"; - POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}"; - MAX_WORKERS = "1"; - WEB_CONCURRENCY = "1"; - SMTP_HOST = "smtp.gmail.com"; - SMTP_PORT = "587"; - }; - credentialsFile = config.sops.secrets.mealie.path; + services.mealie = lib.mkIf cfg.enable { + enable = true; + inherit (cfg) port; + settings = { + TZ = config.my.timeZone; + DEFAULT_GROUP = "Home"; + BASE_URL = cfg.url; + API_DOCS = "false"; + ALLOW_SIGNUP = "false"; + DB_ENGINE = "postgres"; + POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}"; + MAX_WORKERS = "1"; + WEB_CONCURRENCY = "1"; + SMTP_HOST = "smtp.gmail.com"; + SMTP_PORT = "587"; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); + credentialsFile = config.sops.secrets.mealie.path; }; }; } diff --git a/modules/servers/metube.nix b/modules/servers/metube.nix index cbaab45..6b585e2 100644 --- a/modules/servers/metube.nix +++ b/modules/servers/metube.nix @@ -5,21 +5,18 @@ let in { options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881; - config = { - virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable { - image = "ghcr.io/alexta69/metube:2024-11-05"; - ports = [ "${toString cfg.port}:8081" ]; - volumes = [ - "${config.my.containerData}/metube:/downloads" - "/home/jawz/.librewolf/cookies.txt:/cookies.txt" - ]; - environment = { - TZ = config.my.timeZone; - YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}''; - PUID = toString config.users.users.jawz.uid; - PGID = toString config.users.groups.piracy.gid; - }; + config.virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable { + image = "ghcr.io/alexta69/metube:2024-11-05"; + ports = [ "${toString cfg.port}:8081" ]; + volumes = [ + "${config.my.containerData}/metube:/downloads" + "/home/jawz/.librewolf/cookies.txt:/cookies.txt" + ]; + environment = { + TZ = config.my.timeZone; + YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}''; + PUID = toString config.users.users.jawz.uid; + PGID = toString config.users.groups.piracy.gid; }; - services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; } diff --git a/modules/servers/microbin.nix b/modules/servers/microbin.nix index 5cb87bb..682a8b5 100644 --- a/modules/servers/microbin.nix +++ b/modules/servers/microbin.nix @@ -5,21 +5,16 @@ let in { options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; - config = lib.mkIf config.my.servers.microbin.enable { - services = { - microbin = lib.mkIf cfg.enable { - enable = true; - settings = { - MICROBIN_PORT = cfg.port; - MICROBIN_HIDE_LOGO = false; - MICROBIN_HIGHLIGHTSYNTAX = true; - MICROBIN_PRIVATE = true; - MICROBIN_QR = true; - MICROBIN_ENCRYPTION_CLIENT_SIDE = true; - MICROBIN_ENCRYPTION_SERVER_SIDE = true; - }; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); + config.services.microbin = lib.mkIf cfg.enable { + enable = true; + settings = { + MICROBIN_PORT = cfg.port; + MICROBIN_HIDE_LOGO = false; + MICROBIN_HIGHLIGHTSYNTAX = true; + MICROBIN_PRIVATE = true; + MICROBIN_QR = true; + MICROBIN_ENCRYPTION_CLIENT_SIDE = true; + MICROBIN_ENCRYPTION_SERVER_SIDE = true; }; }; } diff --git a/modules/servers/multi-scrobbler.nix b/modules/servers/multi-scrobbler.nix index a7f0ab1..35736b6 100644 --- a/modules/servers/multi-scrobbler.nix +++ b/modules/servers/multi-scrobbler.nix @@ -23,6 +23,5 @@ in }; volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ]; }; - services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; } diff --git a/modules/servers/nix-serve.nix b/modules/servers/nix-serve.nix index 03e3603..0808a2d 100644 --- a/modules/servers/nix-serve.nix +++ b/modules/servers/nix-serve.nix @@ -12,14 +12,11 @@ in options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000; config = lib.mkIf cfg.enable { sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml; - services = { - nix-serve = { - enable = true; - package = pkgs.nix-serve-ng; - inherit (cfg) port; - secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); + services.nix-serve = { + enable = true; + package = pkgs.nix-serve-ng; + inherit (cfg) port; + secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path; }; }; } diff --git a/modules/servers/ombi.nix b/modules/servers/ombi.nix index 4ecebe4..2c35d3b 100644 --- a/modules/servers/ombi.nix +++ b/modules/servers/ombi.nix @@ -5,11 +5,8 @@ let in { options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; - config.services = { - ombi = lib.mkIf cfg.enable { - enable = true; - inherit (cfg) port; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); + config.services.ombi = lib.mkIf cfg.enable { + enable = true; + inherit (cfg) port; }; } diff --git a/modules/servers/prowlarr.nix b/modules/servers/prowlarr.nix index 4a002c0..813cb48 100644 --- a/modules/servers/prowlarr.nix +++ b/modules/servers/prowlarr.nix @@ -17,7 +17,6 @@ in services = { prowlarr.enable = cfg.enable; flaresolverr.enable = cfg.enable; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); }; }; } diff --git a/modules/servers/radarr.nix b/modules/servers/radarr.nix index c47da8d..d77cb32 100644 --- a/modules/servers/radarr.nix +++ b/modules/servers/radarr.nix @@ -5,13 +5,8 @@ let in { options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; - config = { - services = { - radarr = lib.mkIf cfg.enable { - enable = true; - group = "piracy"; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); - }; + config.services.radarr = lib.mkIf cfg.enable { + enable = true; + group = "piracy"; }; } diff --git a/modules/servers/readeck.nix b/modules/servers/readeck.nix index 3f9f0fc..2536681 100644 --- a/modules/servers/readeck.nix +++ b/modules/servers/readeck.nix @@ -7,22 +7,19 @@ in options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546; config = { sops.secrets.readeck.sopsFile = ../../secrets/env.yaml; - services = { - readeck = { - inherit (cfg) enable; - environmentFile = config.sops.secrets.readeck.path; - settings = { - main = { - log_level = "warn"; - data_directory = "/var/lib/readeck"; - }; - server = { - port = cfg.port; - host = cfg.ip; - }; + services.readeck = { + inherit (cfg) enable; + environmentFile = config.sops.secrets.readeck.path; + settings = { + main = { + log_level = "warn"; + data_directory = "/var/lib/readeck"; + }; + server = { + port = cfg.port; + host = cfg.ip; }; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; }; } diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix index a90aabc..d2e7e0f 100644 --- a/modules/servers/ryot.nix +++ b/modules/servers/ryot.nix @@ -19,6 +19,5 @@ in }; volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; }; - services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; } diff --git a/modules/servers/shiori.nix b/modules/servers/shiori.nix index 263b97a..3931666 100644 --- a/modules/servers/shiori.nix +++ b/modules/servers/shiori.nix @@ -7,14 +7,11 @@ in options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) { sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; }; - services = { - shiori = lib.mkIf cfg.enable { - inherit (cfg) port; - enable = true; - environmentFile = config.sops.secrets.shiori.path; - databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); + services.shiori = lib.mkIf cfg.enable { + inherit (cfg) port; + enable = true; + environmentFile = config.sops.secrets.shiori.path; + databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; }; }; } diff --git a/modules/servers/sonarr.nix b/modules/servers/sonarr.nix index 342ad8a..3a80205 100644 --- a/modules/servers/sonarr.nix +++ b/modules/servers/sonarr.nix @@ -5,11 +5,8 @@ let in { options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; - config.services = { - sonarr = lib.mkIf cfg.enable { - enable = true; - group = "piracy"; - }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); + config.services.sonarr = lib.mkIf cfg.enable { + enable = true; + group = "piracy"; }; } diff --git a/modules/servers/stash.nix b/modules/servers/stash.nix index ccb31cd..c432d63 100644 --- a/modules/servers/stash.nix +++ b/modules/servers/stash.nix @@ -11,26 +11,23 @@ in "stash/jwt".sopsFile = ../../secrets/env.yaml; "stash/session".sopsFile = ../../secrets/env.yaml; }; - services = { - stash = lib.mkIf cfg.enable { - enable = true; - group = "piracy"; - mutableSettings = true; - username = "Suing8150"; - passwordFile = config.sops.secrets."stash/password".path; - jwtSecretKeyFile = config.sops.secrets."stash/jwt".path; - sessionStoreKeyFile = config.sops.secrets."stash/session".path; - settings = { - inherit (cfg) port; - host = "0.0.0.0"; - stash = [ - { - path = "/srv/pool/glue/"; - } - ]; - }; + services.stash = lib.mkIf cfg.enable { + enable = true; + group = "piracy"; + mutableSettings = true; + username = "Suing8150"; + passwordFile = config.sops.secrets."stash/password".path; + jwtSecretKeyFile = config.sops.secrets."stash/jwt".path; + sessionStoreKeyFile = config.sops.secrets."stash/session".path; + settings = { + inherit (cfg) port; + host = "0.0.0.0"; + stash = [ + { + path = "/srv/pool/glue/"; + } + ]; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); }; }; } diff --git a/modules/servers/vaultwarden.nix b/modules/servers/vaultwarden.nix index 26bd1f5..5a3e8da 100644 --- a/modules/servers/vaultwarden.nix +++ b/modules/servers/vaultwarden.nix @@ -12,26 +12,23 @@ in options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222; config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) { sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; }; - services = { - vaultwarden = lib.mkIf cfg.enable { - enable = true; - dbBackend = "postgresql"; - package = pkgs.vaultwarden; - environmentFile = config.sops.secrets.vaultwarden.path; - config = { - # ROCKET_ADDRESS = "${config.my.localhost}"; # VPS - ROCKET_ADDRESS = cfg.ip; - ROCKET_PORT = cfg.port; - WEBSOCKET_PORT = 8333; - DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}"; - ENABLE_DB_WAL = false; - WEBSOCKET_ENABLED = true; - SHOW_PASSWORD_HINT = false; - EXTENDED_LOGGING = true; - LOG_LEVEL = "warn"; - }; + services.vaultwarden = lib.mkIf cfg.enable { + enable = true; + dbBackend = "postgresql"; + package = pkgs.vaultwarden; + environmentFile = config.sops.secrets.vaultwarden.path; + config = { + # ROCKET_ADDRESS = "${config.my.localhost}"; # VPS + ROCKET_ADDRESS = cfg.ip; + ROCKET_PORT = cfg.port; + WEBSOCKET_PORT = 8333; + DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}"; + ENABLE_DB_WAL = false; + WEBSOCKET_ENABLED = true; + SHOW_PASSWORD_HINT = false; + EXTENDED_LOGGING = true; + LOG_LEVEL = "warn"; }; - nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); }; }; }