diff --git a/modules/config/instances/config/kanboard.nix b/modules/config/instances/config/kanboard.nix deleted file mode 100644 index 625e53c..0000000 --- a/modules/config/instances/config/kanboard.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ instancesFunctions }: -let - inherit (instancesFunctions) - domain0 - servicePath - sslPath - sopsPath - ; - - kanboardLabel = "Kanboard"; - kanboardName = "kanboard"; - kanboardSubdomain = "todo"; -in -{ - label = kanboardLabel; - name = kanboardName; - email = { - address0 = "noreply@${kanboardName}.${domain0}"; - }; - sops = { - path0 = "${sopsPath}/${kanboardName}"; - }; - subdomain = kanboardSubdomain; - paths = { - path0 = "${servicePath}/${kanboardLabel}"; - }; - ports = { - port0 = 3128; - }; - ssl = { - cert = "${sslPath}/${kanboardSubdomain}.${domain0}/fullchain.pem"; - key = "${sslPath}/${kanboardSubdomain}.${domain0}/key.pem"; - }; -} diff --git a/modules/config/instances/config/nginx.nix b/modules/config/instances/config/nginx.nix old mode 100755 new mode 100644 diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 05de450..85ae938 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -89,7 +89,7 @@ in vaultwarden forgejo xserver - # kanboard + nextcloud ; }; }; diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index d6e1073..1cbec44 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -39,7 +39,6 @@ in "syncthing" "searx" "vaultwarden" - "kanboard" "audiobookshelf" ] ) diff --git a/modules/nixos/services/kanboard/default.nix b/modules/nixos/services/kanboard/default.nix deleted file mode 100644 index 8a1b479..0000000 --- a/modules/nixos/services/kanboard/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ - flake, - config, - ... -}: -let - inherit (flake.config.machines.devices) - ceres - ; - inherit (flake.config.services.instances) smtp kanboard web; - service = kanboard; - localhost = web.localhost.address0; - host = "${service.subdomain}.${web.domains.url0}"; -in -{ - services = { - kanboard = { - enable = true; - domain = host; - dataDir = "/var/lib/${service.name}"; - # settings = { - # MAIL_FROM = service.email.address0; - # # HTTP_PROXY_HOSTNAME = host; - # HTTP_PROXY_PORT = service.ports.poract0; - # MAIL_TRANSPORT = "smtp"; - # MAIL_SMTP_HOSTNAME = smtp.hostname; - # MAIL_SMTP_PORT = smtp.ports.port0; - # MAIL_SMTP_USERNAME = service.email.address0; - # MAIL_SMTP_PASSWORD = config.sops.secrets."${service.name}-smtp".path; - # MAIL_SMTP_ENCRYPTION = "null"; - # }; - }; - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - reverse_proxy ${localhost}:${toString service.ports.port0} - - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - }; - sops = - let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}"; - owner = service.name; - mode = "600"; - }; - in - { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}-${secret}"; - value = sopsPath secret; - }) - [ - "smtp" - ] - ); - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" - "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - ]; - }; - }; -} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 0a6b517..857746f 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -35,7 +35,7 @@ wireguard-CA220: ENC[AES256_GCM,data:rNy/IMKqAOsgMUu5r8BZsjTCu0L5fDDDV3/g+pkhW1y wireguard-CA358: ENC[AES256_GCM,data:/VewmiNfRc9/wSE7TT+z1F9LLIvr/5wPsQZ/zBwAh3dEi9yswOGyde2b/XQ=,iv:7U5dmqFiwhCoL1moGSfHprv85o5TdMr6T2sNk5gH82I=,tag:T1hqh8CiO2iBa+ksaiKCtA==,type:str] wireguard-CA627: ENC[AES256_GCM,data:chmDsH2nE0nagjFRZWuxX08/Ykt+rIgCHYkMHd+7nIqihK5SebF7MJlrp84=,iv:NVOlGE7W70nQ0UM/i5WixJvDULO3Y4cLf8h+OAGHhQQ=,tag:L123ShCnr9+kIg1itIoqBA==,type:str] glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str] -kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTSF+v1BgnNcIu4cS9OwHBCFl1m28=,tag:3Eld1FkI6AftlCyC3419BA==,type:str] +nextcloud-smtp: ENC[AES256_GCM,data:GbNv/pHAtPru00m5OCER8g==,iv:Q1WYLKe34VsCvP1trk6IXm46RbVFMnsq4Eb5e2MBVgk=,tag:dwmimioRlHKbZeDv3THfzQ==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -47,7 +47,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-09T22:48:59Z" - mac: ENC[AES256_GCM,data:NDH6wnmCs/D4SPJW5UaI96dfH0LrNG3H6khNUndFg8qWn8AG8/QJjsanSkEs+OnOE/l4nO84qAr9k9mEeqtYxDQsPehrBroSNPZQLsmB9EWCM7mHX4f9aeadm7liWWRf8ay96F3zl8PrxJNEus8cO57FKDVDqUgcldSzdaHxI00=,iv:1Jbhr61vUmByPfGquSrHWiytgasjmGMw+aXPZnuCLN8=,tag:UzgVLK+wsFSwAUKmIImN/g==,type:str] + lastmodified: "2025-06-09T09:37:48Z" + mac: ENC[AES256_GCM,data:gBEfsR718Hn+GJ1wzxS3T1HOrNL659TUUq3l3nUNxbY2SxXWnnHxzdMhf2xP1/tm3Vst2MC/SjPszdbqVnVKIS1k+iwT+WSLH7OlbASku62cx9J9RKqm4PJd/2KtKR7Yaj4dU9+F7RnKtCA4N/m4ZA+BiD0oib76/Aa64tjVtDo=,iv:rJ+WfAFR8Un/u66Y2554BjDzJifQLdXNDexpl4GGClw=,tag:tY2biwFl7ywaHe3aTKjCMA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2