katja's git: nixfiles

ctucx' nixfiles

commit 1d6a4bf56774c60a679fea02e0fccadd92e9fb6f
parent 6dbd84078872b994f2f296644f6ff19bb6961d08
Author: Katja (ctucx) <git@ctu.cx>
Date: Thu, 24 Apr 2025 23:54:52 +0200

configurations/nixos/websites: move radicale from `dav.ctu.cx` to `dav.katja.wtf` (and to host `rabbit`)

8 files changed, 70 insertions(+), 72 deletions(-)
D
configurations/nixos/websites/dav.ctu.cx.nix
|
46
----------------------------------------------
A
configurations/nixos/websites/dav.katja.wtf.nix
|
46
++++++++++++++++++++++++++++++++++++++++++++++
M
nodes/hector/default.nix
|
3
---
M
nodes/rabbit/default.nix
|
3
+++
D
secrets/hector/radicaleUsers.age
|
12
------------
D
secrets/hector/restic/radicale.age
|
11
-----------
A
secrets/rabbit/radicaleUsers.age
|
11
+++++++++++
A
secrets/rabbit/restic/radicale.age
|
10
++++++++++
diff --git a/configurations/nixos/websites/dav.ctu.cx.nix b/configurations/nixos/websites/dav.ctu.cx.nix
@@ -1,46 +0,0 @@
-{ secrets, config, lib, pkgs, ... }:
-
-{
-
-  dns.zones."ctu.cx".subdomains.dav.CNAME = [ "${config.networking.fqdn}." ];
-
-  age.secrets = {
-    resticRadicale.file = secrets."${config.networking.hostName}".restic.radicale;
-    radicaleUsers = {
-      file  = secrets."${config.networking.hostName}".radicaleUsers;
-      owner = "radicale";
-    };
-  };
-
-  restic-backups.radicale = {
-    user         = "radicale";
-    passwordFile = config.age.secrets.resticRadicale.path;
-    paths        = [ "/var/lib/radicale" ];
-  };
-
-  systemd.services.radicale.onFailure = [ "ntfysh-notify-failure@%i.service" ];
-
-  services = {
-    radicale.enable = true;
-    radicale.settings = {
-      server.hosts                        = [ "[::1]:5232" ];
-      web.type                            = "internal";
-      storage.filesystem_folder           = "/var/lib/radicale/collections";
-      headers.Access-Control-Allow-Origin = "*";
-      auth.type                           = "htpasswd";
-      auth.htpasswd_filename              = config.age.secrets.radicaleUsers.path;
-      auth.htpasswd_encryption            = "plain";
-    };
-
-    nginx = {
-      enable = true;
-      virtualHosts."dav.ctu.cx" = {
-        useACMEHost = "${config.networking.fqdn}";
-        forceSSL    = true;
-        kTLS        = true;
-        locations."/".proxyPass = "http://[::1]:5232/";
-      };
-    };
-  };
-
-}

diff --git a/configurations/nixos/websites/dav.katja.wtf.nix b/configurations/nixos/websites/dav.katja.wtf.nix
@@ -0,0 +1,46 @@
+{ secrets, config, lib, pkgs, ... }:
+
+{
+
+  dns.zones."katja.wtf".subdomains.dav.CNAME = [ "${config.networking.fqdn}." ];
+
+  age.secrets = {
+    resticRadicale.file = secrets."${config.networking.hostName}".restic.radicale;
+    radicaleUsers = {
+      file  = secrets."${config.networking.hostName}".radicaleUsers;
+      owner = "radicale";
+    };
+  };
+
+  restic-backups.radicale = {
+    user         = "radicale";
+    passwordFile = config.age.secrets.resticRadicale.path;
+    paths        = [ "/var/lib/radicale" ];
+  };
+
+  systemd.services.radicale.onFailure = [ "ntfysh-notify-failure@%i.service" ];
+
+  services = {
+    radicale.enable = true;
+    radicale.settings = {
+      server.hosts                        = [ "[::1]:5232" ];
+      web.type                            = "internal";
+      storage.filesystem_folder           = "/var/lib/radicale/collections";
+      headers.Access-Control-Allow-Origin = "*";
+      auth.type                           = "htpasswd";
+      auth.htpasswd_filename              = config.age.secrets.radicaleUsers.path;
+      auth.htpasswd_encryption            = "plain";
+    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."dav.katja.wtf" = {
+        useACMEHost = "${config.networking.fqdn}";
+        forceSSL    = true;
+        kTLS        = true;
+        locations."/".proxyPass = "http://[::1]:5232/";
+      };
+    };
+  };
+
+}

diff --git a/nodes/hector/default.nix b/nodes/hector/default.nix
@@ -28,9 +28,6 @@
       # website / webservices
       ctucxConfig.websites."bikemap.ctu.cx"
 
-      # cal-/card-dav server (radicale)
-      ctucxConfig.websites."dav.ctu.cx"
-
 
       # git server (gitolite+stagit)
       ctucxConfig.websites."git.ctu.cx"

diff --git a/nodes/rabbit/default.nix b/nodes/rabbit/default.nix
@@ -33,6 +33,9 @@
       ctucxConfig.websites."oeffi.katja.wtf"
       ctucxConfig.websites."things.katja.wtf"
 
