Add dotsrc vaultwarden and backup configuration
This commit is contained in:
parent
02ffae5e7e
commit
4c5d415d2e
|
@ -9,6 +9,8 @@
|
|||
./services/nginx.nix
|
||||
./services/mail.nix
|
||||
./services/tor.nix
|
||||
./services/vaultwarden.nix
|
||||
./services/duplicity.nix
|
||||
./data/secrets/secrets.nix
|
||||
];
|
||||
|
||||
|
@ -50,7 +52,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
users.groups.backup.members = [ "virtualMail" ];
|
||||
users.groups.backup.members = [ "virtualMail" "vaultwarden" ];
|
||||
users.groups.nginx.members = [ "deploy-web" ];
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
|
11
config/hosts/capetillo/services/duplicity.nix
Normal file
11
config/hosts/capetillo/services/duplicity.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
services.duplicity = {
|
||||
enable = true;
|
||||
include = [ "/var/lib/bitwarden_rs/backup" ];
|
||||
frequency = "hourly";
|
||||
targetUrl = "rsync://duplicity@2001:878:346::123/var/backups/vaultwarden";
|
||||
extraFlags = [ "--no-encryption" ];
|
||||
};
|
||||
}
|
|
@ -4,7 +4,7 @@
|
|||
imports = [
|
||||
(builtins.fetchTarball {
|
||||
# Pick a commit from the branch you are interested in
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122a947b40e551438df6a623efad19fd2e7/nixos-mailserver-5675b122a947b40e551438df6a623efad19fd2e7.tar.gz";
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6e3a7b2ea6f0d68b82027b988aa25d3423787303/nixos-mailserver-6e3a7b2ea6f0d68b82027b988aa25d3423787303.tar.gz";
|
||||
# And set its hash
|
||||
sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
|
||||
})
|
||||
|
@ -13,19 +13,22 @@
|
|||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "nixaalb.org";
|
||||
domains = [ "nixaalb.org" ];
|
||||
domains = [ "nixaalb.org" "dotsrc.org"];
|
||||
|
||||
loginAccounts = {
|
||||
"emelie@nixaalb.org" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_emelie_nixaalb_org.file;
|
||||
aliases = [ "admin@nixaalb.org" ];
|
||||
};
|
||||
"sebastian@nixaalb.org" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_sebastian_nixaalb_org.file;
|
||||
};
|
||||
"noreply@anarkafem.dev" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_noreply_anarkafem_dev.file;
|
||||
};
|
||||
"emelie@nixaalb.org" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_emelie_nixaalb_org.file;
|
||||
aliases = [ "admin@nixaalb.org" ];
|
||||
};
|
||||
"sebastian@nixaalb.org" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_sebastian_nixaalb_org.file;
|
||||
};
|
||||
"noreply@anarkafem.dev" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_noreply_anarkafem_dev.file;
|
||||
};
|
||||
"noreply@dotsrc.org" = {
|
||||
hashedPasswordFile = config.secrets.files.mail_noreply_dotsrc.org;
|
||||
};
|
||||
};
|
||||
certificateScheme = 3;
|
||||
};
|
||||
|
|
|
@ -13,7 +13,23 @@
|
|||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Onion-Location http://ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion$request_uri;
|
||||
'';
|
||||
'';
|
||||
};
|
||||
"vault.dotsrc.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8812";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://localhost:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://localhost:8812";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"mta-sts.nixaalb.org" = {
|
||||
enableACME = true;
|
||||
|
|
27
config/hosts/capetillo/services/vaultwarden.nix
Normal file
27
config/hosts/capetillo/services/vaultwarden.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = config.secrets.files.vaultwarden_env.file;
|
||||
backupDir = "/var/lib/bitwarden_rs/backup";
|
||||
config = {
|
||||
domain = "https://vault.dotsrc.org";
|
||||
signupsAllowed = false;
|
||||
rocketPort = 8812;
|
||||
ipHeader = "X-Real-IP";
|
||||
websocketEnabled = true;
|
||||
websocketAddress = "127.0.0.1";
|
||||
websocketPort = "3012";
|
||||
#dataDir = "/var/lib/vaultwarden";
|
||||
smtpHost = "127.0.0.1";
|
||||
smtpFrom = "noreply@dotsrc.org";
|
||||
smtpFromName = "Vaultwarden";
|
||||
smtpPort = 465;
|
||||
smtpSsl = true;
|
||||
smtpExplicitTls = true;
|
||||
smtpAuthMechanism = "Login";
|
||||
};
|
||||
};
|
||||
systemd.timers.backup-vaultwarden.timerConfig = { OnCalendar = "hourly" };
|
||||
}
|
||||
|
Loading…
Reference in a new issue