Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
14632d40a7
commit
2875ee182b
|
@ -18,14 +18,14 @@ creation_rules:
|
|||
- *christoph_maui
|
||||
- *machine_tank
|
||||
- *machine_fort
|
||||
- path_regex: secrets/sops/(forgejo|grafana|home-assistant|navidrome|tank|vaultwarden|vikunja)\.yaml
|
||||
- path_regex: secrets/sops/(forgejo|grafana|home-assistant|navidrome|tank|vaultwarden)\.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *christoph_trek
|
||||
- *christoph_zero
|
||||
- *christoph_maui
|
||||
- *machine_tank
|
||||
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|wireguard)\.yaml
|
||||
- path_regex: secrets/sops/(alertmanager|fort|matrix-hookshot|vikunja|wireguard)\.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *christoph_trek
|
||||
|
|
|
@ -25,6 +25,7 @@ in {
|
|||
../services/nginx.nix
|
||||
../services/node-exporter.nix
|
||||
../services/restic-client.nix
|
||||
../services/vikunja.nix
|
||||
../services/web/c8h4-io.nix
|
||||
../system/btrfs.nix
|
||||
../system/deploy-target.nix
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
../services/prometheus.nix
|
||||
../services/restic-client.nix
|
||||
../services/vaultwarden.nix
|
||||
../services/vikunja.nix
|
||||
../system/baremetal-server.nix
|
||||
../system/btrfs.nix
|
||||
../system/ucode-amd.nix
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -9,38 +9,38 @@ sops:
|
|||
- recipient: age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZK2J6eEgrYnM4QmpaQTJQ
|
||||
bXZpWk9rWVNUOFpaU3ZETlhaOGRjT0ZtMnhFClZmaFBTakNtMUZCZ3QxN09SNUJY
|
||||
Rzl4ZkovNzM4OHZXa0J5NE1YRWU0ZXMKLS0tIENNOUFqL0wvSjhHVzNSTkVjWmow
|
||||
eGZqOHdxUUhxWXl2ODRJc0FnRlFRcU0K2cD0+hNZluCV7mVAZ5sIEP0pTielkxQw
|
||||
MnFohJYLhGsvcrQZk1do8/6qEFnLWsJawyDhI9JTeQIcZ/S8Kn3NkA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZTEzdHd0TWRyUkhHbGwy
|
||||
ckhYMzN1TUt5WHhmRnBVNWdqMFFWVUtVZjIwCit2SDRKajVoR3NSczRydXVSd2dl
|
||||
aFFadjl1VXBybEx6a0hwZVd0aGNIbDgKLS0tIFUxeTQ1U2hGRGNlYXJwRmVQUCtv
|
||||
bzIvTkRVdFVybDhsdVVKdlg2YjlraW8KwJT81+twdAPSJW7dqxyPSmxSsAPNYj6n
|
||||
xx+Q8HgDN3DoAAoOYjGOs9iKcb14Jz+rqAc1MOdCCEElI8LaGTy9Ig==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVkpRSkJyVWZnRkhWdlJJ
|
||||
UWxxakh2emF1ZFU1R3BPVHJodUJKOGFML0ZnCmdNK2VNT0F5b29IckUxYUo4TlFB
|
||||
Nm13SWNleFVqWHUyY1ZlY1dINVhzQmMKLS0tIFo3blBJUzNYZXdKZFFmYVJtWm02
|
||||
ZzgySnR2aGFvKy9uMS9IUGtadmxidzAK1UWDr6wFJ49CFTSAEaHARYKAXvrJju/J
|
||||
xhbKTBfEvJfT0VFD6JF3qOlYETbxu/QbhNXME/MzQEjhutvuayw2ug==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMVUrSndUbndlVnRsUDNP
|
||||
K21pRmVnSFpmQnpJRVMwZjFqVXoxcEVaeUJVCmo2b0ptdXlUaEJKNTJaZzdvQThy
|
||||
MWVvV3AyQndnSHQxdGduTUVyejMza2MKLS0tIG01ZWlQWVBscEhWQ3FlQVplVUhv
|
||||
U0xrdDNaY3pOZDIvRzRkMk5WTVg4QVkKixgQUQvrGgq3vgbZlt3Pz35bFHApgpXR
|
||||
72u8QXUlThHNuI9DBVnvjgAnEY3or2EK9l+N1WxruDMyp0rq7z7P/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRHBrKzc2azFTUnczSVpv
|
||||
