enable websockets vault
This commit is contained in:
parent
6b400971aa
commit
5051cd0cf6
14
.github/workflows/nixos.yml
vendored
14
.github/workflows/nixos.yml
vendored
|
@ -9,6 +9,20 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2.3.2
|
||||
- name: Free Disk Space (Ubuntu)
|
||||
uses: jlumbroso/free-disk-space@main
|
||||
with:
|
||||
# this might remove tools that are actually needed,
|
||||
# if set to "true" but frees about 6 GB
|
||||
tool-cache: true
|
||||
|
||||
# all of these default to true, but feel free to set to
|
||||
# "false" if necessary for your workflow
|
||||
android: true
|
||||
dotnet: true
|
||||
haskell: true
|
||||
large-packages: true
|
||||
swap-storage: true
|
||||
- name: "Install Nix ❄️"
|
||||
uses: cachix/install-nix-action@v15
|
||||
- name: "Install Cachix ❄️"
|
||||
|
|
|
@ -22,8 +22,7 @@ let
|
|||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
in
|
||||
{
|
||||
in {
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
@ -32,9 +31,6 @@ in
|
|||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
|
@ -51,14 +47,28 @@ in
|
|||
|
||||
# 0x76.dev
|
||||
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
||||
# virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
|
||||
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
|
||||
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
||||
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
||||
virtualHosts."grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342";
|
||||
virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
|
||||
virtualHosts."id.0x76.dev" = proxy "http://keycloak.olympus:80";
|
||||
virtualHosts."pass.0x76.dev" = proxy "http://vaultwarden.olympus:8222";
|
||||
virtualHosts."pass.0x76.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://vaultwarden.olympus:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Redshifts
|
||||
virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
|
||||
|
@ -71,8 +81,10 @@ in
|
|||
add_header Content-Type 'text/html; charset=UTF-8';
|
||||
return 200 '<h1>meow</h1>';
|
||||
'';
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
locations."= /.well-known/matrix/client".extraConfig =
|
||||
mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
mkWellKnown serverConfig;
|
||||
};
|
||||
virtualHosts."chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
cfg = config.services.vaultwarden.config;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
|
@ -18,7 +20,7 @@ in {
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ config.services.vaultwarden.config.ROCKET_PORT ];
|
||||
networking.firewall.allowedTCPPorts = [ cfg.ROCKET_PORT cfg.WEBSOCKET_PORT ];
|
||||
|
||||
vault-secrets.secrets.vaultwarden = {
|
||||
user = "vaultwarden";
|
||||
|
@ -35,6 +37,10 @@ in {
|
|||
ROCKET_ADDRESS = "0.0.0.0";
|
||||
ROCKET_PORT = 8222;
|
||||
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "0.0.0.0";
|
||||
WEBSOCKET_PORT = 3012;
|
||||
|
||||
SMTP_HOST = "mail.0x76.dev";
|
||||
SMTP_FROM = "vaultwarden@0x76.dev";
|
||||
SMTP_PORT = 465;
|
||||
|
|
Loading…
Reference in a new issue