c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

services: vikunja: move to fort
All checks were successful
flake / build (push) Successful in 3m31s
Details

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2024-08-17 16:50:52 +02:00
parent 14632d40a7
commit 2875ee182b
Signed by: c8h4
GPG key ID: 6817E9C75C0785D7
7 changed files with 38 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -18,14 +18,14 @@ creation_rules:
- *christoph_maui
- *machine_tank
- *machine_fort
- path_regex: secrets/sops/(forgejo|grafana|home-assistant|navidrome|tank|vaultwarden|vikunja)\.yaml
- path_regex: secrets/sops/(forgejo|grafana|home-assistant|navidrome|tank|vaultwarden)\.yaml
key_groups:
- age:
- *christoph_trek
- *christoph_zero
- *christoph_maui
- *machine_tank
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|wireguard)\.yaml
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|vikunja|wireguard)\.yaml
key_groups:
- age:
- *christoph_trek

1
machines/fort.nix
View file

@ -25,6 +25,7 @@ in {
../services/nginx.nix
../services/node-exporter.nix
../services/restic-client.nix
../services/vikunja.nix
../services/web/c8h4-io.nix
../system/btrfs.nix
../system/deploy-target.nix

1
machines/tank.nix
View file

@ -15,7 +15,6 @@
../services/prometheus.nix
../services/restic-client.nix
../services/vaultwarden.nix
../services/vikunja.nix
../system/baremetal-server.nix
../system/btrfs.nix
../system/ucode-amd.nix

BIN
secrets/machines/fort.nix
View file

Binary file not shown.

BIN
secrets/machines/tank.nix
View file

Binary file not shown.

