upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-07 21:42:16 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: jellyfin microVM

Browse source
This commit is contained in:
Nick 2025-11-08 23:12:57 -06:00
parent e25c1a2e06
commit 89cb74e4b7
4 changed files with 79 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

92
modules/nixos/services/vaultwarden/default.nix
View file

@ -6,10 +6,11 @@
let
inherit (flake.config.people) user0;
inherit (flake.config.services) instances;
serviceCfg = flake.config.services.instances.vaultwarden;
smtpCfg = flake.config.services.instances.smtp;
host = serviceCfg.domains.url0;
serviceCfg = instances.vaultwarden;
smtpCfg = instances.smtp;
hostCfg = instances.web;
dns0 = instances.web.dns.provider0;
host = serviceCfg.domains.url0;
dns0Path = "dns/${dns0}";
in
{
@ -21,48 +22,49 @@ in
system.stateVersion = "24.05";
time.timeZone = "America/Winnipeg";
users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys;
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
config = {
# Domain Configuration
DOMAIN = "https://${host}";
services = {
vaultwarden = {
enable = true;
dbBackend = "sqlite";
config = {
# Domain Configuration
DOMAIN = "https://${host}";
# Email Configuration
SMTP_AUTH_MECHANISM = "Plain";
SMTP_EMBED_IMAGES = true;
SMTP_FROM = serviceCfg.email.address0;
SMTP_FROM_NAME = serviceCfg.label;
SMTP_HOST = smtpCfg.hostname;
SMTP_PORT = smtpCfg.ports.port1;
SMTP_SECURITY = smtpCfg.records.record1;
SMTP_USERNAME = smtpCfg.email.address0;
# Email Configuration
SMTP_AUTH_MECHANISM = "Plain";
SMTP_EMBED_IMAGES = true;
SMTP_FROM = serviceCfg.email.address0;
SMTP_FROM_NAME = serviceCfg.label;
SMTP_HOST = smtpCfg.hostname;
SMTP_PORT = smtpCfg.ports.port1;
SMTP_SECURITY = smtpCfg.records.record1;
SMTP_USERNAME = smtpCfg.email.address0;
# Security Configuration
DISABLE_ADMIN_TOKEN = false;
# Security Configuration
DISABLE_ADMIN_TOKEN = false;
# Event and Backup Management
EVENTS_DAYS_RETAIN = 90;
# Event and Backup Management
EVENTS_DAYS_RETAIN = 90;
# User Features
SENDS_ALLOWED = true;
SIGNUPS_VERIFY = true;
WEB_VAULT_ENABLED = true;
# User Features
SENDS_ALLOWED = true;
SIGNUPS_VERIFY = true;
WEB_VAULT_ENABLED = true;
# Rocket (Web Server) Settings
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = serviceCfg.ports.port0;
# Rocket (Web Server) Settings
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = serviceCfg.ports.port0;
};
# Environment file with secrets (mounted from host)
environmentFile = "/run/secrets/${serviceCfg.name}/env";
};
# Environment file with secrets (mounted from host)
environmentFile = "/run/secrets/${serviceCfg.name}/env";
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
};
@ -79,10 +81,12 @@ in
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [ { Address = "${serviceCfg.interface.ip}/24"; } ];
addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; }
];
routes = [
{
Destination = "0.0.0.0/0";
Destination = "${hostCfg.localhost.address1}/0";
Gateway = serviceCfg.interface.gate;
}
];
@ -97,7 +101,7 @@ in
microvm = {
vcpu = 2;
mem = 1024;
mem = 3072;
hypervisor = "qemu";
interfaces = [
{
@ -111,6 +115,7 @@ in
mac = serviceCfg.interface.macUser;
}
];
forwardPorts = [
{
from = "host";
@ -118,6 +123,7 @@ in
guest.port = 22;
}
];
shares = [
{
mountPoint = "/nix/.ro-store";
@ -154,7 +160,9 @@ in
reverse_proxy ${serviceCfg.interface.ip}:${toString serviceCfg.ports.port0} {
header_up X-Real-IP {remote_host}
}
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
encode zstd gzip
'';
};