sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: sid:47abacc530fcc2cc9f43b02ed6fa1b449c8f2247
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns
..
compare: sid:551cb977834ce9032910fade99a177729d5e301e
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns

No commits in common. "47abacc530fcc2cc9f43b02ed6fa1b449c8f2247" and "551cb977834ce9032910fade99a177729d5e301e" have entirely different histories.
47abacc530 ... 551cb97783

8 changed files with 106 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
constants.nix
View file

@ -49,5 +49,9 @@ rec {
fqdn = "pw." + intranet; fqdn = "pw." + intranet;
port = 8222; port = 8222;
}; };
webdav = {
fqdn = "dav." + intranet;
port = 8080;
};
}; };
} }

7
hosts/rx4/secrets/secrets.yaml
View file

@ -13,6 +13,9 @@ syncthing:
gui-pw: ENC[AES256_GCM,data:mN4rxYr5DZgvbpIkwSFIuPvviJE=,iv:Kyl3mZFOejVwEwBCKteJQpgbCosREp9C4T4JYhWz6KQ=,tag:6myk9lr/44CH/hyUPgRH0Q==,type:str] gui-pw: ENC[AES256_GCM,data:mN4rxYr5DZgvbpIkwSFIuPvviJE=,iv:Kyl3mZFOejVwEwBCKteJQpgbCosREp9C4T4JYhWz6KQ=,tag:6myk9lr/44CH/hyUPgRH0Q==,type:str]
forgejo-runner: forgejo-runner:
token: ENC[AES256_GCM,data:DZgi6ocpV0MplgQ6Et85vHxmkMfC4qYbLLdyRuj/4z8tJauz1w6DUQ==,iv:+SZYsv6sDn2Nc1WxhTn0dJGN9nXYZw16/HVtXJGXpHc=,tag:8Oa5mC7cUy85+lXHbRcCcg==,type:str] token: ENC[AES256_GCM,data:DZgi6ocpV0MplgQ6Et85vHxmkMfC4qYbLLdyRuj/4z8tJauz1w6DUQ==,iv:+SZYsv6sDn2Nc1WxhTn0dJGN9nXYZw16/HVtXJGXpHc=,tag:8Oa5mC7cUy85+lXHbRcCcg==,type:str]
webdav:
user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str]
pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str]
vaultwarden: vaultwarden:
admin-token: ENC[AES256_GCM,data:HhD0xNZ/Ep7pCOX1j6p/M/ZZ3gs=,iv:7QT71KlYz+HQYBhiRavpiXS9sNS2PoJiM/WkxM3Hk/g=,tag:SYTRWpyA2+WMSMiRM8mvew==,type:str] admin-token: ENC[AES256_GCM,data:HhD0xNZ/Ep7pCOX1j6p/M/ZZ3gs=,iv:7QT71KlYz+HQYBhiRavpiXS9sNS2PoJiM/WkxM3Hk/g=,tag:SYTRWpyA2+WMSMiRM8mvew==,type:str]
smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str] smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str]
@ -36,7 +39,7 @@ sops:
NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8
f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-17T16:35:00Z" lastmodified: "2026-05-02T17:10:11Z"
mac: ENC[AES256_GCM,data:U2WT4ENx8I9sr3byj7fQjv3H+mQTlhTI1HL9tufryKcUGjvb35ChwkIBcvEiYLa8udOR631sWwN4dCqZ4qwtCQ3MNjR8s1P6HqhzXeAPwyxfMLPZG1mbKXvYpamkxAOq8RxVHnVsPbrvFsxc57J11SI5IUfWT5T5GPQyJ+U8gMs=,iv:/xDaNV0fgKf9z+sql4BwwyIO/LQhRm3TrMhgaYZsPuE=,tag:Y0bfT1ZuiJ05F/+EwyzbSg==,type:str] mac: ENC[AES256_GCM,data:uf5TqZaevyUUjW6pM6K8c4CZFFdwTXFGIaHmYr5Q4XFR1uW3kBsVLeQKxq26duLuQ4UiZkUpW27a/PW797Z+iIpBdqbnoQ35q7RnOW+GpnAv8TaRW1PpqQ+JR3/R0LMXsi3cMt7ioG2ad1bIHztiNz+SmePiv3Yt9WxQ7PIqBdY=,iv:dAzuyKSo0OW+j02AH0chCdLBm7Wv6PZgqZrEWhEVnxQ=,tag:k6EKWHHY4fwTd03d4TVcNg==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.1

