summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2021-12-20 21:24:11 +0100
committerlassulus <lassulus@lassul.us>2021-12-20 21:24:11 +0100
commitd77dd95689a33793c88799ce9f616eb21640f1a8 (patch)
treeb69ae9b1deba72996126a9d6c75008f8696f0d0f
parent5b71cbae401da33c46401eb09196bedad47dadaa (diff)
parent26e0cca2e22fde8ae150354d949d9cfeb8b1833b (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--makefu/2configs/bitwarden.nix14
-rw-r--r--makefu/2configs/dcpp/hub.nix15
-rw-r--r--makefu/2configs/deployment/owncloud.nix2
3 files changed, 16 insertions, 15 deletions
diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix
index 7e317e596..92c1c4e0e 100644
--- a/makefu/2configs/bitwarden.nix
+++ b/makefu/2configs/bitwarden.nix
@@ -2,7 +2,7 @@
let
port = 8812;
in {
- services.bitwarden_rs = {
+ services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
config.signups_allowed = false;
@@ -13,17 +13,15 @@ in {
config.websocket_enabled = true;
};
- systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
+ systemd.services.vaultwarden.after = [ "postgresql.service" ];
services.postgresql = {
enable = true;
ensureDatabases = [ "bitwarden" ];
- ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ];
- #initialScript = pkgs.writeText "postgresql-init.sql" ''
- # CREATE DATABASE bitwarden;
- # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
- # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
- #'';
+ ensureUsers = [
+ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
+ { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
+ ];
};
services.nginx.virtualHosts."bw.euer.krebsco.de" ={
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
index b8ca49b74..5a88f5ef8 100644
--- a/makefu/2configs/dcpp/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -63,8 +63,11 @@ in {
networking.firewall.extraCommands = ''
iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
'';
- systemd.services.uhub.serviceConfig = {
+ systemd.services.uhub-home.serviceConfig = {
PrivateTmp = true;
+ DynamicUser = lib.mkForce false;
+ User = "uhub";
+ WorkingDirectory = uhubDir;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "uhub-pre" ''
cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
@@ -86,6 +89,7 @@ in {
group = "uhub";
};
users.groups.uhub = {};
+
services.uhub.home = {
enable = true;
enableTLS = true;
@@ -103,13 +107,12 @@ in {
}
{
plugin = "${pkgs.uhub}/plugins/mod_welcome.so";
- settings.motd = "shareit";
- settings.rules = "1. Don't be an asshole";
+ settings.motd = toString (pkgs.writeText "motd" "shareit");
+ settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole");
}
{
- plugin = "${pkgs.uhub}/plugins/mod_history.so";
- settings.motd = "shareit";
- settings.rules = "1. Don't be an asshole";
+ plugin = "${pkgs.uhub}/plugins/mod_chat_history.so";
+ settings = {};
}
];
};
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 0593cf7fc..610ba75fe 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -49,7 +49,7 @@ in {
services.nextcloud = {
enable = true;
- package = pkgs.nextcloud21;
+ package = pkgs.nextcloud22;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;