+      # cal-/card-dav server (radicale)
+      ctucxConfig.websites."dav.katja.wtf"
+
       # password-store (vaultwarden)
       ctucxConfig.websites."vault.katja.wtf"
 

diff --git a/secrets/hector/radicaleUsers.age b/secrets/hector/radicaleUsers.age
@@ -1,12 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUEcrWWVmZDdXVVFUSDNx
-WTJ5eWY0VHlxbXF3b3dqQ3FrYW5SWWUwRjBVCkVac2JtNDN0aGFYaDdaNmtpeHZL
-dXp3Tkwwc0MwN2dSNXF3NGVHV0pVQ2MKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIERP
-bGhVVEhvdlZzZERJNVV5ZGpLbUdITndhd1lpRDh5VUtkZnF6ZG9sQ3MKL0VjVlRt
-YzJZUjQzcG9wZ05tY3NVTjJsYzlDTUk0c0Z5bzczM3VGd1l4MAotPiBLLWdyZWFz
-ZSBbUkxKIGppJkBmIGkgKlkKRlRQUkVUVzd2ZlNmb2RNV01XVUJ5K0Z0R1lqZDRy
-MnZqWVE4NkEzUkEvZURhakdwZFZLRWFlOFc5OWt5WGVQUwoKLS0tIG5PVHlWaVpV
-Sy95NFhna1NtZmh1YlVaa1I3emFSSnVOWjhabUZ1QWlRekEKhfOQdanKb57QWIP4
-FEztX/WSDsIOHSljR8I4nr7lzGa4pE+s5Wj6UYubqxkcOR8fgukojaYwCqpAAEXt
-sPNw9y/86JfJSM/3PDsiHVS6T6PIIjGxnla2GzQ=
------END AGE ENCRYPTED FILE-----

diff --git a/secrets/hector/restic/radicale.age b/secrets/hector/restic/radicale.age
@@ -1,11 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVi9PVzZMZkxEQ0dRNnk2
-bG5BVmtuRGxxWDBtaStJSEJiV2orR1UyK1IwCk05T3JsSUkySk5KTU53R25RUUcv
-Y1hIYjQ3dDBkMFFUcisvcndleGEvY3cKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIC9t
-YVo0Q2IrWjBsbm91cVdLNWFhbG1hVld6T25xNStNQjVkTkFLOXhqVzQKYWFJY0t1
-dzArdDViUFhpRERuM2dBVWJZc2JMUXJ2S0l0akJPWndBMEw3UQotPiA3b2hfWFFu
-LWdyZWFzZQpIQmVJMlRtVWhvVlVveFBGWnNiNVFOQmF0UDN2VGJXK1FlWkhHUDho
-VHJuRVpUTzhKZwotLS0gc3lWNjEraTk3SmVLamZYTWQ0dUQxR0JWbVB1cldYOUhv
-NFd2R2h0Mzljawq68Pxp5FLvJo7Xyt2jjLGuZHtTIzMf+YAMt/GhXfEw8B5JZgCh
-JUen5B+QyAYGY5O9UB+ygqaX65FL
------END AGE ENCRYPTED FILE-----

diff --git a/secrets/rabbit/radicaleUsers.age b/secrets/rabbit/radicaleUsers.age
@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Sm1vU3dGZXhGdHRFOHFw
+NnZwSHY2clRPODdhYUd3U0ExMWRGWGl6V24wCmMrVVlkMFhNakdPZmZJUmF3SlVl
+OEFhWklnV0Q0bm9PKysvWGZvZnBPUzAKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIHA1
+Y0JYa0RQZll2MjNCV0tPdkJJRTc0dENuLy9sK2tRYlNaTTFrVFM2eWMKaW1BYVVl
+VlYzWDB3WFpHam04TGdhdlRzR1hycUtxYzgrM0x3NnVXeDIrQQotPiBuS3QtZ3Jl
+YXNlIEUgP2NyaSFVPyBiQywKaU44ZUJvaytxVTVHc2ZPU2tOaWVBQmsKLS0tIGZN
+cEpLUVBYV1d5TncyaWNyNEk2TVlmRFNuQjBXQVgzcHJlNUNHVVhoTVkKSyLjkkgn
+roO5VRSEgXwmyx4jMssxBJLypSHldVPzz9likA3qgzQ/orlDeCeOS0U44vF9UG+X
+Trn6x/hr2F0gBfLw7kt9ZM1p/eZLvg3A3LRlTTaCRD/kPlg=
+-----END AGE ENCRYPTED FILE-----

diff --git a/secrets/rabbit/restic/radicale.age b/secrets/rabbit/restic/radicale.age
@@ -0,0 +1,10 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eXd2WDVnUlgwUENPR010
+SC8rYUJWU2syY09FSzZ0eXE1Q2Q2Yk9qeng0Ci8wVFB5L0R3SEFENlJUSi9lQ3lL
+NFRkOVJnZ3VZOTJuYWdiRW5DQkd0dWMKLT4gc3NoLWVkMjU1MTkgaGtMdUVnIGl0
+VkN1WGdUY0ZGaTJPeG1BZ2E0YmQ3b0xCREliS1cyK3hKZlZkd2JxMkkKN0RZbGNi
+cDZ4V1RpMVBQamNqRlhzazlpQVMvcHZmUURyelpoSjdKOEpHZwotPiAoMmBzdzAt
+Z3JlYXNlIDcgKz1kZj4zQQoKLS0tIFZxdGVLUzhmTWdMcUdra1hyQ0ZZbTVxa3Vy
+bEU1N2hoekhtS1IvQ0pqL2sKA09k8sLlHpYa+fkzoy9x7h/eTSspjLNDm8mwpt/H
+7pAhGC4ndWZO8YupRCLlAp1JnwtM1W0e28oDNg==
+-----END AGE ENCRYPTED FILE-----