42
secrets/sops/vikunja.yaml
View file

@ -9,38 +9,38 @@ sops:
- recipient: age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK2J6eEgrYnM4QmpaQTJQ
bXZpWk9rWVNUOFpaU3ZETlhaOGRjT0ZtMnhFClZmaFBTakNtMUZCZ3QxN09SNUJY
Rzl4ZkovNzM4OHZXa0J5NE1YRWU0ZXMKLS0tIENNOUFqL0wvSjhHVzNSTkVjWmow
eGZqOHdxUUhxWXl2ODRJc0FnRlFRcU0K2cD0+hNZluCV7mVAZ5sIEP0pTielkxQw
MnFohJYLhGsvcrQZk1do8/6qEFnLWsJawyDhI9JTeQIcZ/S8Kn3NkA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZTEzdHd0TWRyUkhHbGwy
ckhYMzN1TUt5WHhmRnBVNWdqMFFWVUtVZjIwCit2SDRKajVoR3NSczRydXVSd2dl
aFFadjl1VXBybEx6a0hwZVd0aGNIbDgKLS0tIFUxeTQ1U2hGRGNlYXJwRmVQUCtv
bzIvTkRVdFVybDhsdVVKdlg2YjlraW8KwJT81+twdAPSJW7dqxyPSmxSsAPNYj6n
xx+Q8HgDN3DoAAoOYjGOs9iKcb14Jz+rqAc1MOdCCEElI8LaGTy9Ig==
-----END AGE ENCRYPTED FILE-----
- recipient: age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVkpRSkJyVWZnRkhWdlJJ
UWxxakh2emF1ZFU1R3BPVHJodUJKOGFML0ZnCmdNK2VNT0F5b29IckUxYUo4TlFB
Nm13SWNleFVqWHUyY1ZlY1dINVhzQmMKLS0tIFo3blBJUzNYZXdKZFFmYVJtWm02
ZzgySnR2aGFvKy9uMS9IUGtadmxidzAK1UWDr6wFJ49CFTSAEaHARYKAXvrJju/J
xhbKTBfEvJfT0VFD6JF3qOlYETbxu/QbhNXME/MzQEjhutvuayw2ug==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMVUrSndUbndlVnRsUDNP
K21pRmVnSFpmQnpJRVMwZjFqVXoxcEVaeUJVCmo2b0ptdXlUaEJKNTJaZzdvQThy
MWVvV3AyQndnSHQxdGduTUVyejMza2MKLS0tIG01ZWlQWVBscEhWQ3FlQVplVUhv
U0xrdDNaY3pOZDIvRzRkMk5WTVg4QVkKixgQUQvrGgq3vgbZlt3Pz35bFHApgpXR
72u8QXUlThHNuI9DBVnvjgAnEY3or2EK9l+N1WxruDMyp0rq7z7P/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRHBrKzc2azFTUnczSVpv
eUV2NUZFdGZvSFVwYUg5cTVJbVYyV1ZiR1FZCmZQVHd6RHYxQWlxQ2hjcXdxSlFp
MElScFh4azhhNTNjd2RlTEtsbzZBeGsKLS0tIG1JZTFoNHlHOVFpc0NaQ1hVWTJk
cG8zeTYrd1ZFckxSVVBFM1dLbldSbnMKP7Y4FFBvO77Oq5+MYc/425VrhhX/Hpvo
XJekxSIQ4iSF1XSYVnzXG9VuRt+vs68797la6+P830eVo05VqTyx1Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZzd1eTA2WHNYTFZJNWx4
LzlKSlpBcUl2dXVCVkI2NzE0cUZCU2FpSlg4CmtuRHNkSzdDU2N2Ri9RQVBJeTBK
MGU2dzhwSkZRMWFRcENzcDUxcm92eEkKLS0tIHliLzdheDNxVi9RZG8yelVjdUZj
cFlmOGVqZDJrMWU0S0VGREV6emdjZm8KHYWbGM3lZKnyuOxgb41/gkoiMimsg/6Q
LK2pW6GHenHce193S3l+w2oMaFWGgD7xrBzJHq7zUzuWYFC/XI3MaQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh
- recipient: age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGk0TGtJaVdNcUVsZUdM
UmV0ZjIxV09FdEpQU0VyUGduUkZQTHBKQVZZCjhZSXZ3dS9kUlljclVSbGdueHJh
Q3A2OVROVTFBN2VwK0llN2wzVGQwbFEKLS0tIFQydVRrSGt3bHpFSHFSaW5UcU5Y
SEI4OGxYR25VQ3RPODd2VjdnQzMyRlEKyZBVs3pYccrAo+ZFqDM3WQlH8vYPKa5M
bLqbOoVSvpbYwZwnPmA6g3SEXAqWQ33jGJwPAARR17+qLc6GHup56A==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSmpTcUJwRDF4R05vTkxT
SU1XRzB0MmFUOXc1UWxqMnZsTTZOZjU5aUI0CkpsUnhDRG5zdG41cFNsZGl4V1ZD
c1RveXBScm5MRXZhUmdiOXJVKzNQYXMKLS0tIHVPdzVldmxhd3VLL0hUYmZsang3
RVpLdlFXUXlHY3NmSEV1bjQ0cFhPMFUKCgnYvkDW8X2OBR/nTFX+xEXOm9QmGck9
jlBzZ7wJMt8KF1QGpvoPXrvI/htMZGkBgKuEa9m/7JlxEb0TjW0dqw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-05T21:31:38Z"
mac: ENC[AES256_GCM,data:lh0P1Ojv0YXEvYWZQHGOtBva2dmbouQFL2OGdf2AB8bbwZBvlF/3Vq1ngyTFOzCD1IXSvnF3S4hcCUWIeswlE+/CmaUYV74/3jQ3bwHhvP99RU7MIAHTXNf0jyLKSlcMHgHRUMzNsCpgBaL2mY0hWY0shCWSuOb4qUO+n009Yhg=,iv:+1qM0+O+kmTz93G7OnnJyIUJWsDh4dQwEzDJ5hDKZik=,tag:7eqK7qskFjqpcOUMfBdXVQ==,type:str]

26
services/vikunja.nix
View file

@ -12,10 +12,7 @@ in {
frontendScheme = "https";
frontendHostname = fqdn;
environmentFiles = [ secrets."vikunja/env".path ];
database = {
type = "postgres";
host = "/run/postgresql";
};
database.type = "sqlite";
settings = {
service = {
timezone = "Europe/Vienna";
@ -23,17 +20,22 @@ in {
enableregistration = false;
};
log.http = "off";
files.maxsize = "128MB";
files.maxsize = "64MB";
defaultsettings.week_start = 1;
};
};
services.postgresql = {
ensureDatabases = [ vikunjaDbCfg.database ];
ensureUsers = [{
name = vikunjaDbCfg.user;
ensureDBOwnership = true;
ensureClauses.login = true;
}];
services.nginx.virtualHosts.${fqdn} = let serverCfg = config.services.vikunja;
in {
forceSSL = true;
useACMEHost = my.domain;
kTLS = true;
locations."/" = {
proxyPass = "http://[::1]:${toString serverCfg.port}";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 64M;
'';
};
};
}