foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 12:19:12 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: reformat the code

Browse Source
This commit is contained in:
Gabriel Arazas 2022-12-11 18:11:07 +08:00
parent 582393da5e
commit 5933e76e8e
1 changed files with 45 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
hosts/plover/default.nix
View File

@ -50,20 +50,23 @@ in
((getKey secret) // config)) ((getKey secret) // config))
secrets; secrets;
in in
getSecrets (let getSecrets (
giteaUserGroup = config.users.users."${config.services.gitea.user}".name; let
giteaUserGroup = config.users.users."${config.services.gitea.user}".name;
# It is hardcoded but as long as the module is stable that way. # It is hardcoded but as long as the module is stable that way.
vaultwardenUserGroup = config.users.groups.vaultwarden.name; vaultwardenUserGroup = config.users.groups.vaultwarden.name;
in { in
"ssh-key" = {}; {
"lego/env" = {}; "ssh-key" = { };
"gitea/db/password".owner = giteaUserGroup; "lego/env" = { };
"gitea/smtp/password".owner = giteaUserGroup; "gitea/db/password".owner = giteaUserGroup;
"vaultwarden/env".owner = vaultwardenUserGroup; "gitea/smtp/password".owner = giteaUserGroup;
"borg/patterns/keys" = {}; "vaultwarden/env".owner = vaultwardenUserGroup;
"borg/password" = {}; "borg/patterns/keys" = { };
}); "borg/password" = { };
}
);
# All of the keys required to deploy the secrets. Don't know how to make the # All of the keys required to deploy the secrets. Don't know how to make the
# GCP KMS key work though without manually going into the instance and # GCP KMS key work though without manually going into the instance and
@ -108,26 +111,28 @@ in
"${passwordManagerDomain}" = { "${passwordManagerDomain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = let locations =
address = config.services.vaultwarden.config.ROCKET_ADDRESS; let
port = config.services.vaultwarden.config.ROCKET_PORT; address = config.services.vaultwarden.config.ROCKET_ADDRESS;
websocketPort = config.services.vaultwarden.config.WEBSOCKET_PORT; port = config.services.vaultwarden.config.ROCKET_PORT;
in { websocketPort = config.services.vaultwarden.config.WEBSOCKET_PORT;
"/" = { in
proxyPass = "http://${address}:${toString port}"; {
proxyWebsockets = true; "/" = {
}; proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
"/notifications/hub" = { "/notifications/hub" = {
proxyPass = "http://${address}:${toString websocketPort}"; proxyPass = "http://${address}:${toString websocketPort}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"/notifications/hub/negotiate" = { "/notifications/hub/negotiate" = {
proxyPass = "http://${address}:${toString port}"; proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true; proxyWebsockets = true;
};
}; };
};
}; };
# Gitea instance. # Gitea instance.
@ -154,14 +159,16 @@ in
# Most of them should have the setting to set the schema to be used. If # Most of them should have the setting to set the schema to be used. If
# not, then screw them (or just file an issue and politely ask for the # not, then screw them (or just file an issue and politely ask for the
# feature). # feature).
initialScript = let initialScript =
perUserSchemas = lib.lists.map let
(user: "CREATE SCHEMA ${user.name};") perUserSchemas = lib.lists.map
config.services.postgresql.ensureUsers; (user: "CREATE SCHEMA ${user.name};")
script = pkgs.writeText "plover-initial-postgresql-script" '' config.services.postgresql.ensureUsers;
${lib.concatStringsSep "\n" perUserSchemas} script = pkgs.writeText "plover-initial-postgresql-script" ''
''; ${lib.concatStringsSep "\n" perUserSchemas}
in script; '';
in
script;
settings = { settings = {
log_connections = true; log_connections = true;