eeep.ee / nixos
my nixos config
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

old uncommitted stuff that i forgot about

chfour b2fb4fb5 a3ff1fad

+65
+42
oldstuff/prosody.nix
··· 1 + { config, ... }: 2 + 3 + let 4 + domain = "eeep.ee"; 5 + 6 + caddy = config.services.caddy; 7 + prosody = config.services.prosody; 8 + 9 + acmeCA = builtins.head (lib.lists.drop 2 (lib.strings.splitString "/" caddy.acmeCA)); # get domain only 10 + certPath = "${caddy.dataDir}/.local/share/caddy/certificates/${acmeCA}/${domain}/"; 11 + in 12 + { 13 + services.prosody.enable = true; 14 + 15 + 16 + 17 + services.prosody.virtualHosts.${domain} = { 18 + domain = domain; 19 + enable = true; 20 + }; 21 + 22 + services.caddy.enable = true; 23 + services.caddy.virtualHosts.${domain} = {}; # should do it...? 24 + 25 + # can't specify certs directly because caddy writes everything with mode 700 26 + # so let's bodge it (or well this *is* what prosody recommends (https://prosody.im/doc/letsencrypt)) 27 + # but caddy doesn't have such hooks soooooo: 28 + systemd.paths.prosody-cert-copy = { 29 + description = "Automatically import certs into Prosody"; 30 + after = [ "caddy.service" ]; 31 + requiredBy = [ "caddy.service" ]; 32 + 33 + pathConfig = { 34 + PathChanged = certPath; 35 + Unit = "prosody-cert-copy.service"; 36 + }; 37 + }; 38 + systemd.services.prosody-cert-copy = { 39 + description = "Import certs into Prosody"; 40 + script = "${prosody.package}/bin/prosodyctl --root cert import ${certPath}"; 41 + }; 42 + }
+23
oldstuff/vaultwarden.nix
··· 1 + { config, ... }: 2 + 3 + let 4 + domain = "vw.yip.eeep.ee"; 5 + in { 6 + services.vaultwarden.enable = true; 7 + services.vaultwarden.environmentFile = "/var/" 8 + services.vaultwarden.config = { 9 + DOMAIN = domain; 10 + 11 + ROCKET_ADDRESS = "127.0.0.1"; 12 + ROCKET_PORT = 8801; 13 + 14 + PUSH_ENABLED = false; 15 + }; 16 + services.caddy.enable = true; 17 + services.caddy.virtualHosts.${domain}.extraConfig = let 18 + vwcfg = config.services.vaultwarden.config; 19 + in '' 20 + encode zstd gzip 21 + reverse_proxy * localhost:${vwcfg.ROCKET_PORT} 22 + ''; 23 + }