Merge branch 'main' into add-help-studentsforfuture-info
commit
dbd4b66411
|
@ -36,7 +36,6 @@ in {
|
|||
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
||||
|
||||
i18n.defaultLocale = "en_IE.UTF-8";
|
||||
time.timeZone = "UTC";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "de";
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs bat ]);
|
||||
|
||||
sound.enable = true;
|
||||
time.timeZone = "Europe/Berlin";
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
../../services/gitlab-runner.nix
|
||||
../../services/unifi.nix
|
||||
../../services/lantifa.nix
|
||||
../../services/vaultwarden.nix
|
||||
|
||||
./lxc.nix
|
||||
];
|
||||
|
|
|
@ -5,5 +5,12 @@ in {
|
|||
imports = [
|
||||
./nftnat
|
||||
./decklink.nix
|
||||
"${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
|
||||
];
|
||||
|
||||
# disabled since vaultwarden defines a dummy bitwarden_rs option that
|
||||
# shows a deprication warning, which conflicts with this module
|
||||
disabledModules = [
|
||||
"services/security/bitwarden_rs/default.nix"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -11,10 +11,10 @@
|
|||
"homepage": "https://nix-community.github.io/home-manager/",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f5adb9be829f487f99bcc0f1884f74ddb85f70c8",
|
||||
"sha256": "1x77fglv81rrpihkv8vnl1023hawg83k42vbflp76blgljv1sxm7",
|
||||
"rev": "7d9ba15214004c979d2c8733f8be12ce6502cf8a",
|
||||
"sha256": "18kmvzinsi9xgm81dk5kyd03m3y5nn125kmbkxf66xasrg13yqdv",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/f5adb9be829f487f99bcc0f1884f74ddb85f70c8.tar.gz",
|
||||
"url": "https://github.com/nix-community/home-manager/archive/7d9ba15214004c979d2c8733f8be12ce6502cf8a.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"mattermost-server": {
|
||||
|
@ -23,19 +23,19 @@
|
|||
"homepage": "https://mattermost.com",
|
||||
"owner": "mattermost",
|
||||
"repo": "mattermost-server",
|
||||
"rev": "a6629129eaa30e791706add18d0f3f51a688592b",
|
||||
"sha256": "1vihpmy7253yl87arlz8y9rahk1q69blykwm3172dk1hxajr7c13",
|
||||
"rev": "28ef5856ed5f1c3cfb29a869cb6f14662f964ff3",
|
||||
"sha256": "0qcl32lidvwjrg8kil8a67141lnbrdx3hha0y9cwdlz8b6l8gxsz",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v5.37.1.tar.gz",
|
||||
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v5.39.0.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
|
||||
"version": "5.37.1"
|
||||
"version": "5.39.0"
|
||||
},
|
||||
"mattermost-webapp": {
|
||||
"sha256": "00q1kcfda2z69ijpw71a6cbj76p5f57nj7pym44pp4cadi2wz180",
|
||||
"sha256": "1dm7zswz61p1008hkz0c4maq8382p8iv5kmc4ivzlqd2hhixbvvg",
|
||||
"type": "tarball",
|
||||
"url": "https://releases.mattermost.com/5.37.1/mattermost-5.37.1-linux-amd64.tar.gz",
|
||||
"url": "https://releases.mattermost.com/5.39.0/mattermost-5.39.0-linux-amd64.tar.gz",
|
||||
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
|
||||
"version": "5.37.1"
|
||||
"version": "5.39.0"
|
||||
},
|
||||
"mumble-website": {
|
||||
"branch": "master",
|
||||
|
@ -49,10 +49,10 @@
|
|||
"homepage": "https://github.com/nmattia/niv",
|
||||
"owner": "nmattia",
|
||||
"repo": "niv",
|
||||
"rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
|
||||
"sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
|
||||
"rev": "65a61b147f307d24bfd0a5cd56ce7d7b7cc61d2e",
|
||||
"sha256": "17mirpsx5wyw262fpsd6n6m47jcgw8k2bwcp1iwdnrlzy4dhcgqh",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
|
||||
