foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 18:19:11 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: refactor config

Browse Source
This commit is contained in:
Gabriel Arazas 2022-12-16 22:24:59 +08:00
parent 82d5673bd3
commit c54f8d7059
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/plover/default.nix
View File

@ -9,6 +9,8 @@ let
identityDomain = "identity.${domain}"; identityDomain = "identity.${domain}";
dbDomain = "db.${domain}"; dbDomain = "db.${domain}";
certs = config.security.acme.certs;
# This should be set from service module from nixpkgs. # This should be set from service module from nixpkgs.
vaultwardenUser = config.users.users.vaultwarden.name; vaultwardenUser = config.users.users.vaultwarden.name;
@ -167,9 +169,9 @@ in
listen ${toString config.services.postgresql.port} ssl so_keepalive=on; listen ${toString config.services.postgresql.port} ssl so_keepalive=on;
proxy_pass localhost:${toString config.services.postgresql.port}; proxy_pass localhost:${toString config.services.postgresql.port};
ssl_certificate ${config.security.acme.certs."${dbDomain}".directory}/fullchain.pem; ssl_certificate ${certs."${dbDomain}".directory}/fullchain.pem;
ssl_certificate_key ${config.security.acme.certs."${dbDomain}".directory}/key.pem; ssl_certificate_key ${certs."${dbDomain}".directory}/key.pem;
ssl_trusted_certificate ${config.security.acme.certs."${dbDomain}".directory}/chain.pem; ssl_trusted_certificate ${certs."${dbDomain}".directory}/chain.pem;
} }
''; '';
}; };
@ -211,8 +213,8 @@ in
settings = { settings = {
ssl = true; ssl = true;
ssl_cert_file = "${config.security.acme.certs."${dbDomain}".directory}/fullchain.pem"; ssl_cert_file = "${certs."${dbDomain}".directory}/fullchain.pem";
ssl_key_file = "${config.security.acme.certs."${dbDomain}".directory}/key.pem"; ssl_key_file = "${certs."${dbDomain}".directory}/key.pem";
log_connections = true; log_connections = true;
log_disconnections = true; log_disconnections = true;
@ -251,7 +253,7 @@ in
type = "postgresql"; type = "postgresql";
createLocally = true; createLocally = true;
passwordFile = config.sops.secrets."plover/keycloak/db/password".path; passwordFile = config.sops.secrets."plover/keycloak/db/password".path;
caCert = "${config.security.acme.certs."${dbDomain}".directory}/chain.pem"; caCert = "${certs."${dbDomain}".directory}/chain.pem";
}; };
settings = { settings = {
@ -260,8 +262,8 @@ in
proxy = "reencrypt"; proxy = "reencrypt";
}; };
sslCertificate = "${config.security.acme.certs."${identityDomain}".directory}/fullchain.pem"; sslCertificate = "${certs."${identityDomain}".directory}/fullchain.pem";
sslCertificateKey = "${config.security.acme.certs."${identityDomain}".directory}/key.pem"; sslCertificateKey = "${certs."${identityDomain}".directory}/key.pem";
}; };
# With a database comes a dumping. # With a database comes a dumping.