diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix index f7b0dda..0c41578 100644 --- a/hosts/cirrus/default.nix +++ b/hosts/cirrus/default.nix @@ -1,5 +1,7 @@ -_: { +{ config, ... }: +{ system.stateVersion = "24.11"; + networking.domain = "sprouted.cloud"; myConfig = { boot.loader.grub.enable = true; @@ -9,5 +11,23 @@ _: { enable = true; ssh.enable = true; }; + + hedgedoc = { + enable = true; + subdomain = "docs"; + backups.enable = true; + }; }; + + services.caddy = { + enable = true; + virtualHosts."docs.${config.networking.domain}".extraConfig = '' + reverse_proxy localhost:${toString config.myConfig.hedgedoc.port} + ''; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/hosts/cirrus/secrets.yaml b/hosts/cirrus/secrets.yaml index ddca5d2..74c0e90 100644 --- a/hosts/cirrus/secrets.yaml +++ b/hosts/cirrus/secrets.yaml @@ -1,5 +1,11 @@ seb-password: ENC[AES256_GCM,data:/J83cgpBhjl6VveVZTX0ElEyexn3G3pZp6RKgfbR39QoG/5mExOk2xM999YFb5/vGaivogGQeFhwQ0j5Ij0KdaWCTXkFIQtfBw==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:QTqmyyywH0cV5rGQhPBBGg==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:u4F4B7cxqX5S+25lsB/X3WUYJFlLrIcqA+pWABDn0j08nL6a1Vg4n94LjkWYlcLIj9Axj9UCRurgPVwNpA0=,iv:iKZzHTD00h9/vwkewo14Ox+9EMuo5GawemRVjn1gLuM=,tag:ikLoAEbMDNlRZ3PGke2OZQ==,type:str] +hedgedoc: + seb-password: ENC[AES256_GCM,data:hzUFWZ3m6oIUOySTHfRyEDSNqYIfJndYSg==,iv:wg8aMAEbvCYVfqMhikF1tbEdB+CYzLB4azlLN6OU/HE=,tag:Yf7xUBwIetnkUnncOi/V8Q==,type:str] +restic: + environment: ENC[AES256_GCM,data:oPgJ20N7eO0W+SnRPA/uaGDbYBpKX3jWixuVIG0+eBRRlaPWBFpJKA7CK9oVvwuqQUtGiRnoR2gqO42C22WRSiHXqe1zoarhvQMcXy8CTQd6Y+k5iMspSzMZynfkMapooK4=,iv:Ub1ONOcoEZ52E8W1qK93xpmYXMUiVszFbHoO/pUa/Mo=,tag:2yTJZmirhPIN01cB5F0Lsw==,type:str] + password: ENC[AES256_GCM,data:gMd4G8o83r3sTZEH1kRkn05Mye96sHV2mdRWNbbS,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:CeFrP3pO1VmGxcvj7b7pYA==,type:str] +healthchecks-ping-key: ENC[AES256_GCM,data:HT6bEtZ4ii3na8VDRA59GHtRuaOV+w==,iv:ZZlnpDPoPUYgq/jHOfCqHMUmKpPUTpXmZp3GWxYAL3I=,tag:Lg97lItvoGzXqoz6Pwadfw==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +30,8 @@ sops: aHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae XeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-04T19:13:40Z" - mac: ENC[AES256_GCM,data:wTYrJHhjfYxeMEg64bgCI+sn4paLZ5de6eZ2md5VIv/nQkS8U8IznAq22rLp+X9WW5G1tbHlqte/7YCSFzeDOUG6/V7FBWht9QSbFnyBR3bTw5Bp98b0mTdvTWXTXSS7PNgzMhCiHyTVo1jcR+G3rfu4055PJe4wsbzk8nmNiLU=,iv:mgtXxoJT0pnC1f6bsovU1arPIl6jvqEyRS6OHT5ELQo=,tag:1FwWG4UO/KW2mcH3zBFJ9g==,type:str] + lastmodified: "2025-05-12T19:21:12Z" + mac: ENC[AES256_GCM,data:kZ90RoJrtsaz/y/EStMcGQPwqA9DdzdDXHJKLm+fZkannyBTU3nJWjuCrZPcWwAQwmMe/R6On2gJPoafWlo0TRS+XrMSbeVirNxjPurTzBHPMTAa3IjVu4N1Lb76NoTdOTY5P2jI0OM3bAnmY3wFtmbu8BjM/bt5V+UmmJCUhQs=,iv:uq5wTXMlWuqxvhB/GlAcovHGBvZRoi6fyRb/i4dsW7M=,tag:nu4Fu3CMaCYy8bhWzTpZOA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/hosts/shared.nix b/hosts/shared.nix index 25d1339..5c60534 100644 --- a/hosts/shared.nix +++ b/hosts/shared.nix @@ -9,7 +9,7 @@ { imports = [ self.nixosModules.default ]; - networking.domain = "stork-atlas.ts.net"; + networking.domain = lib.mkDefault "stork-atlas.ts.net"; nix = let