aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--system/impermanence/default.nix1
-rw-r--r--system/impermanence/mods/etebase-server.nix10
-rw-r--r--system/secrets/default.nix6
-rw-r--r--system/secrets/etebase-server/passwd.tix17
-rw-r--r--system/secrets/secrets.nix1
-rw-r--r--system/services/default.nix1
-rw-r--r--system/services/etebase/default.nix38
7 files changed, 74 insertions, 0 deletions
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix
index f42c084..dd363ae 100644
--- a/system/impermanence/default.nix
+++ b/system/impermanence/default.nix
@@ -2,6 +2,7 @@
# TODO: Only activate them if their module is also active
imports = [
./mods/acme.nix
+ ./mods/etebase-server.nix
./mods/mail.nix
./mods/mastodon.nix
./mods/matrix.nix
diff --git a/system/impermanence/mods/etebase-server.nix b/system/impermanence/mods/etebase-server.nix
new file mode 100644
index 0000000..cfe5a39
--- /dev/null
+++ b/system/impermanence/mods/etebase-server.nix
@@ -0,0 +1,10 @@
+{...}: {
+ environment.persistence."/srv".directories = [
+ {
+ directory = "/var/lib/etebase-server";
+ user = "etebase-server";
+ group = "etebase-server";
+ mode = "0700";
+ }
+ ];
+}
diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index c0042d7..6107faa 100644
--- a/system/secrets/default.nix
+++ b/system/secrets/default.nix
@@ -37,6 +37,12 @@
owner = "root";
group = "root";
};
+ etebase-server = {
+ file = ./etebase-server/passwd.tix;
+ mode = "700";
+ owner = "etebase-server";
+ group = "etebase-server";
+ };
};
};
}
diff --git a/system/secrets/etebase-server/passwd.tix b/system/secrets/etebase-server/passwd.tix
new file mode 100644
index 0000000..8d8e3c2
--- /dev/null
+++ b/system/secrets/etebase-server/passwd.tix
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UiswNDhQNWpsaFZUQTdY
+U3F2TFlrSzhMbmRBWEIyTGQ2VGVramdPTDI4CjRGSnlqUm5rWWJ2Vk5neE56azdt
+WitpbXlPWngxSGtEalBKWkRZdHF5QjQKLT4gWDI1NTE5IDRSSW1jcHhocjBIM0tM
+ZjRxNUhZWkhkd1c5aVlucTMxTTVhSHRIMHMyU0EKbWlQZ0xKRXUvOWluSkZQRWdp
+UjNMQWR3MHNwbUVYbm4vSGJQOGtrb2ZxVQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg
+SEpCY1JWZm5yMG1lL3QwUERPVUFqRWo5ZVJEb1JqNGVLS3pXVkhaYk1SYwpjb3dW
+UWcrMkdmYTlvckFOYmsvcGwvY1dvc1oxY1FaY2p4eURCK3BIR044Ci0+ICgreWhl
+KG9RLWdyZWFzZSAobEpLXVEgNVA3IGQKekx5YVFkeFRBUlJiUis2cFVyWlBPNncK
+LS0tIFJxa0hDZUIyYm5uYlhiZjRnNHRLNTRrRW01d1hCL2dCZnByL1M2SkFyQXMK
+gsR7erKGQrBhXlcnR73PbnC+PzOQlsBOg6a6DosGyixbnEgZ4DfyeK5Ep1oPB81Q
+zcS9AV7h+8NlpmVM4G+0JCIC8I3TTCEQyOPwiu+GVXr4GYy/3stg+pK1htkt2V2M
+WraPl//K3kvFln1KRt5lbsVXLX8SYZS4UJDzK25oJElwdNuqXHqwMkTmXjEgnbvS
+pjgaNak5ooxHiZfCtzismLx5iL+P/+oohegUPvW16fQTq/eKp3mIjeBZmrWNnTuL
+/xlhk0vp0+jS3+TqgGWSwAAqoCp/+TewUZ9f+GhU0/pkU3HP4+tx35rKN2wxerQj
+nMbQ8SphigUeMpc501oDRw6X5ZAasoww
+-----END AGE ENCRYPTED FILE-----
diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix
index 2fef23d..3314fc6 100644
--- a/system/secrets/secrets.nix
+++ b/system/secrets/secrets.nix
@@ -17,4 +17,5 @@ in {
"miniflux/admin.tix".publicKeys = allSecrets;
"mastodon/mail.tix".publicKeys = allSecrets;
"taskserver/ca.tix".publicKeys = allSecrets;
+ "etebase-server/passwd.tix".publicKeys = allSecrets;
}
diff --git a/system/services/default.nix b/system/services/default.nix
index 9998e43..e269dbc 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,5 +1,6 @@
{...}: {
imports = [
+ ./etebase
./fail2ban
./invidious
./keycloak
diff --git a/system/services/etebase/default.nix b/system/services/etebase/default.nix
new file mode 100644
index 0000000..964ea59
--- /dev/null
+++ b/system/services/etebase/default.nix
@@ -0,0 +1,38 @@
+{config, ...}: {
+ services.etebase-server = {
+ enable = true;
+ port = 8001;
+ settings = {
+ global.secret_file = "${config.age.secrets.etebase-server.path}";
+ allowed_hosts.allowed_host1 = "127.0.0.1";
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+
+ virtualHosts = {
+ "etebase.vhack.eu" = {
+ enableACME = true;
+ forceSSL = true;
+
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ '';
+ };
+ serverAliases = [
+ "dav.vhack.eu"
+ ];
+ };
+ };
+ };
+}
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-08 09:00:41 +0000