kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

fix: battery

Browse source
This commit is contained in:
Kat Inskip 2025-12-07 23:47:53 -08:00
parent 1ba98534eb
commit b0b1afc339
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
10 changed files with 169 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

46
nixos/servers/prosody.nix Normal file
View file

@ -0,0 +1,46 @@
_: {
services.prosody = {
enable = true;
ssl.cert = "/var/lib/prosody/xmpp-fullchain.pem";
ssl.key = "/var/lib/prosody/xmpp-key.pem";
admins = ["kat@kittywit.ch"];
muc = [{domain = "conference.kittywit.ch";}];
virtualHosts."kittywit.ch" = {
enabled = true;
domain = "kittywit.ch";
ssl.cert = "/var/lib/prosody/xmpp-fullchain.pem";
ssl.key = "/var/lib/prosody/xmpp-key.pem";
};
httpPorts = [5280];
httpFileShare = {
domain = "upload.xmpp.kittywit.ch";
};
};
security.acme.certs."kittywit.ch" = {
postRun = ''
cp key.pem /var/lib/prosody/xmpp-key.pem
chown prosody:prosody /var/lib/prosody/xmpp-key.pem
cp fullchain.pem /var/lib/prosody/xmpp-fullchain.pem
chown prosody:prosody /var/lib/prosody/xmpp-fullchain.pem
systemctl reload prosody
'';
};
services.nginx.virtualHosts."upload.xmpp.kittywit.ch" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:5280";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [
5222
5223
5269
];
}

29
nixos/servers/web/nginx.nix
View file

@ -1,4 +1,4 @@
{config, ...}: {
_: {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
@ -6,32 +6,5 @@
recommendedGzipSettings = true;
recommendedProxySettings = true;
statusPage = true;
virtualHosts = let
vHost = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "meep?";
'';
/*
locations = {
"/" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "meep?";
'';
};
};
*/
};
in {
"${config.networking.fqdn}" =
vHost
// {
enableACME = true;
forceSSL = true;
default = true;
};
"localhost" = vHost;
};
};
}

2
nixos/servers/web/secrets.nix
View file

@ -2,6 +2,8 @@ _: let
secretConfig = {
format = "yaml";
sopsFile = ./secrets.yaml;
owner = "acme";
group = "acme";
};
in {
sops.secrets.acme_credentials = secretConfig;

8
nixos/servers/web/secrets.yaml
View file

@ -1,4 +1,4 @@
acme_credentials: ENC[AES256_GCM,data:hYjKLjGWMq9PiCobwo7PCWa/VF0ifJmLOrU4BP+vQMCFn19Ukl1gLnbDrLLzXfg9nAhkMGn5FiQJwl06ZX8E4qELXGkzSuLMvyDioEi6Plev/Wmx9szkCUd5,iv:hplC4l+aVnTLKH+bJZHCU2+NHh6154yPGMyozCUzwjM=,tag:bgOBFauegLvbFWc9sK0rcg==,type:str]
acme_credentials: ENC[AES256_GCM,data:lxriLt0fdDp/M/JvzRv73dLjqMRrdwX+AzfxBoX/9p/uT0nusICMxTrV+AuKVxY3lztodT6knGiRjikB7QClyiq6Q4SIjAwtwPOYP3Yybfqh2NwZWBkRIQ==,iv:WLYpKBpZZOEyICM7IPP18ibJKaOA+WdUE8sZM+Vxgh4=,tag:E4b5DR6I0xHI4W2fhSRLcw==,type:str]
sops:
shamir_threshold: 1
age:
@ -101,8 +101,8 @@ sops:
M0Y5OGtrcEJMUVcrRUdlUnNOUGNYOGsKTk5EolDKBHZPw9FSPdw1I9gs0HMylPnh
bQ2vhwy96O487LbQ+qo29mmd5Ov+zlIvViRLjKl++171xKgj7CQQdA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-13T12:22:35Z"
mac: ENC[AES256_GCM,data:MXKAesYZVdW9N1BOeNqXi8IkBjWLw1VLgXwanaM0cHe63iS17VegEGhZet0WgiMuvcroPKRNzkRSXmv8pgLsaoVMAswgJAEGJjiVDMUKnvuMd7jIs9PYp16k94VRdl/eEmVUhEmXnfpNI4QeASDbxgbRuRFIXUqGYvqYj+FlJcE=,iv:RejxH3dUgj1oxzMnMeYZ5T+XXCbbPzsyAFGyUIKcrz8=,tag:bGaOeEnvqiOAVMLzTIxS5w==,type:str]
lastmodified: "2025-12-07T17:36:09Z"
mac: ENC[AES256_GCM,data:+ZcOBSYxUnwtGGK7/82yiJ0p+zk8xIwe9GkX2ut051kOE9I7lENxxCCURTkO/zAAmlYZgaln287HRBBtMDE24tjUvw9UKNZm9Dfh0IQxzFnIceTQDnMTOwyvhMWXEFiwbzI2rIEihrwTH0jSwasuI9W+pusiDhk4vXkz6DlcIsk=,iv:X6OqsZ4UAcS/B1VuYRPKc2KSJO7P6JUfr6GXkh3j5Tc=,tag:0P78aet5sKwS8hoV6wUpjA==,type:str]
pgp:
- created_at: "2025-12-04T04:58:12Z"
enc: |-
@ -125,4 +125,4 @@ sops:
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0