2
hosts/rx4/services/default.nix
View file

@ -19,10 +19,10 @@
./open-webui-oci.nix ./open-webui-oci.nix
./print-server.nix ./print-server.nix
./rsshub-oci.nix ./rsshub-oci.nix
./samba.nix
./vaultwarden.nix ./vaultwarden.nix
# ./alditalk-extender.nix # FIXME # ./alditalk-extender.nix # FIXME
# ./webdav.nix # FIXME
]; ];
# bootstrap # bootstrap

27
hosts/rx4/services/samba.nix
View file

@ -1,27 +0,0 @@
{ config, ... }:
{
services.samba = {
enable = true;
openFirewall = false;
nmbd.enable = false;
winbindd.enable = false;
settings = {
global = {
workgroup = "WORKGROUP";
"server string" = config.networking.hostName;
security = "user";
"map to guest" = "Bad User";
"guest account" = "nobody";
};
share = {
path = "/home/sid";
browseable = "yes";
"read only" = "yes";
"guest ok" = "yes";
"force user" = "sid";
"directory mask" = "0750";
};
};
};
}

86
hosts/rx4/services/webdav.nix Normal file
View file

@ -0,0 +1,86 @@
{ constants, config, ... }:
# FIXME: floccus throws error: NetworkError when attempting to fetch resource.
let
cfg = config.services.webdav;
inherit (constants.services.webdav) fqdn port;
in
{
services.webdav = {
enable = true;
environmentFile = config.sops.templates."webdav/env-file".path;
settings = {
inherit port;
address = "127.0.0.1";
prefix = "/";
directory = "/srv/webdav";
users = [
{
username = "{env}WEBDAV_USER";
password = "{env}WEBDAV_PASS";
permissions = "CRUD";
}
];
};
};
systemd.tmpfiles.rules = [
"d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -"
];
networking.firewall.allowedTCPPorts = [ port ];
services.nginx = {
enable = true;
virtualHosts."${fqdn}" = {
listen = [
{
addr = "0.0.0.0";
inherit port;
}
];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth';
return 204;
}
'';
};
};
};
sops =
let
owner = cfg.user;
group = cfg.group;
mode = "0400";
in
{
secrets = {
"webdav/user" = {
inherit owner group mode;
};
"webdav/pass" = {
inherit owner group mode;
};
};
templates."webdav/env-file" = {
inherit owner group mode;
content = ''
WEBDAV_USER=${config.sops.placeholder."webdav/user"}
WEBDAV_PASS=${config.sops.placeholder."webdav/pass"}
'';
};
};
}

1
hosts/sid/services/coredns.nix
View file

@ -20,6 +20,7 @@
${hosts.sid.ip} ${services.netdata.fqdn} ${hosts.sid.ip} ${services.netdata.fqdn}
${hosts.sid.ip} ${services.vaultwarden.fqdn} ${hosts.sid.ip} ${services.vaultwarden.fqdn}
${hosts.sid.ip} ${services.webdav.fqdn}
fallthrough fallthrough
} }

8
hosts/sid/services/nginx.nix
View file

@ -91,6 +91,14 @@ in
}; };
}; };
}; };
virtualHosts."${constants.services.webdav.fqdn}" = {
useACMEHost = "sid-internal";
forceSSL = ssl;
locations."/" = {
proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.webdav.port}";
proxyWebsockets = true;
};
};
# FIXME # FIXME
# virtualHosts."print.sid.ovh" = { # virtualHosts."print.sid.ovh" = {
# enableACME = true; # enableACME = true;

1
hosts/sid/services/step-ca.nix
View file

@ -82,6 +82,7 @@ in
extraDomainNames = [ extraDomainNames = [
constants.services.netdata.fqdn constants.services.netdata.fqdn
# constants.services.vaultwarden.fqdn # constants.services.vaultwarden.fqdn
constants.services.webdav.fqdn
]; ];
server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory";
group = "nginx"; group = "nginx";