Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2021-12-20 21:24:11 +01:00
commit d77dd95689
3 changed files with 16 additions and 15 deletions

View file

@ -2,7 +2,7 @@
let
port = 8812;
in {
services.bitwarden_rs = {
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
config.signups_allowed = false;
@ -13,17 +13,15 @@ in {
config.websocket_enabled = true;
};
systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
systemd.services.vaultwarden.after = [ "postgresql.service" ];
services.postgresql = {
enable = true;
ensureDatabases = [ "bitwarden" ];
ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ];
#initialScript = pkgs.writeText "postgresql-init.sql" ''
# CREATE DATABASE bitwarden;
# CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
# GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
#'';
ensureUsers = [
{ name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
{ name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
];
};
services.nginx.virtualHosts."bw.euer.krebsco.de" ={

View file

@ -63,8 +63,11 @@ in {
networking.firewall.extraCommands = ''
iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
'';
systemd.services.uhub.serviceConfig = {
systemd.services.uhub-home.serviceConfig = {
PrivateTmp = true;
DynamicUser = lib.mkForce false;
User = "uhub";
WorkingDirectory = uhubDir;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "uhub-pre" ''
cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
@ -86,6 +89,7 @@ in {
group = "uhub";
};
users.groups.uhub = {};
services.uhub.home = {
enable = true;
enableTLS = true;
@ -103,13 +107,12 @@ in {
}
{
plugin = "${pkgs.uhub}/plugins/mod_welcome.so";
settings.motd = "shareit";
settings.rules = "1. Don't be an asshole";
settings.motd = toString (pkgs.writeText "motd" "shareit");
settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole");
}
{
plugin = "${pkgs.uhub}/plugins/mod_history.so";
settings.motd = "shareit";
settings.rules = "1. Don't be an asshole";
plugin = "${pkgs.uhub}/plugins/mod_chat_history.so";
settings = {};
}
];
};

View file

@ -49,7 +49,7 @@ in {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud21;
package = pkgs.nextcloud22;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;