summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-06-13 15:34:09 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-06-13 20:13:58 +0200
commitc33889e7e53386204dae25b1eed6b36aaf006b21 (patch)
treed8f37decdb4296d66259fa21b1a176c3d9a03f7b
parentrefactor(modules): Ensure strict coherence to patterns (diff)
downloadnixos-server-c33889e7e53386204dae25b1eed6b36aaf006b21.tar.gz
nixos-server-c33889e7e53386204dae25b1eed6b36aaf006b21.zip
refactor(modules/etesync): Move to a complete module
-rw-r--r--hosts/server1/configuration.nix1
-rw-r--r--modules/nixos/vhack/default.nix1
-rw-r--r--modules/nixos/vhack/etesync/default.nix72
-rw-r--r--modules/nixos/vhack/etesync/secret_file.age (renamed from system/secrets/etebase-server/passwd.age)0
-rw-r--r--secrets.nix23
-rw-r--r--system/impermanence/default.nix1
-rw-r--r--system/impermanence/mods/etebase-server.nix10
-rw-r--r--system/secrets/default.nix6
-rw-r--r--system/secrets/secrets.nix23
-rw-r--r--system/services/default.nix1
-rw-r--r--system/services/etebase/default.nix45
11 files changed, 97 insertions, 86 deletions
diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix
index 59dda92..78a9c4b 100644
--- a/hosts/server1/configuration.nix
+++ b/hosts/server1/configuration.nix
@@ -8,6 +8,7 @@
 
   vhack = {
     git-server.enable = true;
+    etesync.enable = true;
   };
 
   boot.tmp.cleanOnBoot = true;
diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix
index b6abcc1..06a4e69 100644
--- a/modules/nixos/vhack/default.nix
+++ b/modules/nixos/vhack/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./etesync
     ./git-server
   ];
 }
diff --git a/modules/nixos/vhack/etesync/default.nix b/modules/nixos/vhack/etesync/default.nix
new file mode 100644
index 0000000..0f6c565
--- /dev/null
+++ b/modules/nixos/vhack/etesync/default.nix
@@ -0,0 +1,72 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.etesync;
+in {
+  options.vhack.etesync = {
+    enable = lib.mkEnableOption ''
+      a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.etebase-server = {
+      enable = true;
+      port = 8001;
+      settings = {
+        global.secret_file = "${config.age.secrets.etebase-server.path}";
+        allowed_hosts = {
+          allowed_host1 = "etebase.vhack.eu";
+          allowed_host2 = "dav.vhack.eu";
+        };
+      };
+    };
+
+    age.secrets.etebase-server = {
+      file = ./secret_file.age;
+      mode = "700";
+      owner = "etebase-server";
+      group = "etebase-server";
+    };
+
+    environment.persistence."/srv".directories = [
+      {
+        directory = "/var/lib/etebase-server";
+        user = "etebase-server";
+        group = "etebase-server";
+        mode = "0700";
+      }
+    ];
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      virtualHosts = {
+        "etebase.vhack.eu" = {
+          enableACME = true;
+          forceSSL = true;
+
+          locations = {
+            # TODO: Maybe fix permissions to use pregenerated static files which would
+            # improve performance.
