migrated bitwarden

nixos/configs/pepe/syncthing.nix

@@ -111,4 +111,9 @@
     after = [ "media.mount" ];
   };
 
+
+  backup.dirs = [
+    config.services.syncthing.folders.finance.path
+  ];
+
 }

nixos/configs/robi/configuration.nix

@@ -1,25 +1,28 @@
 { lib, config, pkgs, ... }: {
   imports = [
 
-    ../../system/all/defaults.nix
-    ../../system/all/tinc.nix
     ../../system/all/borg-jobs.nix
+    ../../system/all/defaults.nix
+    ../../system/all/sshd-known-hosts-bootup.nix
+    ../../system/all/sshd-known-hosts-private.nix
+    ../../system/all/sshd-known-hosts-public.nix
+    ../../system/all/syncthing.nix
+    ../../system/all/tinc.nix
+
     ../../system/server/netdata.nix
 
     ./hetzner.nix
+
+    ./codimd.nix
+    ./gitea.nix
+    ./grocy.nix
+    ./nextcloud.nix
     ./packages.nix
-    ./tinc.nix
     ./syncthing.nix
     ./taskserver.nix
+    ./tinc.nix
     ./transmission.nix
-    ./nextcloud.nix
-    ./codimd.nix
-
-
-    ./gitea.nix
-    #./gitlab.nix
-    # todo
-    #./bitwarden.nix
+    ./vaultwarden.nix
 
 
     #../../system/server
@@ -78,7 +81,5 @@
       fsType = "ext4";
     };
 
-
-
 }
 

nixos/configs/robi/grocy.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.grocy = {
+    enable = true;
+    settings = {
+      culture = "de";
+      currency = "EUR";
+    };
+    hostName = "grocy.ingolf-wagner.de";
+    nginx.enableSSL = true;
+  };
+
+  backup.dirs = [ config.services.grocy.dataDir ];
+
+}

nixos/configs/robi/nextcloud.nix

@@ -66,28 +66,28 @@ in
             priority = 210;
             extraConfig = "return 301 $scheme://$host/remote.php/dav;";
           };
-          "~ .(?:css|js|svg|gif)$" = {
-            proxyPass = "http://${containerAddress}$request_uri";
-            extraConfig = ''
-              expires 6M;         # Cache-Control policy borrowed from `.htaccess`
-              access_log off;     # Optional: Don't log access to assets
-              sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
-              sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
-              # used for view/edit office file via Office Online Server
-              client_max_body_size 0;
-            '';
-          };
-          "~ .woff2?$" = {
-            proxyPass = "http://${containerAddress}$request_uri";
-            extraConfig = ''
-              expires 7d;         # Cache-Control policy borrowed from `.htaccess`
-              access_log off;     # Optional: Don't log access to assets
-              sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
-              sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
-              # used for view/edit office file via Office Online Server
-              client_max_body_size 0;
-            '';
-          };
+          #"~ .(?:css|js|svg|gif)$" = {
+          #  proxyPass = "http://${containerAddress}$request_uri";
+          #  extraConfig = ''
+          #    expires 6M;         # Cache-Control policy borrowed from `.htaccess`
+          #    access_log off;     # Optional: Don't log access to assets
+          #    sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
+          #    sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
+          #    # used for view/edit office file via Office Online Server
+          #    client_max_body_size 0;
+          #  '';
+          #};
+          #"~ .woff2?$" = {
+          #  proxyPass = "http://${containerAddress}$request_uri";
+          #  extraConfig = ''
+          #    expires 7d;         # Cache-Control policy borrowed from `.htaccess`
+          #    access_log off;     # Optional: Don't log access to assets
+          #    sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de";
+          #    sub_filter "nextcloud.workhorse.private" "nextcloud.ingolf-wagner.de";
+          #    # used for view/edit office file via Office Online Server
+          #    client_max_body_size 0;
+          #  '';
+          #};
         };
       };
     };
@@ -240,7 +240,7 @@ in
       # nextcloud setup
       services.nextcloud = {
         enable = true;
-        package = pkgs.nextcloud22;
+        package = pkgs.nextcloud23;
         autoUpdateApps.enable = true;
         #nginx.enable = true;
         hostName = "nextcloud.ingolf-wagner.de";

nixos/configs/robi/tinc.nix

@@ -1,5 +1,7 @@
 { config, lib, pkgs, ... }: {
 
+  imports = [ ../../system/all/tinc.nix ];
+
   module.cluster.services.tinc = {
     "private" = {
       enable = true;

nixos/configs/sterni/configuration.nix

@@ -23,13 +23,15 @@
   security.wrappers = {
     pmount = {
       source = "${pkgs.pmount}/bin/pmount";
-      owner = config.users.users.mainUser.name;
-      group = "nogroup";
+      setuid = true;
+      owner = "root";
+      group = "root";
     };
     pumount = {
       source = "${pkgs.pmount}/bin/pumount";
-      owner = config.users.users.mainUser.name;
-      group = "nogroup";
+      setuid = true;
+      owner = "root";
+      group = "root";
     };
   };
 

nixos/configs/sterni/packages.nix

@@ -1,12 +1,15 @@
 { config, lib, pkgs, ... }:
 let
   nextcloudSync = folder:
+    let
+      password = "$( pass show home/nextcloud/palo/nextcloudcmd-token)";
+      user = "palo";
+    in
     pkgs.writers.writeBashBin "nextcloud-sync-${folder}" ''
       ${pkgs.nextcloud-client}/bin/nextcloudcmd \
-        --user palo \
-        --password `pass show home/nextcloud/palo/nextcloudcmd-token` \
+        --path "${folder}" \
         ~/Nextcloud/${folder} \
-        https://nextcloud.ingolf-wagner.de/remote.php/webdav/${folder}
+        "https://${user}:${password}@nextcloud.ingolf-wagner.de"
     '';
 
 in