helvetica/puter
1
0
Fork 0
Code Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2024-08-18 14:54:44 +02:00
parent 7b2a024010
commit 6375d98a74
53 changed files with 112 additions and 852 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/abacus/backup.nix
View file

@ -8,7 +8,11 @@
services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true;
paths = [config.services.syncthing.dataDir];
paths = [
config.services.vaultwarden.backupDir
# TODO
# config.services.syncthing.dataDir
];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = {

77
hosts/abacus/conduit.nix
View file

@ -1,77 +0,0 @@
{
config,
pkgs,
...
}: let
inherit (config.networking) domain;
subdomain = "matrix";
jsonFormat = pkgs.formats.json {};
wellKnownServer = jsonFormat.generate "well-known-matrix-server" {
"m.server" = "${subdomain}.${domain}:443";
};
wellKnownClient = jsonFormat.generate "well-known-matrix-client" {
"m.homeserver".base_url = "https://${subdomain}.${domain}";
};
in {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = domain;
address = "127.0.0.1";
port = 8010;
database_backend = "rocksdb";
allow_registration = false;
};
};
systemd.services.conduit.serviceConfig.LimitNOFILE = 8192;
services.nginx.virtualHosts = {
${domain}.locations = {
"=/.well-known/matrix/server" = {
alias = wellKnownServer;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
"=/.well-known/matrix/client" = {
alias = wellKnownClient;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
"${subdomain}.${domain}" = {
enableACME = true;
forceSSL = true;
quic = true;
locations = {
"/".return = "404";
"/_matrix/" = {
proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
extraConfig = ''
merge_slashes off;
'';
};
};
}

2
hosts/abacus/default.nix
View file

@ -12,7 +12,7 @@
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
system.stateVersion = "24.05";
system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "performance";

2
hosts/abacus/microbin.nix
View file

@ -11,8 +11,6 @@ in {
MICROBIN_BIND = "localhost";
MICROBIN_PORT = 8020;
MICROBIN_ADMIN_USERNAME = "lukas";
MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/";
MICROBIN_QR = true;

14
hosts/abacus/miniflux.nix
View file

@ -1,15 +1,21 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
virtualHostName = "flux.${domain}";
in {
age.secrets.miniflux = {
file = ../../secrets/miniflux.age;
owner = config.systemd.services.miniflux.serviceConfig.User;
};
services.miniflux = {
enable = true;
createDatabaseLocally = true;
adminCredentialsFile = "";
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
LISTEN_ADDR = "localhost:8040";
LISTEN_ADDR = "localhost:8030";
BASE_URL = "https://${virtualHostName}";
WEBAUTHN = true;
CREATE_ADMIN = 1;
WEBAUTHN = 1;
};
};

7
hosts/abacus/vaultwarden.nix
View file

@ -1,6 +1,7 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "vault.${domain}";
backupDir = "/srv/backup/vaultwarden";
in {
age.secrets.vaultwarden = {
file = ../../secrets/vaultwarden.age;
@ -11,6 +12,10 @@ in {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
inherit backupDir;
config = {
DOMAIN = "https://${virtualHostName}";
@ -24,6 +29,8 @@ in {
environmentFile = config.age.secrets.vaultwarden.path;
};
systemd.timers.backup-vaultwarden.timerConfig.OnCalendar = "*-*-* 02:00:00";
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;