anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-04-02 11:12:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

updates

Browse Source 
Former-commit-id: d2d113fab5
This commit is contained in:
Hadi
2025-03-19 15:46:23 +01:00
parent 9151dc75d8
commit e5f2161604
5 changed files with 83 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/server/configuration.nix
View File

@@ -9,9 +9,10 @@
../../nixos/tailscale.nix
../../server-modules/ssh.nix
# ../../server-modules/bitwarden.nix
../../server-modules/bitwarden.nix
../../server-modules/firewall.nix
../../server-modules/nginx.nix
../../server-modules/nextcloud.nix
# You should let those lines as is
./hardware-configuration.nix

3
hosts/server/secrets/default.nix
View File

@@ -13,7 +13,8 @@
path = "/home/hadi/.ssh/github";
mode = "0600";
};
# cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
cloudflare-dns-token = { path = "/etc/cloudflare/dnskey.txt"; };
nextcloud-pwd = { path = "/etc/nextcloud/pwd.txt"; };
};
};
}

44
server-modules/bitwarden.nix
View File

@@ -1,34 +1,26 @@
{ config, ... }:
let domain = "vault.hadi.diy";
in {
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://" + domain;
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://" + domain;
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
};
services.nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.vaultwarden.config.ROCKET_PORT
}";
nginx.virtualHosts."${domain}" = {
useACMEHost = "hadi.diy";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.vaultwarden.config.ROCKET_PORT
}";
};
};
};
security.acme.certs."hadi.diy" = {
domain = "hadi.diy";
extraDomainNames = [ "*.hadi.diy" ];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
}

50
server-modules/nextcloud.nix Normal file
View File

@@ -0,0 +1,50 @@
{ pkgs, config, ... }:
let domain = "cloud.hadi.diy";
in {
services = {
nginx.virtualHosts = {
"${domain}" = {
# DNS-01 challenge
useACMEHost = "hadi.diy";
forceSSL = true;
};
};
nextcloud = {
enable = true;
hostName = domain;
package = pkgs.nextcloud31;
database.createLocally = true;
configureRedis = true;
maxUploadSize = "16G";
https = true;
autoUpdateApps.enable = true;
settings = {
trusted_domains = [ domain ];
default_phone_region = "FR";
overwriteprotocol = "https";
};
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
# inherit calendar contacts notes onlyoffice tasks cookbook qownnotesapi;
inherit cookbook;
# Custom app example.
# socialsharing_telegram = pkgs.fetchNextcloudApp rec {
# url =
# "https://github.com/nextcloud-releases/socialsharing/releases/download/v3.0.1/socialsharing_telegram-v3.0.1.tar.gz";
# license = "agpl3";
# sha256 = "sha256-8XyOslMmzxmX2QsVzYzIJKNw6rVWJ7uDhU1jaKJ0Q8k=";
# };
};
config = {
dbtype = "pgsql";
adminuser = "hadi";
adminpassFile = config.sops.secrets.nextcloud-pwd.path;
};
# Suggested by Nextcloud's health check.
phpOptions."opcache.interned_strings_buffer" = "16";
};
};
}

11
server-modules/nginx.nix
View File

@@ -6,5 +6,16 @@
defaults.email = config.var.git.email;
};
security.acme.certs."hadi.diy" = {
domain = "hadi.diy";
extraDomainNames = [ "*.hadi.diy" ];
group = "nginx";
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
}