"url": "https://github.com/nmattia/niv/archive/65a61b147f307d24bfd0a5cd56ce7d7b7cc61d2e.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nix-hexchen": {
|
||||
|
@ -81,10 +81,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96",
|
||||
"sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s",
|
||||
"rev": "6120ac5cd201f6cb593d1b80e861be0342495be9",
|
||||
"sha256": "04mrjxr1qsdcgcryx7yy72cgcw14c0770gfcgzrdfpnvmjdgbi9i",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/74d017edb6717ad76d38edc02ad3210d4ad66b96.tar.gz",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/6120ac5cd201f6cb593d1b80e861be0342495be9.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
|
@ -93,10 +93,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28",
|
||||
"sha256": "059hbdy43m448ccdi8fmglz9b980hv8fhpa695pl9cyi4lx3nlq4",
|
||||
"rev": "79c444b5bdeaba142d128afddee14c89ecf2a968",
|
||||
"sha256": "1qpkmv90b7sf2dvrc24nm8x2ws78w4aif1qi1zlglqssxfy888jm",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28.tar.gz",
|
||||
"url": "https://github.com/nixos/nixpkgs/archive/79c444b5bdeaba142d128afddee14c89ecf2a968.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"pbb-nixfiles": {
|
||||
|
|
|
@ -11,7 +11,7 @@ let
|
|||
};
|
||||
nodeHeaders = fetchurl {
|
||||
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
|
||||
sha256 = "19xsyjg9y71fw7hhz2f0nsfrijlyrk8ma9gs5kiq0y824lwnmyi4";
|
||||
sha256 = "0jzczy67qgw7arq8rprxv9wwb4axjjrhx72ss6a4rw5x08w58hbq";
|
||||
};
|
||||
webui = mkYarnPackage rec {
|
||||
inherit version;
|
||||
|
|
|
@ -60,7 +60,7 @@ let
|
|||
'';
|
||||
};
|
||||
|
||||
inherit (unstable) bottom;
|
||||
inherit (unstable) bottom vaultwarden vaultwarden-vault;
|
||||
};
|
||||
|
||||
in pkgs.extend(_: _: newpkgs)
|
||||
|
|
|
@ -80,8 +80,8 @@ in {
|
|||
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
|
||||
};
|
||||
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-789511a.tar.gz";
|
||||
sha256 = "0b5viv0d2pm1g68hynm8xbvcyw2cr3lgaxbqzdykk2yvvhc4w8j5";
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-6ab9c9c.tar.gz";
|
||||
sha256 = "03xyahqafgz174kmh14sqkqkx4nihdj2i0j8s97sycf2nzla63ww";
|
||||
};
|
||||
PageForms = pkgs.fetchzip {
|
||||
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DATA_FOLDER="/persist/var/lib/vaultwarden/data";
|
||||
LOG_LEVEL="error";
|
||||
SIGNUPS_ALLOWED=false;
|
||||
SIGNUPS_VERIFY=true;
|
||||
SIGNUPS_DOMAINS_WHITELIST="hacc.space";
|
||||
ORG_CREATION_USERS="admin@hacc.space";
|
||||
INVITATIONS_ALLOWED=true;
|
||||
INVITATION_ORG_NAME="haccwarden";
|
||||
|
||||
TRASH_AUTO_DELETE_DAYS=90;
|
||||
|
||||
DOMAIN="https://pw.hacc.space";
|
||||
ROCKET_ADDRESS="127.0.0.1";
|
||||
ROCKET_PORT=5354;
|
||||
ROCKET_WORKERS=2;
|
||||
|
||||
SMTP_HOST="mail.hacc.space";
|
||||
SMTP_FROM="vaultwarden@hacc.space";
|
||||
SMTP_FROM_NAME="haccwarden";
|
||||
SMTP_PORT=587;
|
||||
SMTP_USERNAME="noreply@infra4future.de";
|
||||
|
||||
};
|
||||
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
|
||||
dbBackend = "sqlite";
|
||||
backupDir = "/persist/data/vaultwarden_backups/";
|
||||
};
|
||||
|
||||
#work around ProtectSystem=strict, cleanup
|
||||
systemd.services.vaultwarden.serviceConfig = {
|
||||
ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
|
||||
StateDirectory = lib.mkForce "";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."pw.hacc.space" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5354";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue