commit 7f807657f6978b1ad4078dfe0da20028c73989ba
parent a14cc585532917578406a43385357eb2a7c3530f
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 14:46:04 +0200
parent a14cc585532917578406a43385357eb2a7c3530f
Author: Leah (ctucx) <git@ctu.cx>
Date: Fri, 12 May 2023 14:46:04 +0200
machines/lollo/radicale -> machines/briefkasten/radicale
9 files changed, 80 insertions(+), 78 deletions(-)
diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix @@ -10,6 +10,9 @@ ../../configurations/linux/services/prometheus-exporters.nix ../../configurations/linux/services/restic-server.nix + + # cal- and card-dav server + ./radicale.nix ]; networking.usePBBUplink = true;
diff --git a/machines/briefkasten/radicale.nix b/machines/briefkasten/radicale.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +{ + + age.secrets = { + restic-radicale.file = ./. + "/../../secrets/${config.networking.hostName}/restic/radicale.age"; + radicale-users = { + file = ./. + "/../../secrets/${config.networking.hostName}/radicale-users.age"; + owner = "radicale"; + }; + }; + + restic-backups.radicale = { + user = "radicale"; + passwordFile = config.age.secrets.restic-radicale.path; + paths = [ "/var/lib/radicale" ]; + }; + + dns.zones."ctu.cx".subdomains.dav.CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; + + systemd.services.radicale.onFailure = [ "email-notify@%i.service" ]; + + services = { + radicale = { + enable = true; + settings = { + server.hosts = [ "127.0.0.1:5232" ]; + web.type = "internal"; + storage.filesystem_folder = "/var/lib/radicale/collections"; + headers.Access-Control-Allow-Origin = "*"; + auth.type = "htpasswd"; + auth.htpasswd_filename = config.age.secrets.radicale-users.path; + auth.htpasswd_encryption = "plain"; + }; + }; + + nginx = { + enable = true; + virtualHosts."dav.ctu.cx" = { + enableACME = lib.mkIf config.networking.usePBBUplink true; + forceSSL = lib.mkIf config.networking.usePBBUplink true; + kTLS = lib.mkIf config.networking.usePBBUplink true; + locations."/".proxyPass = "http://127.0.0.1:5232/"; + }; + }; + }; + +}
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix @@ -17,9 +17,6 @@ # fedi server ./gotosocial.nix - # cal- and card-dav server - ./radicale.nix - ../../configurations/linux/services/prometheus-exporters.nix ../../configurations/linux/services/restic-server.nix
diff --git a/machines/lollo/radicale.nix b/machines/lollo/radicale.nix @@ -1,48 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - age.secrets = { - restic-radicale.file = ../../secrets/lollo/restic/radicale.age; - radicale-users = { - file = ../../secrets/lollo/radicale-users.age; - owner = "radicale"; - }; - }; - - restic-backups.radicale = { - user = "radicale"; - passwordFile = config.age.secrets.restic-radicale.path; - paths = [ "/var/lib/radicale" ]; - }; - - dns.zones."ctu.cx".subdomains.dav.CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ]; - - systemd.services.radicale.onFailure = [ "email-notify@%i.service" ]; - - services = { - radicale = { - enable = true; - settings = { - server.hosts = [ "127.0.0.1:5232" ]; - web.type = "internal"; - storage.filesystem_folder = "/var/lib/radicale/collections"; - headers.Access-Control-Allow-Origin = "*"; - auth.type = "htpasswd"; - auth.htpasswd_filename = config.age.secrets.radicale-users.path; - auth.htpasswd_encryption = "plain"; - }; - }; - - nginx = { - enable = true; - virtualHosts."dav.ctu.cx" = { - enableACME = lib.mkIf config.networking.usePBBUplink true; - forceSSL = lib.mkIf config.networking.usePBBUplink true; - kTLS = lib.mkIf config.networking.usePBBUplink true; - locations."/".proxyPass = "http://127.0.0.1:5232/"; - }; - }; - }; - -}
diff --git a/secrets/briefkasten/radicale-users.age b/secrets/briefkasten/radicale-users.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNFFMRGJlM3MxblBmdWZY +OWNBUVNxMUMyZlVnSk43eHZXbFNRRlZBYWx3Cm9iYVlobllYd2ZCZzlodWU2Yit1 +dEdyS0t3RUNtZnhCZUpjbGtFb1pPK1EKLT4gc3NoLWVkMjU1MTkgNGhLQ013IDRo +SWw3V0JVd1V4TWEzc1BVc2JUYVhyRkxubXBtVzdrZDZveEFyVmYwbDgKMDI5ckxU +QmtpN09hVFVVU25ONXpaS1N6dnExK0hyMFhGcHRHUTh3M2lYRQotPiByal07OSsm +fi1ncmVhc2UgMFliW2VlZE4gOlp+SihjIFsrOQpNNTZpRjYwNWZScFd5Q0s2NE9P +LyszWXEwYnB6Wms5WHdUVFFKZXhGcERkWERNS0NFVERjNjNodUthNXVDZWxECkht +Qld5Zlk4OG5laDJLK1BBSFJHWUlvZkpYWmxBeUZ1UG41U3FIV0RISXdZSHdmeDBE +QQotLS0gVE1YNWxub2NKaHAyUktlNzgzNFlHYTFXaWZyNGh6MDV1K2EwSzdOSTdY +OAr+cSbThFDyFj6ssNfszJHrHUAZjxouGyF9Zjl18jRo+o1/87DiNR3NQgViipe3 +TGsBbJcLoZT8xweE9VtSxP41+Krmlrpcjlotcng6RfLnj7Slfxr/WC9oct3xqq34 +DdGuAvM7+3r+wcGrCewu4CPXetDcNSXJpSLEhyjQikN+Z1U= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/briefkasten/restic/radicale.age b/secrets/briefkasten/restic/radicale.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5aE5RNmZrNWxxOUoySDc2 +TG5Zb2hJc0FrdHNwQjhqRzEwVzZPaGJoUWpZCnVmYjhTaExGT3BZK2dycmNKVzF0 +RGJ0YXd5S21YY05wNkJpNmNBZTI2bHMKLT4gc3NoLWVkMjU1MTkgNGhLQ013IC9l +c3dnOVRVUXc0d2dldENVRmFxcjhua1B1S2ZEczJ5TjlPZDRqcGhCeFkKSU9OM1dI +YlB0V1lQT1YyN2JxUGNVdnp1NFEwTDhYSGhJNDRPMWF2MmRnUQotPiB3Ny5GPkIt +Z3JlYXNlIGQjbyBJOkFyWFRMJiBCCkFtL3VvSFYrbmVINjFYTUUzWnVtWE9qOWZF +Vnl4aVo2Ulcycmd6R00xZDNHOEpLM1hhT1l3bmUxNmxIbG8wV3cKUEZpZFhqUDRa +Y2NCYjlhVkRjelhvUENUWEFpdkM4RUhldEF3MzhkKzN3Ci0tLSBEN0VWWjZwb2ZZ +aHJGREdEMVhsNXRRRHlib0VLT2dmR29vR2RZanBjMVcwCkuunaW8IHnbWcGnEyzx +5UdQ/MSZB63Y7LDnyhQne+fdXFkcvDGQKD0LyYU4k4KgEv80b0rFKSr+Z3A= +-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/radicale-users.age b/secrets/lollo/radicale-users.age @@ -1,13 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6a2dtVnV4dU5BYUVTMXFz -SmtwTDU1alFPNVk0WHBXeEI4b3Bvak5reHhrCnFqSXY4cHUvcDlJSUx5VXMyZWhE -T29CbzVIUE82WnVsRUNYNHFqU04wVE0KLT4gc3NoLWVkMjU1MTkgMXJjY0t3IFZp -MStweU5oOUR6UDQ1aG80RmIybUxXYnlXbm1RS1FUQUVkV0dIbUU5V0EKY2RyTmNu -RUJvRkEvNjVyY1JvMTcrRGp1UVJzRlRUUnkxd0lGU0NOaWNoOAotPiBEJkFwWFxU -LWdyZWFzZSBTICh0YSNjICklR2NuaApCNWg2emVPNklMb2JYeTF2ZCtEbTJhRm8z -WCtGQnhmZkg5dkJMUVdWNHR2Tjd3MjczQldWNUxBCi0tLSB2cnhTTTVaSzVqQzZN -NEI4WHQzMkZuVm10cHU2UXNJVzIrbWhSOHZsRENNCpwenOVL7DQyuLBlC/hFGTgL -rUkkpp3tH35G6YoQziECRezJ2hA2ov31j8bVEpMVAX/nuBgEGViaPrgVMw88+Y2C -mC6VPosChDL+gEK5INWoDTCnqszrTk2elpSFw+EbqquB+cTj8y1x9O7BcJV9LRO4 -Om+tUsVjh5XxdUKnsMKLvg== ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/lollo/restic/radicale.age b/secrets/lollo/restic/radicale.age @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCb2lhVmQzY3htTEpjbW4r -ckNmWUc0RzJ2azJ3dlZoTVNiSy9pbVdvaGxvCk84Wlo3aG0xS0o0My9UMHlDekh0 -SVVaSGsvNHJIdmVtd09IYkt1WHJBQzgKLT4gc3NoLWVkMjU1MTkgMXJjY0t3IDVC -V3ZpK3hxNHpmbWdVZ1IxZERGK1I2Z3laUDNudnZOMHJaVjRaeW1QRGsKWjNWMlcx -Rkdqc1lLOWlvMUhnbG9lYlFzWUFhTCt3YktqVWRqclJmeE0vYwotPiAjMFhlXzwt -Z3JlYXNlIGheIyB9N1NaWXwKd0RHVnpPVXhHS2k4ZXB5M040ZUxWM3JTVUoxVVBw -QTRtUkkwMCtheWFUZnRCeGtBTVEyNnJKaUQzeDNvU2dSVQpjdUt6djZwRmx0OFVY -ZERjUmQwCi0tLSBCODFYNU1VOVkza3g5S2RYSHE5YTEvODkra0IvbnZFdGI1UGkw -dEVTdzFBCnsQYkga1Knudiwu/TTTRNj3qLA52F0DaD5VBLVprEBEc2DGf6m9rS3e -hcyWtqq6DaH4pbQZGRuOk3g= ------END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -27,7 +27,6 @@ in { "lollo/wireguard-privkey.age".publicKeys = [ leah lollo ]; - "lollo/radicale-users.age".publicKeys = [ leah lollo ]; "lollo/gotosocial-env.age".publicKeys = [ leah lollo ]; "lollo/mosquitto/passwd-leah.age".publicKeys = [ leah lollo ]; @@ -49,9 +48,9 @@ in { "lollo/restic/vnstat.age".publicKeys = [ leah lollo ]; "lollo/restic/gotosocial.age".publicKeys = [ leah lollo ]; "lollo/restic/oeffisearch.age".publicKeys = [ leah lollo ]; - "lollo/restic/radicale.age".publicKeys = [ leah lollo ]; "lollo/restic/influxdb.age".publicKeys = [ leah lollo ]; "lollo/restic/things.age".publicKeys = [ leah lollo ]; + "briefkasten/radicale-users.age".publicKeys = [ leah briefkasten ]; "lollo/restic/syncthing-audiobooks-orig.age".publicKeys = [ leah lollo ]; "lollo/restic/syncthing-audiobooks.age".publicKeys = [ leah lollo ]; @@ -68,6 +67,8 @@ in { "lollo/restic/syncthing-wiki.age".publicKeys = [ leah lollo ]; "briefkasten/restic-server-htpasswd.age".publicKeys = [ leah briefkasten ]; + "briefkasten/restic/radicale.age".publicKeys = [ leah briefkasten ]; + "lollo/solar-nrw/vpn-secrets.age".publicKeys = [ leah lollo ]; "lollo/solar-nrw/solax2mqtt.age".publicKeys = [ leah lollo ];