sops (server part)

home-manager.nix

@@ -51,7 +51,7 @@
     git = {
       enable = true;
       userName = "Danilo Reyes";
-      userEmail = "CaptainJawZ@protonmail.com";
+      userEmail = config.my.email;
     };
   };
 }

hosts/miniserver/configuration.nix

@@ -53,7 +53,7 @@
       prowlarr.enable = false;
       qbittorrent.enable = true;
       radarr.enable = false;
-      ryot.enable = false;
+      ryot.enable = true;
       shiori.enable = true;
       sonarr.enable = false;
       vaultwarden.enable = true;

modules/servers.nix

@@ -100,6 +100,16 @@ in {
       default = "/var/lib/docker-configs";
       description = "The docker/podman socket path.";
     };
+    smtpemail = lib.mkOption {
+      type = lib.types.str;
+      default = "stunner6399@gmail.com";
+      description = "localhost smtp email";
+    };
+    email = lib.mkOption {
+      type = lib.types.str;
+      default = "CaptainJawZ@protonmail.com";
+      description = "localhost smtp email";
+    };
   };
   config = {
     my.servers = {
@@ -146,7 +156,7 @@ in {
     };
     security.acme = lib.mkIf config.services.nginx.enable {
       acceptTerms = true;
-      defaults.email = "CaptainJawZ@outlook.com";
+      defaults.email = config.my.email;
     };
     services.nginx = {
       clientMaxBodySize = "4096m";

modules/servers/nextcloud.nix

@@ -58,8 +58,8 @@ in {
           host = "smtp.gmail.com";
           port = 587;
           tls = true;
-          from = "stunner6399@gmail.com";
+          from = config.my.smtpemail;
-          user = "stunner6399@gmail.com";
+          user = config.my.smtpemail;
           passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
         };
       };
@@ -107,7 +107,7 @@ in {
           settings = {
             log_type = "file";
             log_level = 3;
-            trusted_proxies = [ "nginx" ];
+            trusted_proxies = [ "192.168.0.1" "192.168.0.0/24" "10.0.0.0/8" ];
             trusted_domains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
             overwrite_protocol = "https";
             default_phone_region = "MX";

modules/servers/ryot.nix

@@ -1,6 +1,6 @@
 { lib, config, proxyReverse, ... }:
 let
-  port = 8881;
+  port = 8765;
   url = "tracker.${config.my.domain}";
 in {
   options.my.servers.ryot.enable = lib.mkEnableOption "enable";
@@ -10,10 +10,11 @@ in {
       virtualisation.oci-containers = {
         backend = "docker";
         containers.ryot = {
-          image = "ghcr.io/ignisda/ryot:v5.5.0";
+          image = "ghcr.io/ignisda/ryot:v5.5.6";
-          ports = [ "8765:8000" ];
+          ports = [ "${toString port}:8000" ];
           environmentFiles = [ config.sops.secrets.ryot.path ];
           environment = {
+            RUST_LOG = "ryot=debug,sea_orm=debug";
             TZ = "America/Mexico_City";
             DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
             FRONTEND_INSECURE_COOKIES = "true";

modules/servers/vaultwarden.nix

@@ -2,12 +2,13 @@
   options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
   config = lib.mkIf (config.my.servers.vaultwarden.enable
     && config.my.servers.postgres.enable) {
+      sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
       services = {
         vaultwarden = {
           enable = true;
           dbBackend = "postgresql";
           package = pkgs.vaultwarden;
-          environmentFile = "/var/lib/vaultwarden.env";
+          environmentFile = config.sops.vaultwarden.path;
           config = {
             ROCKET_ADDRESS = "${config.my.localhost}";
             ROCKET_PORT = 8222;
@@ -20,6 +21,11 @@
             SIGNUPS_ALLOWED = false;
             EXTENDED_LOGGING = true;
             LOG_LEVEL = "warn";
+            SMTP_HOST = config.my.localhost;
+            SMTP_PORT = 25;
+            SMTP_SSL = false;
+            SMTP_FROM = config.my.smtpemail;
+            SMTP_FROM_NAME = config.my.smtpemail;
           };
         };
         nginx = {