diff --git a/secrets.nix b/secrets.nix index fd66a09..f86dfd8 100644 --- a/secrets.nix +++ b/secrets.nix @@ -28,7 +28,7 @@ in { "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql]; "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql]; "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql]; - "services/postgresql/secrets/netboxDBPass.age".publicKeys = [tbarnouin postgresql]; + "services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql]; "secrets/postgresql-lapi-key.age".publicKeys = [tbarnouin postgresql]; "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx]; diff --git a/services/netbox/default.nix b/services/netbox/default.nix deleted file mode 100644 index 7e634e9..0000000 --- a/services/netbox/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.services.vm_netbox; -in { - options.services.vm_netbox = { - enable = lib.mkEnableOption "Enable minimal config"; - pgsql_ip = lib.mkOption { - type = lib.types.str; - description = "Netbox database IP address"; - }; - }; - config = lib.mkIf cfg.enable { - age.secrets.netbox-lapi-key = { - file = ../../secrets/netbox-lapi-key.age; - owner = "crowdsec"; - }; - }; - services = { - crowdsec = { - settings.lapi.credentialsFile = "${config.age.secrets.netbox-lapi-key.path}"; - localConfig = { - acquisitions = [ - { - source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=netbox.service" ]; - labels = { - type = "syslog"; - }; - } - ]; - }; - }; - netbox = { - enable = true; - package = pkgs.netbox_3_7; - port = 8001; - }; - }; - networking.firewall.allowedTCPPorts = [8001]; - }; -} diff --git a/services/nginx/default.nix b/services/nginx/default.nix index 324416a..a233684 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -142,15 +142,6 @@ in { recommendedProxySettings = true; }; }; - "netbox.le43.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://192.168.1.90:8000"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; "play.le43.eu" = { forceSSL = true; enableACME = true; diff --git a/services/postgresql/default.nix b/services/postgresql/default.nix index cf20b53..7b75a54 100644 --- a/services/postgresql/default.nix +++ b/services/postgresql/default.nix @@ -31,8 +31,8 @@ in { file = ./secrets/grafanaDBPass.age; owner = "postgres"; }; - netboxDBPass = { - file = ./secrets/netboxDBPass.age; + onlyofficeDBPass = { + file = ./secrets/onlyofficeDBPass.age; owner = "postgres"; }; }; @@ -64,7 +64,7 @@ in { host gitea gitea 192.168.1.14/32 md5 host authentik authentik 192.168.1.125/32 md5 host grafana grafana 192.168.1.27/32 md5 - host netbox netbox 192.168.1.90/32 md5 + host onlyoffice onlyoffice 192.168.1.46/32 md5 "; initialScript = pkgs.writeText "init-sql-script" '' CREATE ROLE nextcloud WITH LOGIN CREATEDB; @@ -83,9 +83,9 @@ in { CREATE DATABASE grafana; GRANT ALL PRIVILEGES ON DATABASE grafana TO grafana; - CREATE ROLE netbox WITH LOGIN CREATEDB; - CREATE DATABASE netbox; - GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; + CREATE ROLE onlyoffice WITH LOGIN CREATEDB; + CREATE DATABASE onlyoffice; + GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice; ''; }; }; @@ -96,7 +96,7 @@ in { giteaDBPass = config.age.secrets.giteaDBPass.path; authentikDBPass = config.age.secrets.authentikDBPass.path; grafanaDBPass = config.age.secrets.grafanaDBPass.path; - netboxDBPass = config.age.secrets.netboxDBPass.path; + onlyofficeDBPass = config.age.secrets.onlyofficeDBPass.path; in '' $PSQL -tA <<'EOF' DO $$ @@ -114,8 +114,8 @@ in { password := trim(both from replace(pg_read_file('${grafanaDBPass}'), E'\n', ''')); EXECUTE format('ALTER ROLE grafana WITH PASSWORD '''%s''';', password); - password := trim(both from replace(pg_read_file('${netboxDBPass}'), E'\n', ''')); - EXECUTE format('ALTER ROLE netbox WITH PASSWORD '''%s''';', password); + password := trim(both from replace(pg_read_file('${onlyofficeDBPass}'), E'\n', ''')); + EXECUTE format('ALTER ROLE onlyoffice WITH PASSWORD '''%s''';', password); END $$; EOF ''; diff --git a/services/postgresql/secrets/netboxDBPass.age b/services/postgresql/secrets/netboxDBPass.age deleted file mode 100644 index 36d3930..0000000 --- a/services/postgresql/secrets/netboxDBPass.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBLM1pP -MXRibnRQQitFVjdQUVRrVGI5NFNMaWFpRE1OOU1zd2dOa09mOGp3CmUxZFRpWTVG -aFVQWE0ydnA0Z3ZYYm5MMkFJMURudS9GcWs1ck9hcjUwVWcKLT4gc3NoLWVkMjU1 -MTkgc2luZ3ZRIHBGajlwYkwwOFRlbTcwSFgvZmU3b3Q5VGFvWFJ5ZXU3WFJwaFFM -OFRHU1kKZFVSVjlZSXl5VUZXR2dJMmxmZHdHNWZ1Z05yS0luMHhaZmt1UlJaMVpS -NAotPiByLjkuRC1ncmVhc2UgKVlbJjYuIG9hCmRxVWNOdzRvRWdvdjZuTzBWQTRU -VGVjdjV6eTk4WDRheEJWM0xGR2RuQUloaFBsSUNia0E2ZlRlOW1aSENoT2kKNWpU -bWxIYU5sQTlURmZzTElIT2FxdwotLS0gQW5RS3NNcCt1cXJob041Y1YwOG9WcXIv -ZkR3OTRXckhQajArV21jbGg4cwroe/kLvfTDiri3Am6Of2J0JsYvthO1PVnekHZT -R4Xrt9NKzfi2+KYJey8= ------END AGE ENCRYPTED FILE----- diff --git a/services/postgresql/secrets/onlyofficeDBPass.age b/services/postgresql/secrets/onlyofficeDBPass.age new file mode 100644 index 0000000..0a517da --- /dev/null +++ b/services/postgresql/secrets/onlyofficeDBPass.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBDTm1X +aTB5SXpwTDRHS1dlMm1LaEpKQkViYlUwZE0xNE04d0dWOVErYVFvCnAvK096M2Np +WWxZUUZGYWZjc0ZtTktSMlFNbjBzU1A2U282VHZWdFNrMEEKLT4gc3NoLWVkMjU1 +MTkgc2luZ3ZRIEpiR2FpR2ltelBwbVhKRTZpRzdLM2U4bGZwc0kvMU1rSlNwb1NR +UVlKV28KV3pEblFFN3hZeEd5TG4yVXRFeHhabVJweGpWejY1eTUveTdYU1ZTRUJl +YwotPiBHbWZPdC1ncmVhc2UgRjJyeiYjTyBCR20hUFsqIC4gMTQqPy1zRwo0NFFS +Rm1HYlUwOXhNenlKcW90MEJOOEFtTjROU1JMWWEzMHJFRVUvS0phY1cxV09abG5a +TkEKLS0tIG1EZnJGanhDUjVRUm5sRTlaVWtFQUN1Q3QrVm1GQnkvVm42eUxWSGNq +M2sKXJmL2j6j+iA26zzQ/rLZrQTXRyIFZ3EvAgpbidiCDqefQrtlSXeQXjiaYI53 +AWK6 +-----END AGE ENCRYPTED FILE-----