sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: sid:7304121e2fa00f38b45592eb13309b8830d70cbf
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns
..
compare: sid:677cb9bb6cd2f1aca705dc1b60074e8895832223
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns

No commits in common. "7304121e2fa00f38b45592eb13309b8830d70cbf" and "677cb9bb6cd2f1aca705dc1b60074e8895832223" have entirely different histories.
7304121e2f ... 677cb9bb6c

7 changed files with 7 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

4
constants.nix
View file

@ -39,10 +39,6 @@ rec {
fqdn = "rsshub." + domain; fqdn = "rsshub." + domain;
port = 1200; port = 1200;
}; };
vaultwarden = {
fqdn = "pw.rx4.tail";
port = 8222;
};
webdav = { webdav = {
fqdn = "dav.rx4.tail"; fqdn = "dav.rx4.tail";
port = 8080; port = 8080;

9
hosts/rx4/secrets/secrets.yaml
View file

@ -16,9 +16,6 @@ forgejo-runner:
webdav: webdav:
user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str] user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str]
pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str] pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str]
vaultwarden:
admin-token: ENC[AES256_GCM,data:HhD0xNZ/Ep7pCOX1j6p/M/ZZ3gs=,iv:7QT71KlYz+HQYBhiRavpiXS9sNS2PoJiM/WkxM3Hk/g=,tag:SYTRWpyA2+WMSMiRM8mvew==,type:str]
smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str]
sops: sops:
age: age:
- recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
@ -39,7 +36,7 @@ sops:
NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8
f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-03T11:36:39Z" lastmodified: "2026-02-14T18:41:58Z"
mac: ENC[AES256_GCM,data:mIufcQyHd6sWnUCF/G8aRE10uwnntRXGz5R+fK6TbZSBJrRznTBaa4tVLtGo4wSghn4eBRfxecebuxSy0C2CQjBCkMbrjh4I2sYzAb5f8ghG4cQZgccuI7MCfQZ6JAEaa0BY7HJUZzlR9H+6iuDVuWwOO3OKzj0lWUlpDA6aC/M=,iv:qMSu9tYYkoirM2WHx7St/ztWSYxm8/gSosnCZYazNgU=,tag:NuUDG8fpAlBEbvKSq7/5bQ==,type:str] mac: ENC[AES256_GCM,data:2e546c6VEf7vFGgSM344upn5C7YDGAwi8cLA/RV68ukJMKLvH1gdra4ii77uOaC1sCNan5mV0Kjs5ZVYj81O8PU3WJa9ra8TeAt8F690zTxNWSo1F/4sZxAk8d1WIBoNn4IPkYxi8Ry9+xqK13Q9PvplHc14VArMYC86wU+k5hc=,iv:T3td5G+pdfWzSLDuVkb75uWub6eBPxjqJgOrv3wvaiQ=,tag:vlQJVzFJEDncDzjA3JWM6Q==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.11.0

3
hosts/rx4/services/default.nix
View file

@ -19,10 +19,9 @@
./print-server.nix ./print-server.nix
./rss-bridge.nix ./rss-bridge.nix
./rsshub-oci.nix ./rsshub-oci.nix
./vaultwarden.nix # ./webdav.nix # FIXME
# ./alditalk-extender.nix # FIXME # ./alditalk-extender.nix # FIXME
# ./webdav.nix # FIXME
]; ];
# bootstrap # bootstrap

68
hosts/rx4/services/vaultwarden.nix
View file

@ -1,68 +0,0 @@
{
constants,
config,
lib,
...
}:
let
inherit (constants) domain;
inherit (constants.services.vaultwarden) fqdn port;
inherit (lib) mkForce;
in
{
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
configurePostgres = true;
configureNginx = true;
domain = fqdn;
environmentFile = [ config.sops.templates."vaultwarden/env-file".path ];
config = {
SIGNUPS_ALLOWED = false;
SMTP_FROM = "vaultwarden@${domain}";
SMTP_FROM_NAME = "${domain} Vaultwarden server";
SMTP_HOST = "mail@${domain}";
SMTP_PORT = 587;
SMTP_SECURITY = "starttls";
SMTP_USERNAME = "vaultwarden@${domain}";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = port;
ROCKET_LOG = "critical";
};
};
services.nginx.virtualHosts."${fqdn}".forceSSL = mkForce false; # let Tailnet handle SSL
sops =
let
owner = config.users.users.vaultwarden.name;
group = config.users.groups.vaultwarden.name;
mode = "0400";
in
{
secrets = {
"vaultwarden/admin-token" = {
inherit owner group mode;
};
"vaultwarden/smtp-password" = {
inherit owner group mode;
};
};
templates = {
"vaultwarden/env-file" = {
inherit owner group mode;
content = ''
ADMIN_TOKEN=${config.sops.placeholder."vaultwarden/admin-token"}
SMTP_PASSWORD=${config.sops.placeholder."vaultwarden/smtp-password"}
'';
};
};
};
}

