lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vaultwarden up

Browse source
This commit is contained in:
Daniel Flanagan 2024-09-06 16:05:29 -05:00
parent 72a49c2f28
commit e2c3b08fc7
2 changed files with 15 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -267,6 +267,7 @@
} }
common common
podman
troubleshooting-tools troubleshooting-tools
linux linux
fonts fonts

43
nixos/beefcake.nix
View file

@ -802,7 +802,6 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
services.gitea-actions-runner = { services.gitea-actions-runner = {
# TODO: simple git-based automation would be dope? maybe especially for # TODO: simple git-based automation would be dope? maybe especially for
# mirroring to github super easy? # mirroring to github super easy?
# enable = true;
package = pkgs.forgejo-runner; package = pkgs.forgejo-runner;
instances."beefcake" = { instances."beefcake" = {
enable = false; enable = false;
@ -849,20 +848,20 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
''; '';
}; };
} }
# { {
# services.vaultwarden = { services.vaultwarden = {
# enable = true; enable = true;
# config = { config = {
# DOMAIN = "https://bw.lyte.dev"; DOMAIN = "https://bw.lyte.dev";
# SIGNUPS_ALLOWED = "false"; SIGNUPS_ALLOWED = "false";
# ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
# ROCKET_PORT = 8222; ROCKET_PORT = 8222;
# }; };
# }; };
# services.caddy.virtualHosts."bw.lyte.dev" = { services.caddy.virtualHosts."bw.lyte.dev" = {
# extraConfig = ''reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}''; extraConfig = ''reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}'';
# }; };
# } }
# { # {
# # TODO: make the client declarative? right now I think it's manually git # # TODO: make the client declarative? right now I think it's manually git
# # clone'd to /root # # clone'd to /root
@ -1384,22 +1383,8 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
# or # or
# users.users.example-user.extraGroups = [ config.users.groups.keys.name ]; # users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
# TODO: directory attributes for /storage subdirectories?
# example: user daniel should be able to write to /storage/files.lyte.dev and
# caddy should be able to serve it
# TODO: declarative directory quotas? for storage/$USER and /home/$USER # TODO: declarative directory quotas? for storage/$USER and /home/$USER
# TODO: would be nice to get ALL the storage stuff declared in here
# should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs?
virtualisation.oci-containers.backend = "podman";
virtualisation.podman = {
# autoPrune.enable = true;
# defaultNetwork.settings = {
# driver = "host";
# };
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
restic restic
btrfs-progs btrfs-progs