diff options
author | lassulus <lassulus@lassul.us> | 2021-12-20 21:24:11 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-12-20 21:24:11 +0100 |
commit | d77dd95689a33793c88799ce9f616eb21640f1a8 (patch) | |
tree | b69ae9b1deba72996126a9d6c75008f8696f0d0f | |
parent | 5b71cbae401da33c46401eb09196bedad47dadaa (diff) | |
parent | 26e0cca2e22fde8ae150354d949d9cfeb8b1833b (diff) |
Merge remote-tracking branch 'gum/master'
-rw-r--r-- | makefu/2configs/bitwarden.nix | 14 | ||||
-rw-r--r-- | makefu/2configs/dcpp/hub.nix | 15 | ||||
-rw-r--r-- | makefu/2configs/deployment/owncloud.nix | 2 |
3 files changed, 16 insertions, 15 deletions
diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix index 7e317e596..92c1c4e0e 100644 --- a/makefu/2configs/bitwarden.nix +++ b/makefu/2configs/bitwarden.nix @@ -2,7 +2,7 @@ let port = 8812; in { - services.bitwarden_rs = { + services.vaultwarden = { enable = true; dbBackend = "postgresql"; config.signups_allowed = false; @@ -13,17 +13,15 @@ in { config.websocket_enabled = true; }; - systemd.services.bitwarden_rs.after = [ "postgresql.service" ]; + systemd.services.vaultwarden.after = [ "postgresql.service" ]; services.postgresql = { enable = true; ensureDatabases = [ "bitwarden" ]; - ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ]; - #initialScript = pkgs.writeText "postgresql-init.sql" '' - # CREATE DATABASE bitwarden; - # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}'; - # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser; - #''; + ensureUsers = [ + { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } + { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } + ]; }; services.nginx.virtualHosts."bw.euer.krebsco.de" ={ diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index b8ca49b74..5a88f5ef8 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -63,8 +63,11 @@ in { networking.firewall.extraCommands = '' iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 ''; - systemd.services.uhub.serviceConfig = { + systemd.services.uhub-home.serviceConfig = { PrivateTmp = true; + DynamicUser = lib.mkForce false; + User = "uhub"; + WorkingDirectory = uhubDir; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt @@ -86,6 +89,7 @@ in { group = "uhub"; }; users.groups.uhub = {}; + services.uhub.home = { enable = true; enableTLS = true; @@ -103,13 +107,12 @@ in { } { plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; - settings.motd = "shareit"; - settings.rules = "1. Don't be an asshole"; + settings.motd = toString (pkgs.writeText "motd" "shareit"); + settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole"); } { - plugin = "${pkgs.uhub}/plugins/mod_history.so"; - settings.motd = "shareit"; - settings.rules = "1. Don't be an asshole"; + plugin = "${pkgs.uhub}/plugins/mod_chat_history.so"; + settings = {}; } ]; }; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 0593cf7fc..610ba75fe 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -49,7 +49,7 @@ in { services.nextcloud = { enable = true; - package = pkgs.nextcloud21; + package = pkgs.nextcloud22; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; |