7
hosts/sid/secrets/secrets.yaml
View file

@ -29,7 +29,6 @@ netdata:
mailserver: mailserver:
accounts: accounts:
sid: ENC[AES256_GCM,data:xnU/+8BEewcZcbTWroIgCx5ceSFtDPe0Pq//qt3RWk81QWvbJxdukF4EyBSoQ7AqBhf4nDFZZxd4s8rZ,iv:OFhRxXHWOEC9mKGyK2ePfVGpBCDTfv0L+q3xzbXFefI=,tag:iO52YhFsSvb59RbcgXb+9w==,type:str] sid: ENC[AES256_GCM,data:xnU/+8BEewcZcbTWroIgCx5ceSFtDPe0Pq//qt3RWk81QWvbJxdukF4EyBSoQ7AqBhf4nDFZZxd4s8rZ,iv:OFhRxXHWOEC9mKGyK2ePfVGpBCDTfv0L+q3xzbXFefI=,tag:iO52YhFsSvb59RbcgXb+9w==,type:str]
vaultwarden: ENC[AES256_GCM,data:nSiiyurI0pNGlJiHpgu5jUQIq688IbPKlJCvx4jrFN9TwIY+kfVOaO4KWKkavBYfMZqMuEBr7EAdRULS,iv:OpgfXl1uYLgjOGDTkXFj/wPFUoE6uK89gtXLsB2x6gE=,tag:knJkNQnRCNcc/2nKBYdVCw==,type:str]
radicale: radicale:
sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str] sid: ENC[AES256_GCM,data:/OgIrXnGttIymGw98feiUjKPOIlrgRIC0TNCdBnuJOiA0RzbF0b9SMVzwEZiTEmS82g2lSvxQkE4kZjeOgOC0RLvCyZAmtWojq+g1pN0qhEkhwH0Qtu9wNnSYHuRqh2E5nWzHNGl/eF6zQ==,iv:5XtlyXjpB+XrVvJ7IoM7Gu63xA8vYrcJjUjLPmOMAIU=,tag:SAuYl/wzxnINyVWn9nI5yA==,type:str]
sops: sops:
@ -52,7 +51,7 @@ sops:
RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB RzhnczA0S1pxcXZncGpWVHNYQW96L28K+ytH3PPyg4+wibpAQhp02RiSfZ83EDRB
UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg== UJ8UV1d+51D0e2A1sI95r2AzDj4jfwUnI+LYDPC/qEpsu5LFLGVyeg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-03T11:37:47Z" lastmodified: "2026-02-01T22:55:09Z"
mac: ENC[AES256_GCM,data:5f4/mIJzzvKhZjES4WA0Ds2g642FDS03oSmH4dUi0pnF01aQD75eZ0HI3vcdks6kY+b5xyH5BJ283cgrnIiG2oPjYsIt8ULFnXZql31QQJArirYC35qf5lIiN4gC0ObzC5nSTR4rzrqpWtmf2vrvxDXWftK+JdwPyPjk/4IAu50=,iv:tfHDum7KB+nYQnxfukm+w/BotWW+Itmn11yy6O4V6oE=,tag:0/sFkH9Z2ZP2wzVfJEYFqA==,type:str] mac: ENC[AES256_GCM,data:l+lTLQJ5FRAmvCNIDDFr4gpEvGw0csSKIeI8MnBfM5qsC+wg0d8JSAvBB1m+P/IKLeRoV4AdLuNaflisVoU+dVnk7yX7/lLKt5dfARoFX6zU+u4G4Q6jmpq80CegHFJNWMJE2NAMVrP6m465foWkXlhZIpyT0FBSwtaZkoc74Hg=,iv:H4sxdjPc1C3XxHkHPAooN2cRCHKd4CpzfoH7UM8t/q4=,tag:JHhdlg4g+8kIN0CngGaOaA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.11.0

1
hosts/sid/services/headscale.nix
View file

@ -26,7 +26,6 @@
100.64.0.6 netdata.sid.tail 100.64.0.6 netdata.sid.tail
100.64.0.10 rx4.tail 100.64.0.10 rx4.tail
100.64.0.10 dav.rx4.tail 100.64.0.10 dav.rx4.tail
100.64.0.10 pw.rx4.tail
100.64.0.1 vde.tail 100.64.0.1 vde.tail
fallthrough fallthrough
} }

1
hosts/sid/services/mailserver.nix
View file

@ -10,7 +10,6 @@
sid = { sid = {
aliases = [ "postmaster" ]; aliases = [ "postmaster" ];
}; };
vaultwarden = { };
}; };
}; };
} }