This commit is contained in:
Tasia Iso 2025-02-03 00:15:05 +01:00
parent d6ebd1314c
commit c6cd790e4f
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
4 changed files with 47 additions and 8 deletions

View file

@ -23,8 +23,6 @@
# };
# };
# services.rustdesk-server = {
# enable = true;
# openFirewall = true;

View file

@ -64,14 +64,13 @@ in {
"/crypto_keyfile.bin" = null;
};
services.logind.extraConfig = ''
services.logind.extraConfig = ''
# dont shutdown when power button is short-pressed
HandleLidSwitch=ignore
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
'';
boot.loader.grub.enableCryptodisk = true;
services.tailscale.enable = true;

View file

@ -1,4 +1,8 @@
{config, pkgs, ...}: {
{
config,
pkgs,
...
}: {
services.nginx.virtualHosts."nextcloud.vulpecula.zone" = {
addSSL = true;
enableACME = true;
@ -14,4 +18,4 @@
config.dbtype = "sqlite";
https = true;
};
}
}

View file

@ -1,10 +1,48 @@
{inputs, ...}: {
{inputs, config, ...}: {
services.nginx.virtualHosts."vault.vulpecula.zone" = {
addSSL = true;
enableACME = true;
# root = ;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
services.vaultwarden.enable = true;
services.bitwarden-directory-connector-cli.domain = "vault.vulpecula.zone";
services.vaultwarden.config = {
DOMAIN = "https://vault.vulpecula.zone";
SIGNUPS_ALLOWED = true;
# Vaultwarden currently recommends running behind a reverse proxy
# (nginx or similar) for TLS termination, see
# https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#reverse-proxying
# > you should avoid enabling HTTPS via vaultwarden's built-in Rocket TLS support,
# > especially if your instance is publicly accessible.
#
# A suitable NixOS nginx reverse proxy example config might be:
#
# services.nginx.virtualHosts."bitwarden.example.com" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
# };
# };
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 62107;
ROCKET_LOG = "critical";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
# SMTP_HOST = "127.0.0.1";
# SMTP_PORT = 25;
# SMTP_SSL = false;
# SMTP_FROM = "admin@bitwarden.example.com";
# SMTP_FROM_NAME = "example.com Bitwarden server";
};
}