feat: bootstrap winters

2025-12-06 09:07:21 +01:00 · 2024-09-23 22:09:33 +02:00 · 2024-09-23 22:09:33 +02:00 · f376490aee
commit f376490aee
parent 713af5d722
8 changed files with 382 additions and 355 deletions
--- a/profiles/server/common/jellyfin.nix
+++ b/profiles/server/common/jellyfin.nix
@ -19,7 +19,7 @@
    services.jellyfin = {
      enable = true;
      user = "jellyfin";
-      # openFirewall = true; # this works only for the default ports
+      openFirewall = true; # this works only for the default ports
    };

    services.nginx = {
@ -30,7 +30,7 @@
          acmeRoot = null;
          locations = {
            "/" = {
-              proxyPass = "http://192.168.1.16:8096";
+              proxyPass = "http://192.168.1.2:8096";
              extraConfig = ''
                client_max_body_size 0;
              '';
--- a/profiles/server/common/kavita.nix
+++ b/profiles/server/common/kavita.nix
@ -22,7 +22,7 @@
          acmeRoot = null;
          locations = {
            "/" = {
-              proxyPass = "http://192.168.1.22:8080";
+              proxyPass = "http://192.168.1.2:8080";
              extraConfig = ''
                client_max_body_size 0;
              '';
--- a/profiles/server/common/matrix.nix
+++ b/profiles/server/common/matrix.nix
@ -151,6 +151,7 @@ in

    services.mautrix-whatsapp = {
      enable = true;
+      registerToSynapse = true;
      settings = {
        homeserver = {
          address = "http://localhost:8008";
@ -197,6 +198,7 @@ in

    services.mautrix-signal = {
      enable = true;
+      registerToSynapse = true;
      settings = {
        homeserver = {
          address = "http://localhost:8008";
@ -258,7 +260,7 @@ in
          acmeRoot = null;
          locations = {
            "~ ^(/_matrix|/_synapse/client)" = {
-              proxyPass = "http://192.168.1.23:8008";
+              proxyPass = "http://192.168.1.2:8008";
              extraConfig = ''
                client_max_body_size 0;
              '';
--- a/profiles/server/common/navidrome.nix
+++ b/profiles/server/common/navidrome.nix
@ -29,6 +29,7 @@

    services.navidrome = {
      enable = true;
+      openFirewall = true;
      settings = {
        Address = "0.0.0.0";
        Port = 4040;
@ -55,7 +56,7 @@
          acmeRoot = null;
          locations = {
            "/" = {
-              proxyPass = "http://192.168.1.13:4040";
+              proxyPass = "http://192.168.1.2:4040";
              proxyWebsockets = true;
              extraConfig = ''
                proxy_redirect          http:// https://;
--- a/profiles/server/common/nginx.nix
+++ b/profiles/server/common/nginx.nix
@ -3,6 +3,9 @@
  environment.systemPackages = with pkgs; [
    lego
  ];
+
+  users.users.acme = { };
+
  sops = {
    secrets.dnstokenfull = { owner = "acme"; };
    templates."certs.secret".content = ''
--- a/profiles/server/common/ssh.nix
+++ b/profiles/server/common/ssh.nix
@ -4,6 +4,9 @@ _:
    enable = true;
    settings.PermitRootLogin = "yes";
  };
+  users.users.swarsel.openssh.authorizedKeys.keyFiles = [
+    ../../../secrets/keys/authorized_keys
+  ];
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../../../secrets/keys/authorized_keys
  ];