jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops (server part)

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-24 19:07:26 -06:00
parent b915bbe4f3
commit adc3505632
6 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
home-manager.nix
View File

@ -51,7 +51,7 @@
git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@protonmail.com";
userEmail = config.my.email;
};
};
}

2
hosts/miniserver/configuration.nix
View File

@ -53,7 +53,7 @@
prowlarr.enable = false;
qbittorrent.enable = true;
radarr.enable = false;
ryot.enable = false;
ryot.enable = true;
shiori.enable = true;
sonarr.enable = false;
vaultwarden.enable = true;

12
modules/servers.nix
View File

@ -100,6 +100,16 @@ in {
default = "/var/lib/docker-configs";
description = "The docker/podman socket path.";
};
smtpemail = lib.mkOption {
type = lib.types.str;
default = "stunner6399@gmail.com";
description = "localhost smtp email";
};
email = lib.mkOption {
type = lib.types.str;
default = "CaptainJawZ@protonmail.com";
description = "localhost smtp email";
};
};
config = {
my.servers = {
@ -146,7 +156,7 @@ in {
};
security.acme = lib.mkIf config.services.nginx.enable {
acceptTerms = true;
defaults.email = "CaptainJawZ@outlook.com";
defaults.email = config.my.email;
};
services.nginx = {
clientMaxBodySize = "4096m";

6
modules/servers/nextcloud.nix
View File

@ -58,8 +58,8 @@ in {
host = "smtp.gmail.com";
port = 587;
tls = true;
from = "stunner6399@gmail.com";
user = "stunner6399@gmail.com";
from = config.my.smtpemail;
user = config.my.smtpemail;
passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
};
};
@ -107,7 +107,7 @@ in {
settings = {
log_type = "file";
log_level = 3;
trusted_proxies = [ "nginx" ];
trusted_proxies = [ "192.168.0.1" "192.168.0.0/24" "10.0.0.0/8" ];
trusted_domains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
overwrite_protocol = "https";
default_phone_region = "MX";

7
modules/servers/ryot.nix
View File

@ -1,6 +1,6 @@
{ lib, config, proxyReverse, ... }:
let
port = 8881;
port = 8765;
url = "tracker.${config.my.domain}";
in {
options.my.servers.ryot.enable = lib.mkEnableOption "enable";
@ -10,10 +10,11 @@ in {
virtualisation.oci-containers = {
backend = "docker";
containers.ryot = {
image = "ghcr.io/ignisda/ryot:v5.5.0";
ports = [ "8765:8000" ];
image = "ghcr.io/ignisda/ryot:v5.5.6";
ports = [ "${toString port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ];
environment = {
RUST_LOG = "ryot=debug,sea_orm=debug";
TZ = "America/Mexico_City";
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";

8
modules/servers/vaultwarden.nix
View File

@ -2,12 +2,13 @@
options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.vaultwarden.enable
&& config.my.servers.postgres.enable) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
package = pkgs.vaultwarden;
environmentFile = "/var/lib/vaultwarden.env";
environmentFile = config.sops.vaultwarden.path;
config = {
ROCKET_ADDRESS = "${config.my.localhost}";
ROCKET_PORT = 8222;
@ -20,6 +21,11 @@
SIGNUPS_ALLOWED = false;
EXTENDED_LOGGING = true;
LOG_LEVEL = "warn";
SMTP_HOST = config.my.localhost;
SMTP_PORT = 25;
SMTP_SSL = false;
SMTP_FROM = config.my.smtpemail;
SMTP_FROM_NAME = config.my.smtpemail;
};
};
nginx = {