diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix index 97fd636..dd39158 100644 --- a/heimserver/configuration.nix +++ b/heimserver/configuration.nix @@ -1,4 +1,4 @@ - # Edit this configuration file to define what should be installed on +# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). @@ -51,6 +51,7 @@ # Networking networking = { hostName = "heimserver"; + domain = "kempinger.at"; useDHCP = false; hostId = "5506a8e7"; interfaces.eth0.ipv4.addresses = [ @@ -180,6 +181,9 @@ certs."bilder.kempinger.at" = { domain = "bilder.kempinger.at"; }; + certs."bitwarden.kempinger.at" = { + domain = "bitwarden.kempinger.at"; + }; }; #services.resolved.enable = true; @@ -217,7 +221,7 @@ ]; locations."/" = { proxyPass = "http://127.0.0.1:8090"; - }; + }; locations."/jmap" = { proxyPass = "http://127.0.0.1:8091/jmap"; }; @@ -246,6 +250,13 @@ ''; }; }; + virtualHosts."bitwarden.kempinger.at" = { + useACMEHost = "bitwarden.kempinger.at"; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + }; + }; }; services.forgejo = { @@ -843,6 +854,7 @@ services.stalwart = { enable = true; openFirewall = true; + stateVersion = "25.05"; settings = { server = { hostname = "mail.kempinger.at"; @@ -895,10 +907,10 @@ session.rcpt.directory = "'internal'"; directory."imap".lookup.domains = [ "kempinger.at" ]; - authentication.fallback-admin = { - user = "admin"; - secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW"; - }; + # authentication.fallback-admin = { + # user = "admin"; + # secret = "$2b$10$f3gV764s.cE9Dqb0OW2SeOIO5eJdrBlTu/lDH7IlvFUYlUZF.CxXW"; + # }; }; }; @@ -906,33 +918,30 @@ enable = true; capacity = 50; }; - + services.vaultwarden = { - enable = true; - backupDir = "/backup/vaultwarden"; - # in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file - # be aware that this file must be created by hand (or via secrets management like sops) - environmentFile = "/root/vaultwarden.env"; - config = { - # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template - DOMAIN = "https://bitwarden.kempinger.at"; - SIGNUPS_ALLOWED = false; - - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8092; - ROCKET_LOG = "critical"; - - # This example assumes a mailserver running on localhost, - # thus without transport encryption. - # If you use an external mail server, follow: - # https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration - SMTP_HOST = "127.0.0.1"; - SMTP_PORT = 25; - SMTP_SSL = false; - - SMTP_FROM = "admin@bitwarden.kempinger.at"; - SMTP_FROM_NAME = "kempinger.at Bitwarden server"; - }; + enable = true; + backupDir = "/backup/vaultwarden"; + # in order to avoid having ADMIN_TOKEN in the nix store it can be also set with the help of an environment file + # be aware that this file must be created by hand (or via secrets management like sops) + environmentFile = "/root/vaultwarden.env"; + config = { + # Refer to https://github.com/dani-garcia/vaultwarden/blob/main/.env.template + DOMAIN = "https://bitwarden.kempinger.at"; + SIGNUPS_ALLOWED = false; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8092; + ROCKET_LOG = "info"; + + # This example assumes a mailserver running on localhost, + # thus without transport encryption. + # If you use an external mail server, follow: + # https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration + SMTP_HOST = "192.168.69.69"; + SMTP_PORT = 25; + SMTP_SSL = false; + }; }; nixpkgs.config.allowUnfree = true;