diff --git a/nixos/borgbackup.nix b/nixos/borgbackup.nix index 7c11f02..1a7fa66 100644 --- a/nixos/borgbackup.nix +++ b/nixos/borgbackup.nix @@ -3,7 +3,9 @@ paths = [ # server storage "/var/lib/postgresql" + "/var/lib/mysql" "/var/lib/sourcehut" + "/var/lib/snipe-it" # user storage "/home" ]; diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 0720999..3d42a98 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -8,6 +8,7 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ./sourcehut.nix + ./snipeit.nix ./borgbackup.nix ]; @@ -21,6 +22,8 @@ 127.0.0.1 meta.sourcehut.nixos.local 127.0.0.1 man.sourcehut.nixos.local 127.0.0.1 git.sourcehut.nixos.local + + 127.0.0.1 snipe-it.nixos.local ''; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. diff --git a/nixos/snipeit.nix b/nixos/snipeit.nix new file mode 100644 index 0000000..9af2fad --- /dev/null +++ b/nixos/snipeit.nix @@ -0,0 +1,34 @@ +let + snipeit-fqdn = "snipe-it.nixos.local"; +in +{ pkgs, ... }: +{ + services.snipe-it = { + enable = true; + appKeyFile = "/etc/nixos/secrets/snipe-it/appkey"; + appURL = "https://${snipeit-fqdn}"; + hostName = snipeit-fqdn; + database = { + user = "snipeit"; + }; + nginx = { + sslCertificate = "/etc/nixos/secrets/certs/snipe-it.nixos.local.crt"; + sslCertificateKey = "/etc/nixos/secrets/certs/snipe-it.nixos.local.key"; + forceSSL = true; + kTLS = true; + }; + }; + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureUsers = [ + { + name = "snipeit"; + ensurePermissions = { + "snipeit.*" = "ALL PRIVILEGES"; + }; + } + ]; + ensureDatabases = [ "snipeit" ]; + }; +} diff --git a/nixos/sourcehut.nix b/nixos/sourcehut.nix index 0c824df..7c89fed 100644 --- a/nixos/sourcehut.nix +++ b/nixos/sourcehut.nix @@ -91,7 +91,7 @@ in services.nginx = { enable = true; - recommendedTlsSettings = false; + recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true;