+            #"/static" = {
+            #  root = config.services.etebase-server.settings.global.static_root;
+            #};
+            "/" = {
+              proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}";
+            };
+          };
+          serverAliases = [
+            "dav.vhack.eu"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/system/secrets/etebase-server/passwd.age b/modules/nixos/vhack/etesync/secret_file.age
index 8d8e3c2..8d8e3c2 100644
--- a/system/secrets/etebase-server/passwd.age
+++ b/modules/nixos/vhack/etesync/secret_file.age
diff --git a/secrets.nix b/secrets.nix
new file mode 100644
index 0000000..5f1ff73
--- /dev/null
+++ b/secrets.nix
@@ -0,0 +1,23 @@
+let
+  soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
+  sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
+
+  server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnqsfIZjelH7rcvFvnLR5zUZuC8thsBupBlvjcMRBUm";
+
+  allSecrets = [
+    soispha
+    sils
+    server1
+  ];
+in {
+  "./modules/nixos/vhack/etesync/secret_file.age".publicKeys = allSecrets;
+  "./system/secrets/backup/backuppass.age".publicKeys = allSecrets;
+  "./system/secrets/backup/backupssh.age".publicKeys = allSecrets;
+  "./system/secrets/invidious/hmac.age".publicKeys = allSecrets;
+  "./system/secrets/invidious/settings.age".publicKeys = allSecrets;
+  "./system/secrets/mastodon/mail.age".publicKeys = allSecrets;
+  "./system/secrets/matrix-synapse/passwd.age".publicKeys = allSecrets;
+  "./system/secrets/miniflux/admin.age".publicKeys = allSecrets;
+  "./system/secrets/taskserver/ca.age".publicKeys = allSecrets;
+  "./system/secrets/taskserver/systemd_tmpfiles.age".publicKeys = allSecrets;
+}
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix
index dd363ae..f42c084 100644
--- a/system/impermanence/default.nix
+++ b/system/impermanence/default.nix
@@ -2,7 +2,6 @@
   # TODO: Only activate them if their module is also active
   imports = [
     ./mods/acme.nix
-    ./mods/etebase-server.nix
     ./mods/mail.nix
     ./mods/mastodon.nix
     ./mods/matrix.nix
diff --git a/system/impermanence/mods/etebase-server.nix b/system/impermanence/mods/etebase-server.nix
deleted file mode 100644
index cfe5a39..0000000
--- a/system/impermanence/mods/etebase-server.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{...}: {
-  environment.persistence."/srv".directories = [
-    {
-      directory = "/var/lib/etebase-server";
-      user = "etebase-server";
-      group = "etebase-server";
-      mode = "0700";
-    }
-  ];
-}
diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index 1656cec..b74e883 100644
--- a/system/secrets/default.nix
+++ b/system/secrets/default.nix
@@ -1,12 +1,6 @@
 {...}: {
   age = {
     secrets = {
-      etebase-server = {
-       file = ./etebase-server/passwd.age;
-       mode = "700";
-       owner = "etebase-server";
-       group = "etebase-server";
-      };
       invidiousHmac = {
         file = ./invidious/hmac.age;
         mode = "700";
diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix
deleted file mode 100644
index 21558e3..0000000
--- a/system/secrets/secrets.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-let
-  soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
-  sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
-
-  server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnqsfIZjelH7rcvFvnLR5zUZuC8thsBupBlvjcMRBUm";
-
-  allSecrets = [
-    soispha
-    sils
-    server1
-  ];
-in {
-  "backup/backuppass.age".publicKeys = allSecrets;
-  "backup/backupssh.age".publicKeys = allSecrets;
-  "etebase-server/passwd.age".publicKeys = allSecrets;
-  "invidious/hmac.age".publicKeys = allSecrets;
-  "invidious/settings.age".publicKeys = allSecrets;
-  "mastodon/mail.age".publicKeys = allSecrets;
-  "matrix-synapse/passwd.age".publicKeys = allSecrets;
-  "miniflux/admin.age".publicKeys = allSecrets;
-  "taskserver/ca.age".publicKeys = allSecrets;
-  "taskserver/systemd_tmpfiles.age".publicKeys = allSecrets;
-}
diff --git a/system/services/default.nix b/system/services/default.nix
index eab92d9..8b8151a 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,6 +1,5 @@
 {...}: {
   imports = [
-    ./etebase
     ./fail2ban
     ./invidious
     ./invidious-router
diff --git a/system/services/etebase/default.nix b/system/services/etebase/default.nix
deleted file mode 100644
index 5d0284f..0000000
--- a/system/services/etebase/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  config,
-  ...
-}: {
-  services.etebase-server = {
-    enable = true;
-    port = 8001;
-    settings = {
-      global.secret_file = "${config.age.secrets.etebase-server.path}";
-      allowed_hosts = {
-        allowed_host1 = "etebase.vhack.eu";
-        allowed_host2 = "dav.vhack.eu";
-      };
-    };
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedTlsSettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedProxySettings = true;
-
-    virtualHosts = {
-      "etebase.vhack.eu" = {
-        enableACME = true;
-        forceSSL = true;
-
-        locations = {
-          # TODO: Maybe fix permissions to use pregenerated static files which would
-          # improve performance.
-          #"/static" = {
-          #  root = config.services.etebase-server.settings.global.static_root;
-          #};
-          "/" = {
-            proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}";
-          };
-        };
-        serverAliases = [
-          "dav.vhack.eu"
-        ];
-      };
-    };
-  };
-}