jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx proxy module

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-27 18:06:35 -06:00
parent 99574c9b66
commit ab845af157
25 changed files with 276 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/modules.nix
View File

@ -40,6 +40,7 @@ in
./nix/build.nix ./nix/build.nix
./users/nixremote.nix ./users/nixremote.nix
./network/firewall.nix ./network/firewall.nix
./network/nginx.nix
]; ];
options.my = { options.my = {
localhost = lib.mkOption { localhost = lib.mkOption {

100
modules/network/nginx.nix Normal file
View File

@ -0,0 +1,100 @@
{ lib, config, ... }:
let
setup = import ../servers/setup.nix { inherit lib config; };
standardProxyServices = {
"firefox-syncserver" = {
type = "proxyReverse";
};
"readeck" = {
type = "proxyReverse";
};
"microbin" = {
type = "proxyReverse";
};
"ryot" = {
type = "proxyReverse";
};
"bazarr" = {
type = "proxyReverse";
};
"shiori" = {
type = "proxyReverse";
};
"metube" = {
type = "proxyReverse";
};
"maloja" = {
type = "proxyReverse";
};
"vaultwarden" = {
type = "proxyReverse";
};
"mealie" = {
type = "proxyReverse";
};
"kavita" = {
type = "proxyReverse";
};
"multi-scrobbler" = {
type = "proxyReverse";
};
"nix-serve" = {
type = "proxyReverse";
};
"audiobookshelf" = {
type = "proxyReverseFix";
};
"lidarr" = {
type = "proxyReverseFix";
};
"gitea" = {
type = "proxyReverseFix";
};
"prowlarr" = {
type = "proxyReverseFix";
};
"ombi" = {
type = "proxyReverseFix";
};
"radarr" = {
type = "proxyReverseFix";
};
"sonarr" = {
type = "proxyReverseFix";
};
"stash" = {
type = "proxyReverseFix";
};
"atticd" = {
type = "proxyReverseFix";
};
"homepage" = {
type = "proxyReversePrivate";
};
};
generateProxyConfig =
serviceName: serviceConfig:
let
cfg = config.my.servers.${serviceName};
proxyFunc =
if serviceConfig.type == "proxyReverse" then
setup.proxyReverse
else if serviceConfig.type == "proxyReverseFix" then
setup.proxyReverseFix
else if serviceConfig.type == "proxyReversePrivate" then
setup.proxyReversePrivate
else
throw "Unknown proxy type: ${serviceConfig.type}";
in
lib.nameValuePair cfg.host (lib.mkIf cfg.enableProxy (proxyFunc cfg));
standardProxyConfigs = lib.mapAttrs' generateProxyConfig standardProxyServices;
in
{
config = lib.mkIf config.my.enableProxy {
services.nginx.virtualHosts = standardProxyConfigs;
};
}

41
modules/servers/atticd.nix
View File

@ -7,30 +7,27 @@ in
options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343; options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml; sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml;
services = { services.atticd = {
atticd = { enable = true;
enable = true; environmentFile = config.sops.secrets."private_cache_keys/atticd".path;
environmentFile = config.sops.secrets."private_cache_keys/atticd".path; settings = {
settings = { listen = "[::]:${toString cfg.port}";
listen = "[::]:${toString cfg.port}"; jwt = { };
jwt = { }; chunking = {
chunking = { nar-size-threshold = 64 * 1024; # 64 KiB
nar-size-threshold = 64 * 1024; # 64 KiB min-size = 16 * 1024; # 16 KiB
min-size = 16 * 1024; # 16 KiB avg-size = 64 * 1024; # 64 KiB
avg-size = 64 * 1024; # 64 KiB max-size = 256 * 1024; # 256 KiB
max-size = 256 * 1024; # 256 KiB };
}; compression = {
compression = { type = "xz";
type = "xz"; level = 16;
level = 16; };
}; garbage-collection = {
garbage-collection = { interval = "7 days";
interval = "7 days"; default-retention-period = "7 days";
default-retention-period = "7 days";
};
}; };
}; };
nginx.virtualHosts."cache.rotehaare.art" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
}; };
} }

13
modules/servers/audiobookshelf.nix
View File

@ -7,14 +7,11 @@ in
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = { config = {
my.servers.audiobookshelf.enableSocket = true; my.servers.audiobookshelf.enableSocket = true;
services = { services.audiobookshelf = lib.mkIf cfg.enable {
audiobookshelf = lib.mkIf cfg.enable { inherit (cfg) port;
inherit (cfg) port; enable = true;
enable = true; host = cfg.ip;
host = cfg.ip; group = "piracy";
group = "piracy";
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
}; };
} }

