vaultwarden and postgresql

caddy.nix

@@ -1,10 +0,0 @@
-{
-  services.caddy = {
-    enable = true;
-  
-    virtualHosts."mymarseille.duckdns.org".extraConfig = ''
-      reverse_proxy localhost:4533
-
-    '';
-  };
-}

configuration.nix

@@ -8,8 +8,12 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ./caddy.nix
-      ./wireguard.nix
+      ./imports/caddy.nix
+      ./imports/hedgedoc.nix
+      ./imports/postgres.nix
+      ./imports/navidrome.nix
+      ./imports/vaultwarden.nix
+      ./imports/wireguard.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -106,14 +110,6 @@
     blahaj
   ];
 
-  services.navidrome = {
-    enable = true;
-    settings = {
-      Address = "0.0.0.0";
-      Port = 4533;
-      MusicFolder = "/srv/music";
-    };
-  };
 
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
     "broadcom-sta"
@@ -137,11 +133,11 @@
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [
     22
-    4533
+    80
   ];
   networking.firewall.allowedUDPPorts = [
     22
-    4533
+    80
   ];
   # Or disable the firewall altogether.
   networking.firewall.enable = true;
@@ -149,7 +145,7 @@
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.
-  system.copySystemConfiguration = true;
+  # system.copySystemConfiguration = true;
 
 
 

flake.lock

@@ -0,0 +1,111 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flakey-profile": {
+      "locked": {
+        "lastModified": 1712898590,
+        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lf-",
+        "repo": "flakey-profile",
+        "type": "github"
+      }
+    },
+    "lix": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1746827285,
+        "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",
+        "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"
+      }
+    },
+    "lix-module": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "flakey-profile": "flakey-profile",
+        "lix": "lix",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746838955,
+        "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",
+        "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1747744144,
+        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "lix-module": "lix-module",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -3,14 +3,22 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+
+  lix-module = {
+    url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
+    inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, nixpkgs }: {
+
+};
+
+  outputs = { self, nixpkgs, lix-module }: {
     nixosConfigurations = {
       mini = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
         modules = [
           ./configuration.nix
+          lix-module.nixosModules.default
         ]; 
       };
     };

imports/caddy.nix

@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.caddy = {
+    enable = true;
+  
+    virtualHosts."http://navidrome.mymarseille.duckdns.org".extraConfig = ''
+      reverse_proxy localhost:4533
+    '';
+
+    virtualHosts."http://notes.mymarseille.duckdns.org".extraConfig = ''
+      reverse_proxy localhost:8001
+    '';
+
+    virtualHosts."http://vault.mymarseille.duckdns.org".extraConfig = ''
+      reverse_proxy localhost:8000
+    '';
+
+  };
+}

imports/hedgedoc.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+{
+  services.hedgedoc = {
+    enable = true;
+    settings = {
+      domain = "hedgedoc.mymarseille.duckdns.org";
+      port = 8001;
+    };
+  };
+
+}

imports/navidrome.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+{
+ services.navidrome = {
+    enable = true;
+    settings = {
+      Address = "0.0.0.0";
+      Port = 4533;
+      MusicFolder = "/srv/music";
+    };
+  };
+}

imports/postgres.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+
+    ensureDatabases = [ "vaultwarden" ];
+    authentication = pkgs.lib.mkOverride 10 ''
+      #type database  DBuser  auth-method
+      local all       all     trust
+    '';
+
+    # When removing users or removing permissions from users here, must also remove them manually
+    ensureUsers = [
+      {
+        name = "vaultwarden";
+        ensureDBOwnership = true; 
+      }
+    ];
+
+    
+    settings = {
+      port = 5432;
+    };
+  };
+}

imports/vaultwarden.nix

@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    dbBackend = "postgresql";
+    
+    # backupDir = "/srv/backup/vaultwarden"; # optional for backups
+    config = {
+      ROCKET_PORT = 8000;
+      DOMAIN = "https://vault.mymarseille.duckdns.org";
+      SIGNUPS_ALLOWED = false;
+
+      ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$djJtbTZsUlhBY0lxWldqSFV2NEUwNloxRlF0Uk5VVmFOalFmT0hQaHBoMD0$Ekj+ymeGJXyx84GCE3wN123f/Khdcw1GGPMv+s1tqmU";
+      
+      DATABASE_URL="postgresql://:5432/vaultwarden";
+      
+      SMTP_FROM = "vincentwaltz8@gmail.com";
+      SMTP_FROM_NAME = "VaultWarden";
+      SMTP_HOST = "smtp.gmail.com";
+      SMTP_USERNAME = "vincentwaltz8@gmail.com";
+      SMTP_PASSWORD = "iieu nrwc abtb vdqh";
+    };
+
+  };
+
+  systemd.services.vaultwarden = {
+      requires = [ "postgresql.service" ];
+      after = [ "postgresql.service" ];
+  };
+  
+}

imports/wireguard.nix

@@ -1,3 +1,4 @@
+{ config, lib, pkgs, ... }:
 {
   # Enable WireGuard
   networking.wireguard.enable = true;