foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 12:19:12 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: reformat the code

Browse Source
This commit is contained in:
Gabriel Arazas 2022-12-11 18:11:07 +08:00
parent 582393da5e
commit 5933e76e8e
1 changed files with 45 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
hosts/plover/default.nix
View File

@ -50,20 +50,23 @@ in
((getKey secret) // config))
secrets;
in
getSecrets (let
giteaUserGroup = config.users.users."${config.services.gitea.user}".name;
getSecrets (
let
giteaUserGroup = config.users.users."${config.services.gitea.user}".name;
# It is hardcoded but as long as the module is stable that way.
vaultwardenUserGroup = config.users.groups.vaultwarden.name;
in {
"ssh-key" = {};
"lego/env" = {};
"gitea/db/password".owner = giteaUserGroup;
"gitea/smtp/password".owner = giteaUserGroup;
"vaultwarden/env".owner = vaultwardenUserGroup;
"borg/patterns/keys" = {};
"borg/password" = {};
});
# It is hardcoded but as long as the module is stable that way.
vaultwardenUserGroup = config.users.groups.vaultwarden.name;
in
{
"ssh-key" = { };
"lego/env" = { };
"gitea/db/password".owner = giteaUserGroup;
"gitea/smtp/password".owner = giteaUserGroup;
"vaultwarden/env".owner = vaultwardenUserGroup;
"borg/patterns/keys" = { };
"borg/password" = { };
}
);
# All of the keys required to deploy the secrets. Don't know how to make the
# GCP KMS key work though without manually going into the instance and
@ -108,26 +111,28 @@ in
"${passwordManagerDomain}" = {
forceSSL = true;
enableACME = true;
locations = let
address = config.services.vaultwarden.config.ROCKET_ADDRESS;
port = config.services.vaultwarden.config.ROCKET_PORT;
websocketPort = config.services.vaultwarden.config.WEBSOCKET_PORT;
in {
"/" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
locations =
let
address = config.services.vaultwarden.config.ROCKET_ADDRESS;
port = config.services.vaultwarden.config.ROCKET_PORT;
websocketPort = config.services.vaultwarden.config.WEBSOCKET_PORT;
in
{
"/" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
"/notifications/hub" = {
proxyPass = "http://${address}:${toString websocketPort}";
proxyWebsockets = true;
};
"/notifications/hub" = {
proxyPass = "http://${address}:${toString websocketPort}";
proxyWebsockets = true;
};
"/notifications/hub/negotiate" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
"/notifications/hub/negotiate" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
};
};
};
# Gitea instance.
@ -154,14 +159,16 @@ in
# Most of them should have the setting to set the schema to be used. If
# not, then screw them (or just file an issue and politely ask for the
# feature).
initialScript = let
perUserSchemas = lib.lists.map
(user: "CREATE SCHEMA ${user.name};")
config.services.postgresql.ensureUsers;
script = pkgs.writeText "plover-initial-postgresql-script" ''
${lib.concatStringsSep "\n" perUserSchemas}
'';
in script;
initialScript =
let
perUserSchemas = lib.lists.map
(user: "CREATE SCHEMA ${user.name};")
config.services.postgresql.ensureUsers;
script = pkgs.writeText "plover-initial-postgresql-script" ''
${lib.concatStringsSep "\n" perUserSchemas}
'';
in
script;
settings = {
log_connections = true;