moved open-gist to o001

2025-04-17 00:09:57 -05:00 · 2025-04-17 00:09:57 -05:00 · dccf075b17
commit dccf075b17
parent dc9f1a278b
6 changed files with 208 additions and 187 deletions
--- a/hosts/oracle/o001/containers/opengist.nix
+++ b/hosts/oracle/o001/containers/opengist.nix
@ -0,0 +1,38 @@
+{
+  ...
+}:
+let
+  name = "opengist";
+  hostDataDir = "/var/lib/${name}";
+
+  v_port = 6157;
+in
+{
+  virtualisation.oci-containers.backend = "docker";
+  virtualisation.oci-containers.containers = {
+    opengist = {
+      user = "root";
+      image = "ghcr.io/thomiceli/opengist:1";
+      ports = [
+        "127.0.0.1:${toString v_port}:${toString v_port}"
+      ];
+      volumes = [
+        "${hostDataDir}:/opengist"
+      ];
+      environment = {
+        OG_LOG_LEVEL = "info";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."gist.joshuabell.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:${builtins.toString v_port}";
+      };
+    };
+  };
+}
--- a/hosts/oracle/o001/containers/vaultwarden.nix
+++ b/hosts/oracle/o001/containers/vaultwarden.nix
@ -0,0 +1,80 @@
+{
+  ...
+}:
+let
+  name = "vaultwarden";
+  user = name;
+  uid = 114;
+  hostDataDir = "/var/lib/${name}";
+
+  v_port = 8222;
+in
+{
+  users = {
+    users.${user} = {
+      isSystemUser = true;
+      group = user;
+      inherit uid;
+    };
+    groups.${user}.gid = uid;
+  };
+  system.activationScripts.createMediaServerDirs = ''
+    mkdir -p ${hostDataDir}/data
+    mkdir -p ${hostDataDir}/backups
+    chown -R ${toString uid}:${toString uid} ${hostDataDir}
+    chmod -R 750 ${hostDataDir}
+  '';
+
+  containers.${name} = {
+    ephemeral = true;
+    autoStart = true;
+    privateNetwork = false;
+    bindMounts = {
+      "/var/lib/vaultwarden" = {
+        hostPath = "${hostDataDir}/data";
+        isReadOnly = false;
+      };
+      "/var/lib/backups/vaultwarden" = {
+        hostPath = "${hostDataDir}/backups";
+        isReadOnly = false;
+      };
+    };
+    config =
+      { ... }:
+      {
+        system.stateVersion = "24.11";
+        users = {
+          users.${user} = {
+            isSystemUser = true;
+            group = user;
+            inherit uid;
+          };
+          groups.${user}.gid = uid;
+        };
+
+        services.vaultwarden = {
+          enable = true;
+          dbBackend = "sqlite";
+          backupDir = "/var/lib/backups/vaultwarden";
+          config = {
+            DOMAIN = "https://vault.joshuabell.xyz";
+            SIGNUPS_ALLOWED = false;
+            ROCKET_PORT = builtins.toString v_port;
+            ROCKET_ADDRESS = "127.0.0.1";
+            # ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YMFEq4GZiCeM+MBSW75G+gq6Dnywszaqhhdrt5pIyLw$zdlU/ws8kfBVa/FWp1LVfhnu+CVuItG2nPGXgKyjWug";
+          };
+        };
+      };
+  };
+
+  services.nginx.virtualHosts."vault.joshuabell.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:${builtins.toString v_port}";
+      };
+    };
+  };
+}