added modules

maskiner/desktop/configuration.nix

@@ -14,6 +14,7 @@
     ./hardware-configuration.nix
     ../../moduler/base.nix
     ../../moduler/users.nix
+    ../../moduler/kitchenowl.nix
     #../../moduler/nginx.nix
     #../../moduler/k3s.nix
     ../../moduler/vaultwarden.nix
@@ -22,12 +23,50 @@
 
   environment.systemPackages = with pkgs; [
     unstable.lego
-k9s
+	k9s
-neovim
+	neovim
+	git
   ];
 
-  services.tailscale.enable = true;
+  services.kitchenowl = {
-  services.tailscale.package = pkgs.unstable.tailscale;
+    enable = true;
+    hostName = "shop.wastring.com";
+  };
+
+    security.acme = {
+    acceptTerms = true;
+    defaults.email = "fredrik@wastring.com";
+    certs."shop.wastring.com" = {
+      dnsProvider = "gandiv5";
+      webroot = null;
+   credentialsFile = /run/secrets/gandi_key;
+  dnsPropagationCheck = true;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    # other Nginx options
+    virtualHosts."shop.wastring.com" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true; # needed if you need to use WebSocket
+        extraConfig =
+          # required when the target is also TLS server with multiple hosts
+          "proxy_ssl_server_name on;"
+          +
+            # required when the server wants to use HTTP Authentication
+            "proxy_pass_header Authorization;";
+      };
+    };
+  };
+
+
+  # services.tailscale.enable = true;
+  # services.tailscale.package = pkgs.unstable.tailscale;
 
   networking.hostName = myhostname;
 

moduler/kitchenowl.nix

@@ -0,0 +1,7 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.services.kitchenowl;
+in 
+{
+}
+

moduler/vaultwarden.nix

@@ -3,6 +3,9 @@
 }:
 {
 
+	networking.firewall = {
+	allowedTCPPorts = [ 80 443 ];
+	};
   security.acme = {
     acceptTerms = true;
     defaults.email = "fredrik@wastring.com";
@@ -42,7 +45,6 @@
       ROCKET_PORT = 8222;
       DOMAIN = "https://pass.wastring.com";
       SIGNUPS_ALLOWED = true;
-      LOG_FILE = "/var/lib/bitwarden_rs/access.log";
     };
   };
 }

uninstall.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -x
+systemctl stop k3s
+systemctl disable k3s
+systemctl daemon-reload
+rm -f /etc/systemd/system/k3s.service
+rm -f /usr/local/bin/k3s
+if [ -L /usr/local/bin/kubectl ]; then
+    rm -f /usr/local/bin/kubectl
+fi
+if [ -L /usr/local/bin/crictl ]; then
+    rm -f /usr/local/bin/crictl
+fi
+if [ -e /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs ]; then
+    kill -9 `cat /sys/fs/cgroup/systemd/system.slice/k3s.service/cgroup.procs`
+fi
+umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/run/k3s'`
+umount `cat /proc/self/mounts | awk '{print $2}' | grep '^/var/lib/rancher/k3s'`
+
+rm -rf /var/lib/rancher/k3s
+rm -rf /etc/rancher/k3s
+
+rm -f /usr/local/bin/k3s-uninstall.sh