v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

enable websockets vault

Browse source
This commit is contained in:
Vivian 2022-10-11 14:11:17 +02:00
parent 6b400971aa
commit 5051cd0cf6
3 changed files with 43 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.github/workflows/nixos.yml vendored
View file

@ -9,6 +9,20 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2.3.2
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: true
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
swap-storage: true
- name: "Install Nix ❄️"
uses: cachix/install-nix-action@v15
- name: "Install Cachix ❄️"

30
nixos/hosts/olympus/nginx/configuration.nix
View file

@ -22,8 +22,7 @@ let
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
in {
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -32,9 +31,6 @@ in
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
@ -51,14 +47,28 @@ in
# 0x76.dev
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
# virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342";
virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80";
virtualHosts."pass.0x76.dev" = proxy "http://vaultwarden.olympus:8222";
virtualHosts."pass.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://vaultwarden.olympus:8222";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://vaultwarden.olympus:8222";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://vaultwarden.olympus:3012";
proxyWebsockets = true;
};
};
# Redshifts
virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
@ -71,8 +81,10 @@ in
add_header Content-Type 'text/html; charset=UTF-8';
return 200 '<h1>meow</h1>';
'';
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig =
mkWellKnown clientConfig;
locations."= /.well-known/matrix/server".extraConfig =
mkWellKnown serverConfig;
};
virtualHosts."chat.meowy.tech" = {
enableACME = true;

10
nixos/hosts/olympus/vaultwarden/configuration.nix
View file

@ -3,7 +3,9 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let vs = config.vault-secrets.secrets;
let
vs = config.vault-secrets.secrets;
cfg = config.services.vaultwarden.config;
in {
imports = [ ];
@ -18,7 +20,7 @@ in {
# Additional packages
environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ config.services.vaultwarden.config.ROCKET_PORT ];
networking.firewall.allowedTCPPorts = [ cfg.ROCKET_PORT cfg.WEBSOCKET_PORT ];
vault-secrets.secrets.vaultwarden = {
user = "vaultwarden";
@ -35,6 +37,10 @@ in {
ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8222;
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "0.0.0.0";
WEBSOCKET_PORT = 3012;
SMTP_HOST = "mail.0x76.dev";
SMTP_FROM = "vaultwarden@0x76.dev";
SMTP_PORT = 465;