fix: All machine have they own hardware
This commit is contained in:
Wateir
parent
1637885001
commit
4070c37cc5
17 changed files with 286 additions and 103 deletions
|
|
@ -1,11 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
lib.mkIf config.sACME.enable {
|
||||
lib.mkIf config.module.acme.enable {
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = config.sACME.email;
|
||||
defaults.email = "noreply@wateir.fr";
|
||||
|
||||
certs."${config.sACME.domain}" = {
|
||||
certs."${config.module.domain}" = {
|
||||
dnsProvider = "ovh";
|
||||
environmentFile = "/etc/acme.env";
|
||||
};
|
||||
|
|
|
|||
12
module/default.nix
Normal file
12
module/default.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./nginx.nix
|
||||
./newt.nix
|
||||
./tailscale.nix
|
||||
./acme.nix
|
||||
./searXNG.nix
|
||||
./roundcube.nix
|
||||
./vaultWarden.nix
|
||||
];
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
{config,lib, ... }:
|
||||
|
||||
lib.mkIf config.sNEWT.enable{
|
||||
lib.mkIf config.module.newt.enable{
|
||||
services.newt = {
|
||||
enable = true;
|
||||
environmentFile = "/etc/newt.env";
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@ with lib;
|
|||
services.nginx.enable = true;
|
||||
|
||||
services.nginx.virtualHosts = mkMerge [
|
||||
(mkIf config.sVAULTWARDEN.enable {
|
||||
"${config.HostName}-vault" = {
|
||||
listen = [{ addr = "0.0.0.0"; port = config.sVAULTWARDEN.externalPort; }];
|
||||
(mkIf config.module.vaultwarden.enable {
|
||||
"${config.module.hostName}-vault" = {
|
||||
listen = [{ addr = "0.0.0.0"; port = config.module.vaultwarden.externalPort; }];
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.sVAULTWARDEN.internalPort}";
|
||||
proxyPass = "http://127.0.0.1:${toString config.module.vaultwarden.internalPort}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -21,9 +21,9 @@ with lib;
|
|||
};
|
||||
})
|
||||
|
||||
(mkIf config.sROUNDCUBE.enable {
|
||||
"${config.HostName}-roundcube" = {
|
||||
listen = [{ addr = "0.0.0.0"; port = config.sROUNDCUBE.port; }];
|
||||
(mkIf config.module.roundcube.enable {
|
||||
"${config.module.hostName}-roundcube" = {
|
||||
listen = [{ addr = "0.0.0.0"; port = config.module.roundcube.port; }];
|
||||
root = "${pkgs.roundcube}/public_html";
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
|
|
@ -43,7 +43,7 @@ with lib;
|
|||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = concatLists [
|
||||
(if config.sVAULTWARDEN.enable then [ config.sVAULTWARDEN.externalPort ] else [])
|
||||
(if config.sROUNDCUBE.enable then [ config.sROUNDCUBE.port ] else [])
|
||||
(if config.module.vaultwarden.enable then [ config.module.vaultwarden.externalPort ] else [])
|
||||
(if config.module.roundcube.enable then [ config.module.roundcube.port ] else [])
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,22 +1,42 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
lib.mkIf config.sROUNDCUBE.enable {
|
||||
lib.mkIf config.module.roundcube.enable {
|
||||
age.secrets = {
|
||||
smtp_server = {
|
||||
file = ../secrets/smtp_server.age;
|
||||
owner = "roundcube";
|
||||
group = "roundcube";
|
||||
mode = "0400";
|
||||
};
|
||||
imap_server = {
|
||||
file = ../secrets/imap_server.age;
|
||||
owner = "roundcube";
|
||||
group = "roundcube";
|
||||
mode = "0400";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
hostName = "${config.HostName}";
|
||||
hostName = "mail.${config.module.domain}";
|
||||
|
||||
plugins = [ "multiple_accounts" ];
|
||||
configureNginx = false;
|
||||
|
||||
extraConfig = ''
|
||||
# PurelyMail configuration
|
||||
$config['default_host'] = 'ssl://imap.purelymail.com';
|
||||
$config['default_host'] = trim(
|
||||
file_get_contents('${config.age.secrets.imap_server.path}')
|
||||
);
|
||||
$config['default_port'] = 993;
|
||||
$config['smtp_server'] = 'tls://smtp.purelymail.com';
|
||||
$config['smtp_server'] = trim(
|
||||
file_get_contents('${config.age.secrets.smtp_server.path}')
|
||||
);
|
||||
$config['smtp_port'] = 465;
|
||||
$config['smtp_user'] = '%u';
|
||||
$config['smtp_pass'] = '%p';
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
systemd.services.nginx.serviceConfig.ProtectHome = false;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ config,lib,pkgs, ... }:
|
||||
|
||||
lib.mkIf config.sSEARXNG.enable {
|
||||
lib.mkIf config.module.roundcube.enable {
|
||||
services.searx = {
|
||||
enable = true;
|
||||
redisCreateLocally = true;
|
||||
|
|
@ -9,7 +9,7 @@ lib.mkIf config.sSEARXNG.enable {
|
|||
environmentFile = "/etc/searx.env";
|
||||
settings.server = {
|
||||
bind_address = "0.0.0.0";
|
||||
port = config.sSEARXNG.port;
|
||||
port = config.module.searxng.port;
|
||||
};
|
||||
settings.engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
|
||||
"wikidata".disabled = true;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
lib.mkIf config.sTAILSCALE.enable {
|
||||
lib.mkIf config.module.tailscale.enable {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
extraDaemonFlags = [
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
lib.mkIf config.sVAULTWARDEN.enable {
|
||||
lib.mkIf config.module.vaultwarden.enable {
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
ROCKET_PORT = config.sVAULTWARDEN.internalPort;
|
||||
ROCKET_PORT = config.module.vaultwarden.internalPort;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
SIGNUPS_ALLOWED = true;
|
||||
SIGNUPS_ALLOWED = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue