From c5fc9d6c85e36cb4849c3ce67d6c9222224bc0d0 Mon Sep 17 00:00:00 2001 From: fwastring Date: Tue, 9 Sep 2025 21:02:29 +0200 Subject: [PATCH] added modules --- maskiner/desktop/configuration.nix | 47 +++++++++++++++++++++++++++--- moduler/kitchenowl.nix | 7 +++++ moduler/vaultwarden.nix | 8 +++-- uninstall.sh | 23 +++++++++++++++ 4 files changed, 78 insertions(+), 7 deletions(-) create mode 100644 moduler/kitchenowl.nix create mode 100755 uninstall.sh diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 59e4fb4..9de83e0 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -14,6 +14,7 @@ ./hardware-configuration.nix ../../moduler/base.nix ../../moduler/users.nix + ../../moduler/kitchenowl.nix #../../moduler/nginx.nix #../../moduler/k3s.nix ../../moduler/vaultwarden.nix @@ -22,12 +23,50 @@ environment.systemPackages = with pkgs; [ unstable.lego -k9s -neovim + k9s + neovim + git ]; - services.tailscale.enable = true; - services.tailscale.package = pkgs.unstable.tailscale; + services.kitchenowl = { + enable = true; + hostName = "shop.wastring.com"; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "fredrik@wastring.com"; + certs."shop.wastring.com" = { + dnsProvider = "gandiv5"; + webroot = null; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; + }; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + # other Nginx options + virtualHosts."shop.wastring.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = + # required when the target is also TLS server with multiple hosts + "proxy_ssl_server_name on;" + + + # required when the server wants to use HTTP Authentication + "proxy_pass_header Authorization;"; + }; + }; + }; + + + # services.tailscale.enable = true; + # services.tailscale.package = pkgs.unstable.tailscale; networking.hostName = myhostname; diff --git a/moduler/kitchenowl.nix b/moduler/kitchenowl.nix new file mode 100644 index 0000000..508a158 --- /dev/null +++ b/moduler/kitchenowl.nix @@ -0,0 +1,7 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.services.kitchenowl; +in +{ +} + diff --git a/moduler/vaultwarden.nix b/moduler/vaultwarden.nix index 8d21b29..eeeb165 100644 --- a/moduler/vaultwarden.nix +++ b/moduler/vaultwarden.nix @@ -3,14 +3,17 @@ }: { + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + }; security.acme = { acceptTerms = true; defaults.email = "fredrik@wastring.com"; certs."pass.wastring.com" = { dnsProvider = "gandiv5"; webroot = null; - credentialsFile = /run/secrets/gandi_key; - dnsPropagationCheck = true; + credentialsFile = /run/secrets/gandi_key; + dnsPropagationCheck = true; }; }; services.nginx = { @@ -42,7 +45,6 @@ ROCKET_PORT = 8222; DOMAIN = "https://pass.wastring.com"; SIGNUPS_ALLOWED = true; - LOG_FILE = "/var/lib/bitwarden_rs/access.log"; }; }; } diff --git a/uninstall.sh b/uninstall.sh new file mode 100755 index 0000000..acf6b2e --- /dev/null +++ b/uninstall.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -x +systemctl stop k3s +systemctl disable k3s +systemctl daemon-reload +rm -f /etc/systemd/system/k3s.service +rm -f /usr/local/bin/k3s +if [ -L /usr/local/bin/kubectl ]; then + rm -f /usr/local/bin/kubectl +fi +if [ -L /usr/local/bin/crictl ]; then + rm -f /usr/local/bin/crictl +fi +if [ -e /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs ]; then + kill -9 `cat /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs` +fi +umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/run/k3s'` +umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/var/lib/rancher/k3s'` + +rm -rf /var/lib/rancher/k3s +rm -rf /etc/rancher/k3s + +rm -f /usr/local/bin/k3s-uninstall.sh