nixaalborg/nixos
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add dotsrc vaultwarden and backup configuration

Browse source
This commit is contained in:
Emelie Graven 2022-02-14 21:30:24 +01:00
parent 02ffae5e7e
commit 4c5d415d2e
Signed by: emelie
GPG key ID: C11123726DBB55A1
5 changed files with 73 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/hosts/capetillo/configuration.nix
View file

@ -9,6 +9,8 @@
./services/nginx.nix
./services/mail.nix
./services/tor.nix
./services/vaultwarden.nix
./services/duplicity.nix
./data/secrets/secrets.nix
];
@ -50,7 +52,7 @@
];
};
users.groups.backup.members = [ "virtualMail" ];
users.groups.backup.members = [ "virtualMail" "vaultwarden" ];
users.groups.nginx.members = [ "deploy-web" ];
security.sudo.wheelNeedsPassword = false;

11
config/hosts/capetillo/services/duplicity.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
services.duplicity = {
enable = true;
include = [ "/var/lib/bitwarden_rs/backup" ];
frequency = "hourly";
targetUrl = "rsync://duplicity@2001:878:346::123/var/backups/vaultwarden";
extraFlags = [ "--no-encryption" ];
};
}

27
config/hosts/capetillo/services/mail.nix
View file

@ -4,7 +4,7 @@
imports = [
(builtins.fetchTarball {
# Pick a commit from the branch you are interested in
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz";
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303/nixos-mailserver-6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz";
# And set its hash
sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
})
@ -13,19 +13,22 @@
mailserver = {
enable = true;
fqdn = "nixaalb.org";
domains = [ "nixaalb.org" ];
domains = [ "nixaalb.org" "dotsrc.org"];
loginAccounts = {
"emelie@nixaalb.org" = {
hashedPasswordFile = config.secrets.files.mail_emelie_nixaalb_org.file;
aliases = [ "admin@nixaalb.org" ];
};
"sebastian@nixaalb.org" = {
hashedPasswordFile = config.secrets.files.mail_sebastian_nixaalb_org.file;
};
"noreply@anarkafem.dev" = {
hashedPasswordFile = config.secrets.files.mail_noreply_anarkafem_dev.file;
};
"emelie@nixaalb.org" = {
hashedPasswordFile = config.secrets.files.mail_emelie_nixaalb_org.file;
aliases = [ "admin@nixaalb.org" ];
};
"sebastian@nixaalb.org" = {
hashedPasswordFile = config.secrets.files.mail_sebastian_nixaalb_org.file;
};
"noreply@anarkafem.dev" = {
hashedPasswordFile = config.secrets.files.mail_noreply_anarkafem_dev.file;
};
"noreply@dotsrc.org" = {
hashedPasswordFile = config.secrets.files.mail_noreply_dotsrc.org;
};
};
certificateScheme = 3;
};

18
config/hosts/capetillo/services/nginx.nix
View file

@ -13,7 +13,23 @@
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Onion-Location http://ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion$request_uri;
'';
'';
};
"vault.dotsrc.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:3012";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
};
"mta-sts.nixaalb.org" = {
enableACME = true;

27
config/hosts/capetillo/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.vaultwarden = {
enable = true;
environmentFile = config.secrets.files.vaultwarden_env.file;
backupDir = "/var/lib/bitwarden_rs/backup";
config = {
domain = "https://vault.dotsrc.org";
signupsAllowed = false;
rocketPort = 8812;
ipHeader = "X-Real-IP";
websocketEnabled = true;
websocketAddress = "127.0.0.1";
websocketPort = "3012";
#dataDir = "/var/lib/vaultwarden";
smtpHost = "127.0.0.1";
smtpFrom = "noreply@dotsrc.org";
smtpFromName = "Vaultwarden";
smtpPort = 465;
smtpSsl = true;
smtpExplicitTls = true;
smtpAuthMechanism = "Login";
};
};
systemd.timers.backup-vaultwarden.timerConfig = { OnCalendar = "hourly" };
}