m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+vautwarden, +slash@nemoti

Browse Source
This commit is contained in:
Sascha Koenig 2025-05-07 23:46:40 +02:00
parent a3a85c3596
commit 7fec29f602
6 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/m3-atlas/secrets.nix
View File

@ -29,6 +29,9 @@
file = ../../secrets/traefik.age; file = ../../secrets/traefik.age;
owner = "traefik"; owner = "traefik";
}; };
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
};
m3tam3re-secrets = { m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age; file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re"; owner = "m3tam3re";

27
hosts/m3-atlas/services/containers/slash-nemoti.nix Normal file
View File

@ -0,0 +1,27 @@
{
virtualisation.oci-containers.containers."slash" = {
image = "docker.io/yourselfhosted/slash:latest";
ports = ["127.0.0.1:3016:5231"];
volumes = [
"slash_data:/var/opt/slash"
];
extraOptions = ["--ip=10.89.0.16" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.slash.loadBalancer.servers = [
{
url = "http://localhost:3016/";
}
];
routers.slash = {
rule = "Host(`l.nemoti.art`)";
tls = {
certResolver = "godaddy";
};
service = "slash";
entrypoints = "websecure";
};
};
}

1
hosts/m3-atlas/services/default.nix
View File

@ -10,6 +10,7 @@
./searx.nix ./searx.nix
./tailscale.nix ./tailscale.nix
./traefik.nix ./traefik.nix
./vaultwarden.nix
./wastebin.nix ./wastebin.nix
]; ];
} }

29
hosts/m3-atlas/services/vaultwarden.nix Normal file
View File

@ -0,0 +1,29 @@
{config, ...}: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 3013;
};
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
# Traefik configuration for headscale
services.traefik.dynamicConfigOptions.http = {
services.vaultwarden.loadBalancer.servers = [
{
url = "http://localhost:3009/";
}
];
routers.vaultwarden = {
rule = "Host(`vw.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "vaultwarden";
entrypoints = "websecure";
};
};
}

1
secrets.nix
View File

@ -28,6 +28,7 @@ in {
"secrets/searx.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users;
"secrets/tailscale-key.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users;
"secrets/traefik.age".publicKeys = systems ++ users; "secrets/traefik.age".publicKeys = systems ++ users;
"secrets/vaultwarden-env.age".publicKeys = systems ++ users;
"secrets/wg-DE.age".publicKeys = systems ++ users; "secrets/wg-DE.age".publicKeys = systems ++ users;
"secrets/wg-NL.age".publicKeys = systems ++ users; "secrets/wg-NL.age".publicKeys = systems ++ users;
"secrets/wg-NO.age".publicKeys = systems ++ users; "secrets/wg-NO.age".publicKeys = systems ++ users;

BIN
secrets/vaultwarden-env.age Normal file
View File

Binary file not shown.