tasiaiso/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

ah

Browse source
This commit is contained in:
Tasia Iso 2025-02-03 00:15:05 +01:00
parent d6ebd1314c
commit c6cd790e4f
Signed by: tasiaiso
SSH key fingerprint: SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
4 changed files with 47 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/cave/fuckery.nix
View file

@ -23,8 +23,6 @@
# }; # };
# }; # };
# services.rustdesk-server = { # services.rustdesk-server = {
# enable = true; # enable = true;
# openFirewall = true; # openFirewall = true;

3
hosts/jo/configuration.nix
View file

@ -64,14 +64,13 @@ in {
"/crypto_keyfile.bin" = null; "/crypto_keyfile.bin" = null;
}; };
services.logind.extraConfig = '' services.logind.extraConfig = ''
# dont shutdown when power button is short-pressed # dont shutdown when power button is short-pressed
HandleLidSwitch=ignore HandleLidSwitch=ignore
HandleLidSwitchExternalPower=ignore HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore HandleLidSwitchDocked=ignore
''; '';
boot.loader.grub.enableCryptodisk = true; boot.loader.grub.enableCryptodisk = true;
services.tailscale.enable = true; services.tailscale.enable = true;

6
hosts/vulpecula-vps/nextcloud.nix
View file

@ -1,4 +1,8 @@
{config, pkgs, ...}: { {
config,
pkgs,
...
}: {
services.nginx.virtualHosts."nextcloud.vulpecula.zone" = { services.nginx.virtualHosts."nextcloud.vulpecula.zone" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;

42
hosts/vulpecula-vps/vaultwarden.nix
View file

@ -1,10 +1,48 @@
{inputs, ...}: { {inputs, config, ...}: {
services.nginx.virtualHosts."vault.vulpecula.zone" = { services.nginx.virtualHosts."vault.vulpecula.zone" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
# root = ; locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
}; };
services.vaultwarden.enable = true; services.vaultwarden.enable = true;
services.bitwarden-directory-connector-cli.domain = "vault.vulpecula.zone"; services.bitwarden-directory-connector-cli.domain = "vault.vulpecula.zone";
services.vaultwarden.config = {
DOMAIN = "https://vault.vulpecula.zone";
SIGNUPS_ALLOWED = true;
# Vaultwarden currently recommends running behind a reverse proxy
# (nginx or similar) for TLS termination, see
# https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#reverse-proxying
# > you should avoid enabling HTTPS via vaultwarden's built-in Rocket TLS support,
# > especially if your instance is publicly accessible.
#
# A suitable NixOS nginx reverse proxy example config might be:
#
# services.nginx.virtualHosts."bitwarden.example.com" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
# };
# };
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 62107;
ROCKET_LOG = "critical";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
# SMTP_HOST = "127.0.0.1";
# SMTP_PORT = 25;
# SMTP_SSL = false;
# SMTP_FROM = "admin@bitwarden.example.com";
# SMTP_FROM_NAME = "example.com Bitwarden server";
};
} }