ah
This commit is contained in:
parent
d6ebd1314c
commit
c6cd790e4f
|
@ -23,8 +23,6 @@
|
|||
# };
|
||||
# };
|
||||
|
||||
|
||||
|
||||
# services.rustdesk-server = {
|
||||
# enable = true;
|
||||
# openFirewall = true;
|
||||
|
|
|
@ -64,14 +64,13 @@ in {
|
|||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
services.logind.extraConfig = ''
|
||||
# don’t shutdown when power button is short-pressed
|
||||
HandleLidSwitch=ignore
|
||||
HandleLidSwitchExternalPower=ignore
|
||||
HandleLidSwitchDocked=ignore
|
||||
'';
|
||||
|
||||
|
||||
boot.loader.grub.enableCryptodisk = true;
|
||||
|
||||
services.tailscale.enable = true;
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{config, pkgs, ...}: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.nginx.virtualHosts."nextcloud.vulpecula.zone" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -14,4 +18,4 @@
|
|||
config.dbtype = "sqlite";
|
||||
https = true;
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,48 @@
|
|||
{inputs, ...}: {
|
||||
{inputs, config, ...}: {
|
||||
services.nginx.virtualHosts."vault.vulpecula.zone" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
# root = ;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
};
|
||||
};
|
||||
|
||||
services.vaultwarden.enable = true;
|
||||
services.bitwarden-directory-connector-cli.domain = "vault.vulpecula.zone";
|
||||
|
||||
services.vaultwarden.config = {
|
||||
DOMAIN = "https://vault.vulpecula.zone";
|
||||
SIGNUPS_ALLOWED = true;
|
||||
|
||||
# Vaultwarden currently recommends running behind a reverse proxy
|
||||
# (nginx or similar) for TLS termination, see
|
||||
# https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#reverse-proxying
|
||||
# > you should avoid enabling HTTPS via vaultwarden's built-in Rocket TLS support,
|
||||
# > especially if your instance is publicly accessible.
|
||||
#
|
||||
# A suitable NixOS nginx reverse proxy example config might be:
|
||||
#
|
||||
# services.nginx.virtualHosts."bitwarden.example.com" = {
|
||||
# enableACME = true;
|
||||
# forceSSL = true;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
# };
|
||||
# };
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 62107;
|
||||
|
||||
ROCKET_LOG = "critical";
|
||||
|
||||
# This example assumes a mailserver running on localhost,
|
||||
# thus without transport encryption.
|
||||
# If you use an external mail server, follow:
|
||||
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
|
||||
# SMTP_HOST = "127.0.0.1";
|
||||
# SMTP_PORT = 25;
|
||||
# SMTP_SSL = false;
|
||||
|
||||
# SMTP_FROM = "admin@bitwarden.example.com";
|
||||
# SMTP_FROM_NAME = "example.com Bitwarden server";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue