commit 20aaab0a51d78e03554c9bff4dc32887672277ec · ptr.pet/ark

+35

hosts/wolumonde/modules/openbao.nix

···

       1
       1
       +
       {config, ...}: let

     

       2
       2
       +
         port = 5394;

     

       3
       3
       +
         domain = "bao.${config.services.headscale.settings.dns.base_domain}";

     

       4
       4
       +
         cfg = config.services.openbao.settings;

     

       5
       5
       +
         apiAddress = "127.0.0.1:${toString port}";

     

       6
       6
       +
       in {

     

       7
       7
       +
         services.openbao = {

     

       8
       8
       +
           enable = true;

     

       9
       9
       +
           settings = {

     

       10
       10
       +
             ui = true;

     

       11
       11
       +
       

     

       12
       12
       +
             listener.default = {

     

       13
       13
       +
               type = "tcp";

     

       14
       14
       +
               address = apiAddress;

     

       15
       15
       +
             };

     

       16
       16
       +
       

     

       17
       17
       +
             cluster_addr = "http://127.0.0.1:8201";

     

       18
       18
       +
             api_addr = "http://${apiAddress}";

     

       19
       19
       +
       

     

       20
       20
       +
             storage.file.path = "/var/lib/openbao/data";

     

       21
       21
       +
           };

     

       22
       22
       +
         };

     

       23
       23
       +
       

     

       24
       24
       +
         services.headscale.settings.dns.extra_records = [

     

       25
       25
       +
           {

     

       26
       26
       +
             name = domain;

     

       27
       27
       +
             type = "A";

     

       28
       28
       +
             value = "100.64.0.2";

     

       29
       29
       +
           }

     

       30
       30
       +
         ];

     

       31
       31
       +
         services.nginx.virtualHosts.${domain} = {

     

       32
       32
       +
           quic = true;

     

       33
       33
       +
           locations."/".proxyPass = cfg.api_addr;

     

       34
       34
       +
         };

     

       35
       35
       +
       }

hosts/wolumonde/modules/tangled.nix

···

       21
       21
        
           enable = true;

     

       22
       22
        
           package = terra.tangled-knot;

     

       23
       23
        
           gitUser = "git";

     

       24
       24
       +
           motd = "*paws at your commits* arf :3c\n";

     

       24
       25
        
           server = {

     

       25
       26
        
             listenAddr = "0.0.0.0:7777";

     

       26
       27
        
             secretFile = config.age.secrets.tangledKnot.path;

     
···

       46
       47
        
             listenAddr = "0.0.0.0:7391";

     

       47
       48
        
             hostname = "spindle.gaze.systems";

     

       48
       49
        
             owner = "did:plc:dfl62fgb7wtjj3fcbb72naae";

     

       50
       50
       +
             secrets = {

     

       51
       51
       +
               provider = "openbao";

     

       52
       52
       +
               openbao.proxyAddr = "http://bao.lan.gaze.systems";

     

       53
       53
       +
             };

     

       49
       54
        
           };

     

       50
       55
        
         };

     

       51
       56
        
         users.users.spindle = {