eUV2NUZFdGZvSFVwYUg5cTVJbVYyV1ZiR1FZCmZQVHd6RHYxQWlxQ2hjcXdxSlFp
|
||||
MElScFh4azhhNTNjd2RlTEtsbzZBeGsKLS0tIG1JZTFoNHlHOVFpc0NaQ1hVWTJk
|
||||
cG8zeTYrd1ZFckxSVVBFM1dLbldSbnMKP7Y4FFBvO77Oq5+MYc/425VrhhX/Hpvo
|
||||
XJekxSIQ4iSF1XSYVnzXG9VuRt+vs68797la6+P830eVo05VqTyx1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZzd1eTA2WHNYTFZJNWx4
|
||||
LzlKSlpBcUl2dXVCVkI2NzE0cUZCU2FpSlg4CmtuRHNkSzdDU2N2Ri9RQVBJeTBK
|
||||
MGU2dzhwSkZRMWFRcENzcDUxcm92eEkKLS0tIHliLzdheDNxVi9RZG8yelVjdUZj
|
||||
cFlmOGVqZDJrMWU0S0VGREV6emdjZm8KHYWbGM3lZKnyuOxgb41/gkoiMimsg/6Q
|
||||
LK2pW6GHenHce193S3l+w2oMaFWGgD7xrBzJHq7zUzuWYFC/XI3MaQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh
|
||||
- recipient: age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMGk0TGtJaVdNcUVsZUdM
|
||||
UmV0ZjIxV09FdEpQU0VyUGduUkZQTHBKQVZZCjhZSXZ3dS9kUlljclVSbGdueHJh
|
||||
Q3A2OVROVTFBN2VwK0llN2wzVGQwbFEKLS0tIFQydVRrSGt3bHpFSHFSaW5UcU5Y
|
||||
SEI4OGxYR25VQ3RPODd2VjdnQzMyRlEKyZBVs3pYccrAo+ZFqDM3WQlH8vYPKa5M
|
||||
bLqbOoVSvpbYwZwnPmA6g3SEXAqWQ33jGJwPAARR17+qLc6GHup56A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRSmpTcUJwRDF4R05vTkxT
|
||||
SU1XRzB0MmFUOXc1UWxqMnZsTTZOZjU5aUI0CkpsUnhDRG5zdG41cFNsZGl4V1ZD
|
||||
c1RveXBScm5MRXZhUmdiOXJVKzNQYXMKLS0tIHVPdzVldmxhd3VLL0hUYmZsang3
|
||||
RVpLdlFXUXlHY3NmSEV1bjQ0cFhPMFUKCgnYvkDW8X2OBR/nTFX+xEXOm9QmGck9
|
||||
jlBzZ7wJMt8KF1QGpvoPXrvI/htMZGkBgKuEa9m/7JlxEb0TjW0dqw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-05T21:31:38Z"
|
||||
mac: ENC[AES256_GCM,data:lh0P1Ojv0YXEvYWZQHGOtBva2dmbouQFL2OGdf2AB8bbwZBvlF/3Vq1ngyTFOzCD1IXSvnF3S4hcCUWIeswlE+/CmaUYV74/3jQ3bwHhvP99RU7MIAHTXNf0jyLKSlcMHgHRUMzNsCpgBaL2mY0hWY0shCWSuOb4qUO+n009Yhg=,iv:+1qM0+O+kmTz93G7OnnJyIUJWsDh4dQwEzDJ5hDKZik=,tag:7eqK7qskFjqpcOUMfBdXVQ==,type:str]
|
||||
|
|
|
@ -12,10 +12,7 @@ in {
|
|||
frontendScheme = "https";
|
||||
frontendHostname = fqdn;
|
||||
environmentFiles = [ secrets."vikunja/env".path ];
|
||||
database = {
|
||||
type = "postgres";
|
||||
host = "/run/postgresql";
|
||||
};
|
||||
database.type = "sqlite";
|
||||
settings = {
|
||||
service = {
|
||||
timezone = "Europe/Vienna";
|
||||
|
@ -23,17 +20,22 @@ in {
|
|||
enableregistration = false;
|
||||
};
|
||||
log.http = "off";
|
||||
files.maxsize = "128MB";
|
||||
files.maxsize = "64MB";
|
||||
defaultsettings.week_start = 1;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ vikunjaDbCfg.database ];
|
||||
ensureUsers = [{
|
||||
name = vikunjaDbCfg.user;
|
||||
ensureDBOwnership = true;
|
||||
ensureClauses.login = true;
|
||||
}];
|
||||
services.nginx.virtualHosts.${fqdn} = let serverCfg = config.services.vikunja;
|
||||
in {
|
||||
forceSSL = true;
|
||||
useACMEHost = my.domain;
|
||||
kTLS = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:${toString serverCfg.port}";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
client_max_body_size 64M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue