add syncthing.nix, add drivePaths.nix for mounting drive_paths
diff --git a/modules/caddy.nix b/modules/caddy.nix
index e3309fe..eddcf80 100644
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@@ -1,4 +1,5 @@
-{ base, config, pkgs, lib, ... }: lib.recursiveUpdate {
+{ base, config, pkgs, lib, ... }: lib.recursiveUpdate
+{
services.caddy.enable = true;
services.caddy.configFile = lib.pipe ./caddy/caddyfile.nix [
import
@@ -17,28 +18,29 @@
sopsFile = ../secrets/caddy.json;
format = "json";
};
-} (
- let
- isDerived = base != null;
- in
- if isDerived
- then
+}
+ (
let
- caddy_json = base.config.services.caddy.configFile;
+ isDerived = base != null;
in
- {
- scalpel.trafos."caddy.json" = {
- source = toString caddy_json;
- matchers."cloudflare_token".secret =
- config.sops.secrets.cloudflare_token.path;
- owner = config.users.users.root.name;
- group = config.users.users.nobody.group;
- mode = "0400";
- };
+ if isDerived
+ then
+ let
+ caddy_json = base.config.services.caddy.configFile;
+ in
+ {
+ scalpel.trafos."caddy.json" = {
+ source = toString caddy_json;
+ matchers."cloudflare_token".secret =
+ config.sops.secrets.cloudflare_token.path;
+ owner = config.users.users.root.name;
+ group = config.users.users.nobody.group;
+ mode = "0400";
+ };
- services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
+ services.caddy.configFile = lib.mkForce config.scalpel.trafos."caddy.json".destination;
- systemd.services.caddy.reloadTriggers = [ caddy_json ];
- }
- else { }
-)
+ systemd.services.caddy.reloadTriggers = [ caddy_json ];
+ }
+ else { }
+ )
diff --git a/modules/caddy/caddyfile.nix b/modules/caddy/caddyfile.nix
index 4dee336..f3c8b20 100644
--- a/modules/caddy/caddyfile.nix
+++ b/modules/caddy/caddyfile.nix
@@ -280,6 +280,12 @@
}
))
(HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:8452" ])
+ (HTTPReverseProxyRoute [
+ "syncthing.clicks.codes"
+ "syncthing.coded.codes"
+ "syncthing.thecoded.prof"
+ "syncthing.hopescaramels.com"
+ ] [ "localhost:8384" ])
];
};
srv1 = {
diff --git a/modules/drivePaths.nix b/modules/drivePaths.nix
new file mode 100644
index 0000000..addd64b
--- /dev/null
+++ b/modules/drivePaths.nix
@@ -0,0 +1,8 @@
+{ drive_paths, lib, ... }: {
+ fileSystems = lib.mapAttrs'
+ (name: value: {
+ name = value.path;
+ value.device = "/dev/disk/by-uuid/${value.uuid}";
+ })
+ drive_paths;
+}
diff --git a/modules/home-manager-users.nix b/modules/home-manager-users.nix
index 9189240..0e1dbd6 100644
--- a/modules/home-manager-users.nix
+++ b/modules/home-manager-users.nix
@@ -26,7 +26,7 @@
} // (
if (base != null)
then {
-/* users.groups = lib.mapAttrs'
+ /* users.groups = lib.mapAttrs'
(_: user: {
name = user.group;
value = { };
diff --git a/modules/scalpel.nix b/modules/scalpel.nix
index 569d2b4..0e0e257 100644
--- a/modules/scalpel.nix
+++ b/modules/scalpel.nix
@@ -1,6 +1,8 @@
-{ lib, config, ... }: let
+{ lib, config, ... }:
+let
cfg = config.scalpel;
-in {
+in
+{
system.activationScripts.scalpelCreateStore.text = lib.mkForce ''
echo "[scalpel] Ensuring existance of ${cfg.secretsDir}"
mkdir -p ${cfg.secretsDir}
diff --git a/modules/syncthing.nix b/modules/syncthing.nix
new file mode 100644
index 0000000..77e98df
--- /dev/null
+++ b/modules/syncthing.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }: {
+ environment.systemPackages = with pkgs; [ syncthing ];
+
+ services.syncthing.enable = true;
+ services.syncthing.openDefaultPorts = true;
+
+ services.syncthing.extraOptions.gui = {
+ user = "admin";
+ password = "password";
+ };
+}
diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix
index dd06d27..091ef50 100644
--- a/modules/vaultwarden.nix
+++ b/modules/vaultwarden.nix
@@ -64,15 +64,15 @@
SMTP_SECURITY = "starttls";
SMTP_PORT = 587;
- SMTP_USERNAME="FILL_ME_IN";
- SMTP_PASSWORD="!!SMTP_PASSWORD!!";
+ SMTP_USERNAME = "FILL_ME_IN";
+ SMTP_PASSWORD = "!!SMTP_PASSWORD!!";
- REQUIRE_DEVICE_EMAIL=true;
+ REQUIRE_DEVICE_EMAIL = true;
# YubiKey Settings
- YUBICO_CLIENT_ID="89788";
- YUBICO_SECRET_KEY="!!YUBICO_SECRET_KEY!!";
+ YUBICO_CLIENT_ID = "89788";
+ YUBICO_SECRET_KEY = "!!YUBICO_SECRET_KEY!!";
# TODO: Buy a license
@@ -106,7 +106,7 @@
in
{ DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") {
WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault";
- } // configEnv;
+ } // configEnv;
configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv));
in