chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
Chris Kruining 2025-12-01 20:56:56 +01:00
parent f288c688d0
commit d9dff63cea
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
2 changed files with 68 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/services/media/mydia/default.nix
View file

@ -24,6 +24,7 @@ in {
package = inputs.mydia.packages.${system}.default; package = inputs.mydia.packages.${system}.default;
port = 2010; port = 2010;
listenAddress = "0.0.0.0";
openFirewall = true; openFirewall = true;
secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;

63
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -1,25 +1,31 @@
{ pkgs, config, lib, namespace, ... }: {
let pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
cfg = config.${namespace}.services.security.vaultwarden; cfg = config.${namespace}.services.security.vaultwarden;
databaseProviderSqlite = types.submodule ({ ... }: { databaseProviderSqlite = types.submodule ({...}: {
options = { options = {
type = mkOption { type = mkOption {
type = types.enum [ "sqlite" ]; type = types.enum ["sqlite"];
}; };
file = mkOption { file = mkOption {
type = types.str; type = types.path;
description = ''''; description = ''
Path to sqlite database file.
'';
}; };
}; };
}); });
databaseProviderPostgresql = types.submodule ({ ... }: databaseProviderPostgresql = types.submodule ({...}: let
let
urlOptions = lib.${namespace}.options.mkUrlOptions { urlOptions = lib.${namespace}.options.mkUrlOptions {
host = { host = {
description = '' description = ''
@ -40,15 +46,15 @@ let
example = "postgres"; example = "postgres";
}; };
}; };
in in {
options =
{ {
options = {
type = mkOption { type = mkOption {
type = types.enum [ "postgresql" ]; type = types.enum ["postgresql"];
}; };
sslMode = mkOption { sslMode = mkOption {
type = types.enum [ "verify-ca" "verify-full" "require" "prefer" "allow" "disabled" ]; type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
default = "verify-full"; default = "verify-full";
example = "verify-ca"; example = "verify-ca";
description = '' description = ''
@ -66,10 +72,10 @@ let
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
''; '';
}; };
} // (urlOptions |> getAttrs [ "protocol" "host" "port" ]); }
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
}); });
in in {
{
options.${namespace}.services.security.vaultwarden = { options.${namespace}.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden"; enable = mkEnableOption "enable vaultwarden";
@ -136,7 +142,7 @@ in
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = ["vaultwarden"];
ensureUsers = [ ensureUsers = [
{ {
name = "vaultwarden"; name = "vaultwarden";
@ -171,7 +177,7 @@ in
owner = config.users.users.vaultwarden.name; owner = config.users.users.vaultwarden.name;
group = config.users.users.vaultwarden.name; group = config.users.users.vaultwarden.name;
key = "email/chris_kruining_eu"; key = "email/chris_kruining_eu";
restartUnits = [ "vaultwarden.service" ]; restartUnits = ["vaultwarden.service"];
}; };
}; };
@ -183,15 +189,15 @@ in
owner = config.users.users.vaultwarden.name; owner = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name; group = config.users.groups.vaultwarden.name;
}; };
temp-db-output.content = temp-db-output.content = let
let
config = config =
cfg.database cfg.database
|> ({ type, ... }@db: |> (
if type == "sqlite" then {type, ...} @ db:
{ inherit (db) type file; } if type == "sqlite"
else if type == "postgresql" then then {inherit (db) type file;}
{ else if type == "postgresql"
then {
inherit (db) type; inherit (db) type;
url = lib.${namespace}.strings.toUrl { url = lib.${namespace}.strings.toUrl {
inherit (db) protocol host port; inherit (db) protocol host port;
@ -201,13 +207,10 @@ in
}; };
}; };
} }
else else {}
{}
) )
|> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}") |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}");
; in ''
in
''
# GENERATED VALUES # GENERATED VALUES
${config} ${config}
''; '';