11
modules/servers/bazarr.nix
View File

@ -5,13 +5,8 @@ let
in in
{ {
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;
config = { config.services.bazarr = lib.mkIf cfg.enable {
services = { enable = true;
bazarr = lib.mkIf cfg.enable { group = "piracy";
enable = true;
group = "piracy";
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
};
}; };
} }

23
modules/servers/firefox-syncserver.nix
View File

@ -7,20 +7,17 @@ in
options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;
config = { config = {
# sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml; # sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml;
services = { services.firefox-syncserver = {
firefox-syncserver = { inherit (cfg) enable;
inherit (cfg) enable; # secrets = config.sops.secrets.firefox-syncserver;
# secrets = config.sops.secrets.firefox-syncserver; settings.port = cfg.port;
settings.port = cfg.port; singleNode = {
singleNode = { enable = true;
enable = true; enableTLS = true;
enableTLS = true; enableNginx = true;
enableNginx = true; hostname = config.networking.hostName;
hostname = config.networking.hostName; # url = cfg.host;
# url = cfg.host;
};
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

1
modules/servers/gitea.nix
View File

@ -80,7 +80,6 @@ in
inherit (pkgs.xorg) libX11; inherit (pkgs.xorg) libX11;
}; };
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
}; };
} }

31
modules/servers/homepage.nix
View File

@ -15,24 +15,21 @@ in
}; };
}; };
my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path; my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
services = { services.homepage-dashboard = lib.mkIf cfg.enable {
homepage-dashboard = lib.mkIf cfg.enable { enable = true;
enable = true; listenPort = cfg.port;
listenPort = cfg.port; environmentFile = config.sops.secrets.homepage.path;
environmentFile = config.sops.secrets.homepage.path; settings = {
settings = { providers.openweathermap = "ca54bc3999f608a5ad6e48b9c6c002ec";
providers.openweathermap = "ca54bc3999f608a5ad6e48b9c6c002ec"; layout = import ./homepage/layout.nix;
layout = import ./homepage/layout.nix;
};
widgets = import ./homepage/widgets.nix;
services = import ./homepage/services.nix { inherit lib config; };
bookmarks =
builtins.readDir ./homepage/bookmarks
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null)
|> map (file: import ./homepage/bookmarks/${file});
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReversePrivate cfg); widgets = import ./homepage/widgets.nix;
services = import ./homepage/services.nix { inherit lib config; };
bookmarks =
builtins.readDir ./homepage/bookmarks
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null)
|> map (file: import ./homepage/bookmarks/${file});
}; };
}; };
} }

9
modules/servers/kavita.nix
View File

@ -18,12 +18,9 @@ in
"piracy" "piracy"
]; ];
}; };
services = { services.kavita = lib.mkIf cfg.enable {
kavita = lib.mkIf cfg.enable { enable = true;
enable = true; tokenKeyFile = config.sops.secrets.kavita-token.path;
tokenKeyFile = config.sops.secrets.kavita-token.path;
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

45
modules/servers/lidarr.nix
View File

@ -5,30 +5,27 @@ let
in in
{ {
options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686; options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;
config = { config.virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable { autoStart = true;
autoStart = true; image = "linuxserver/lidarr:version-2.13.3.4711";
image = "linuxserver/lidarr:version-2.13.3.4711"; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; environment = {
environment = { TZ = config.my.timeZone;
TZ = config.my.timeZone; PUID = toString config.users.users.jawz.uid;
PUID = toString config.users.users.jawz.uid; PGID = toString config.users.groups.piracy.gid;
PGID = toString config.users.groups.piracy.gid;
};
volumes = [
"/srv/pool/multimedia:/data"
"/srv/pool/multimedia/media/Music:/music"
"/srv/pool/multimedia/media/MusicVideos:/music-videos"
"/srv/pool/multimedia/downloads/usenet:/usenet"
"/srv/pool/multimedia/downloads/torrent:/torrent"
"${config.my.containerData}/lidarr/files:/config"
"${config.my.containerData}/lidarr/custom-services.d:/custom-services.d"
"${config.my.containerData}/lidarr/custom-cont-init.d:/custom-cont-init.d"
];
extraOptions = [
"--network=host"
];
}; };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); volumes = [
"/srv/pool/multimedia:/data"
"/srv/pool/multimedia/media/Music:/music"
"/srv/pool/multimedia/media/MusicVideos:/music-videos"
"/srv/pool/multimedia/downloads/usenet:/usenet"
"/srv/pool/multimedia/downloads/torrent:/torrent"
"${config.my.containerData}/lidarr/files:/config"
"${config.my.containerData}/lidarr/custom-services.d:/custom-services.d"
"${config.my.containerData}/lidarr/custom-cont-init.d:/custom-cont-init.d"
];
extraOptions = [
"--network=host"
];
}; };
} }

1
modules/servers/maloja.nix
View File

@ -21,6 +21,5 @@ in
}; };
volumes = [ "${config.my.containerData}/maloja:/mljdata" ]; volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
}; };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
} }

35
modules/servers/mealie.nix
View File

@ -7,26 +7,23 @@ in
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925; options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;
config = { config = {
sops.secrets = lib.mkIf cfg.enable { mealie.sopsFile = ../../secrets/env.yaml; }; sops.secrets = lib.mkIf cfg.enable { mealie.sopsFile = ../../secrets/env.yaml; };
services = { services.mealie = lib.mkIf cfg.enable {
mealie = lib.mkIf cfg.enable { enable = true;
enable = true; inherit (cfg) port;
inherit (cfg) port; settings = {
settings = { TZ = config.my.timeZone;
TZ = config.my.timeZone; DEFAULT_GROUP = "Home";
DEFAULT_GROUP = "Home"; BASE_URL = cfg.url;
BASE_URL = cfg.url; API_DOCS = "false";
API_DOCS = "false"; ALLOW_SIGNUP = "false";
ALLOW_SIGNUP = "false"; DB_ENGINE = "postgres";
DB_ENGINE = "postgres"; POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}";
POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}"; MAX_WORKERS = "1";
MAX_WORKERS = "1"; WEB_CONCURRENCY = "1";
WEB_CONCURRENCY = "1"; SMTP_HOST = "smtp.gmail.com";
SMTP_HOST = "smtp.gmail.com"; SMTP_PORT = "587";
SMTP_PORT = "587";
};
credentialsFile = config.sops.secrets.mealie.path;
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg); credentialsFile = config.sops.secrets.mealie.path;
}; };
}; };
} }

27
modules/servers/metube.nix
View File

@ -5,21 +5,18 @@ let
in in
{ {
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881; options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;
config = { config.virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable { image = "ghcr.io/alexta69/metube:2024-11-05";
image = "ghcr.io/alexta69/metube:2024-11-05"; ports = [ "${toString cfg.port}:8081" ];
ports = [ "${toString cfg.port}:8081" ]; volumes = [
volumes = [ "${config.my.containerData}/metube:/downloads"
"${config.my.containerData}/metube:/downloads" "/home/jawz/.librewolf/cookies.txt:/cookies.txt"
"/home/jawz/.librewolf/cookies.txt:/cookies.txt" ];
]; environment = {
environment = { TZ = config.my.timeZone;
TZ = config.my.timeZone; YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}''; PUID = toString config.users.users.jawz.uid;
PUID = toString config.users.users.jawz.uid; PGID = toString config.users.groups.piracy.gid;
PGID = toString config.users.groups.piracy.gid;
};
}; };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
} }

25
modules/servers/microbin.nix
View File

@ -5,21 +5,16 @@ let
in in
{ {
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;
config = lib.mkIf config.my.servers.microbin.enable { config.services.microbin = lib.mkIf cfg.enable {
services = { enable = true;
microbin = lib.mkIf cfg.enable { settings = {
enable = true; MICROBIN_PORT = cfg.port;
settings = { MICROBIN_HIDE_LOGO = false;
MICROBIN_PORT = cfg.port; MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_HIDE_LOGO = false; MICROBIN_PRIVATE = true;
MICROBIN_HIGHLIGHTSYNTAX = true; MICROBIN_QR = true;
MICROBIN_PRIVATE = true; MICROBIN_ENCRYPTION_CLIENT_SIDE = true;
MICROBIN_QR = true; MICROBIN_ENCRYPTION_SERVER_SIDE = true;
MICROBIN_ENCRYPTION_CLIENT_SIDE = true;
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

1
modules/servers/multi-scrobbler.nix
View File

@ -23,6 +23,5 @@ in
}; };
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ]; volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
}; };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
} }

13
modules/servers/nix-serve.nix
View File

@ -12,14 +12,11 @@ in
options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000; options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml; sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml;
services = { services.nix-serve = {
nix-serve = { enable = true;
enable = true; package = pkgs.nix-serve-ng;
package = pkgs.nix-serve-ng; inherit (cfg) port;
inherit (cfg) port; secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path;
secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path;
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

9
modules/servers/ombi.nix
View File

@ -5,11 +5,8 @@ let
in in
{ {
options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;
config.services = { config.services.ombi = lib.mkIf cfg.enable {
ombi = lib.mkIf cfg.enable { enable = true;
enable = true; inherit (cfg) port;
inherit (cfg) port;
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
} }

1
modules/servers/prowlarr.nix
View File

@ -17,7 +17,6 @@ in
services = { services = {
prowlarr.enable = cfg.enable; prowlarr.enable = cfg.enable;
flaresolverr.enable = cfg.enable; flaresolverr.enable = cfg.enable;
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
}; };
} }

11
modules/servers/radarr.nix
View File

@ -5,13 +5,8 @@ let
in in
{ {
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;
config = { config.services.radarr = lib.mkIf cfg.enable {
services = { enable = true;
radarr = lib.mkIf cfg.enable { group = "piracy";
enable = true;
group = "piracy";
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
};
}; };
} }

25
modules/servers/readeck.nix
View File

@ -7,22 +7,19 @@ in
options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546; options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546;
config = { config = {
sops.secrets.readeck.sopsFile = ../../secrets/env.yaml; sops.secrets.readeck.sopsFile = ../../secrets/env.yaml;
services = { services.readeck = {
readeck = { inherit (cfg) enable;
inherit (cfg) enable; environmentFile = config.sops.secrets.readeck.path;
environmentFile = config.sops.secrets.readeck.path; settings = {
settings = { main = {
main = { log_level = "warn";
log_level = "warn"; data_directory = "/var/lib/readeck";
data_directory = "/var/lib/readeck"; };
}; server = {
server = { port = cfg.port;
port = cfg.port; host = cfg.ip;
host = cfg.ip;
};
}; };
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

1
modules/servers/ryot.nix
View File

@ -19,6 +19,5 @@ in
}; };
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
}; };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
} }

13
modules/servers/shiori.nix
View File

@ -7,14 +7,11 @@ in
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) { config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; }; sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; };
services = { services.shiori = lib.mkIf cfg.enable {
shiori = lib.mkIf cfg.enable { inherit (cfg) port;
inherit (cfg) port; enable = true;
enable = true; environmentFile = config.sops.secrets.shiori.path;
environmentFile = config.sops.secrets.shiori.path; databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }

9
modules/servers/sonarr.nix
View File

@ -5,11 +5,8 @@ let
in in
{ {
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;
config.services = { config.services.sonarr = lib.mkIf cfg.enable {
sonarr = lib.mkIf cfg.enable { enable = true;
enable = true; group = "piracy";
group = "piracy";
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
} }

35
modules/servers/stash.nix
View File

@ -11,26 +11,23 @@ in
"stash/jwt".sopsFile = ../../secrets/env.yaml; "stash/jwt".sopsFile = ../../secrets/env.yaml;
"stash/session".sopsFile = ../../secrets/env.yaml; "stash/session".sopsFile = ../../secrets/env.yaml;
}; };
services = { services.stash = lib.mkIf cfg.enable {
stash = lib.mkIf cfg.enable { enable = true;
enable = true; group = "piracy";
group = "piracy"; mutableSettings = true;
mutableSettings = true; username = "Suing8150";
username = "Suing8150"; passwordFile = config.sops.secrets."stash/password".path;
passwordFile = config.sops.secrets."stash/password".path; jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
jwtSecretKeyFile = config.sops.secrets."stash/jwt".path; sessionStoreKeyFile = config.sops.secrets."stash/session".path;
sessionStoreKeyFile = config.sops.secrets."stash/session".path; settings = {
settings = { inherit (cfg) port;
inherit (cfg) port; host = "0.0.0.0";
host = "0.0.0.0"; stash = [
stash = [ {
{ path = "/srv/pool/glue/";
path = "/srv/pool/glue/"; }
} ];
];
};
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
}; };
}; };
} }

35
modules/servers/vaultwarden.nix
View File

@ -12,26 +12,23 @@ in
options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222; options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) { config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; }; sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; };
services = { services.vaultwarden = lib.mkIf cfg.enable {
vaultwarden = lib.mkIf cfg.enable { enable = true;
enable = true; dbBackend = "postgresql";
dbBackend = "postgresql"; package = pkgs.vaultwarden;
package = pkgs.vaultwarden; environmentFile = config.sops.secrets.vaultwarden.path;
environmentFile = config.sops.secrets.vaultwarden.path; config = {
config = { # ROCKET_ADDRESS = "${config.my.localhost}"; # VPS
# ROCKET_ADDRESS = "${config.my.localhost}"; # VPS ROCKET_ADDRESS = cfg.ip;
ROCKET_ADDRESS = cfg.ip; ROCKET_PORT = cfg.port;
ROCKET_PORT = cfg.port; WEBSOCKET_PORT = 8333;
WEBSOCKET_PORT = 8333; DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}";
DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}"; ENABLE_DB_WAL = false;
ENABLE_DB_WAL = false; WEBSOCKET_ENABLED = true;
WEBSOCKET_ENABLED = true; SHOW_PASSWORD_HINT = false;
SHOW_PASSWORD_HINT = false; EXTENDED_LOGGING = true;
EXTENDED_LOGGING = true; LOG_LEVEL = "warn";
LOG_LEVEL = "warn";
};
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
}; };
}; };
} }