enable websockets vault
This commit is contained in:
parent
6b400971aa
commit
5051cd0cf6
14
.github/workflows/nixos.yml
vendored
14
.github/workflows/nixos.yml
vendored
|
@ -9,6 +9,20 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2.3.2
|
- uses: actions/checkout@v2.3.2
|
||||||
|
- name: Free Disk Space (Ubuntu)
|
||||||
|
uses: jlumbroso/free-disk-space@main
|
||||||
|
with:
|
||||||
|
# this might remove tools that are actually needed,
|
||||||
|
# if set to "true" but frees about 6 GB
|
||||||
|
tool-cache: true
|
||||||
|
|
||||||
|
# all of these default to true, but feel free to set to
|
||||||
|
# "false" if necessary for your workflow
|
||||||
|
android: true
|
||||||
|
dotnet: true
|
||||||
|
haskell: true
|
||||||
|
large-packages: true
|
||||||
|
swap-storage: true
|
||||||
- name: "Install Nix ❄️"
|
- name: "Install Nix ❄️"
|
||||||
uses: cachix/install-nix-action@v15
|
uses: cachix/install-nix-action@v15
|
||||||
- name: "Install Cachix ❄️"
|
- name: "Install Cachix ❄️"
|
||||||
|
|
|
@ -22,8 +22,7 @@ let
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin *;
|
||||||
return 200 '${builtins.toJSON data}';
|
return 200 '${builtins.toJSON data}';
|
||||||
'';
|
'';
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
@ -32,9 +31,6 @@ in
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
|
||||||
# Additional packages
|
|
||||||
environment.systemPackages = with pkgs; [ ];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -51,14 +47,28 @@ in
|
||||||
|
|
||||||
# 0x76.dev
|
# 0x76.dev
|
||||||
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
||||||
# virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
|
|
||||||
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
|
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
|
||||||
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
||||||
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
||||||
virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342";
|
virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342";
|
||||||
virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
|
virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
|
||||||
virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80";
|
virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80";
|
||||||
virtualHosts."pass.0x76.dev" = proxy "http://vaultwarden.olympus:8222";
|
virtualHosts."pass.0x76.dev" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://vaultwarden.olympus:8222";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub/negotiate" = {
|
||||||
|
proxyPass = "http://vaultwarden.olympus:8222";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub" = {
|
||||||
|
proxyPass = "http://vaultwarden.olympus:3012";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Redshifts
|
# Redshifts
|
||||||
virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
|
virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
|
||||||
|
@ -71,8 +81,10 @@ in
|
||||||
add_header Content-Type 'text/html; charset=UTF-8';
|
add_header Content-Type 'text/html; charset=UTF-8';
|
||||||
return 200 '<h1>meow</h1>';
|
return 200 '<h1>meow</h1>';
|
||||||
'';
|
'';
|
||||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
locations."= /.well-known/matrix/client".extraConfig =
|
||||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
mkWellKnown clientConfig;
|
||||||
|
locations."= /.well-known/matrix/server".extraConfig =
|
||||||
|
mkWellKnown serverConfig;
|
||||||
};
|
};
|
||||||
virtualHosts."chat.meowy.tech" = {
|
virtualHosts."chat.meowy.tech" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -3,7 +3,9 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let vs = config.vault-secrets.secrets;
|
let
|
||||||
|
vs = config.vault-secrets.secrets;
|
||||||
|
cfg = config.services.vaultwarden.config;
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
@ -18,7 +20,7 @@ in {
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [ ];
|
environment.systemPackages = with pkgs; [ ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.vaultwarden.config.ROCKET_PORT ];
|
networking.firewall.allowedTCPPorts = [ cfg.ROCKET_PORT cfg.WEBSOCKET_PORT ];
|
||||||
|
|
||||||
vault-secrets.secrets.vaultwarden = {
|
vault-secrets.secrets.vaultwarden = {
|
||||||
user = "vaultwarden";
|
user = "vaultwarden";
|
||||||
|
@ -35,6 +37,10 @@ in {
|
||||||
ROCKET_ADDRESS = "0.0.0.0";
|
ROCKET_ADDRESS = "0.0.0.0";
|
||||||
ROCKET_PORT = 8222;
|
ROCKET_PORT = 8222;
|
||||||
|
|
||||||
|
WEBSOCKET_ENABLED = true;
|
||||||
|
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||||
|
WEBSOCKET_PORT = 3012;
|
||||||
|
|
||||||
SMTP_HOST = "mail.0x76.dev";
|
SMTP_HOST = "mail.0x76.dev";
|
||||||
SMTP_FROM = "vaultwarden@0x76.dev";
|
SMTP_FROM = "vaultwarden@0x76.dev";
|
||||||
SMTP_PORT = 465;
|
SMTP_PORT = 465;
|
||||||
|
|
Loading…
Reference in a new issue