Add VaultWarden; update Transmission; reorder allowedTCPPorts

2024-08-07 10:02:50 -05:00 · 2024-08-07 10:02:50 -05:00 · aa40c0c5e3
commit aa40c0c5e3
parent afbbe88620
7 changed files with 15 additions and 2 deletions
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@ -111,18 +111,28 @@
      };
      transmission = {
-        image = "haugene/transmission-openvpn:5";
+        image = "haugene/transmission-openvpn:5.3.1";
        ports = [ "9091:9091" ];
        volumes = [
          "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
          "/etc/localtime:/etc/localtime:ro"
          "/home/torrent/data:/data"
          "/home/sezycei/srv/scripts/transmission/custom-data:/etc/openvpn/custom"
        ];
        environmentFiles =
          [ config.age.secrets.transmission-env.path ];
        extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
      };
      vaultwarden = {
        image = "vaultwarden/server:1.31.0";
        ports = [ "40080:80" ];
        volumes = [
          "/home/sezycei/srv/containerdata/bitwarden/data:/data"
        ];
        environmentFiles = [ config.age.secrets.bitwarden-env.path ];
      };
    };
  };
 }
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@ -76,6 +76,7 @@
        "jame.su" = static { dir = "/var/www/jame.su"; };
        "matri.cx" = static { dir = "/var/www/matri.cx"; };
        "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
        "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
        "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
        "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@ -18,6 +18,7 @@
      };
      keys.file = ../../secrets/keys.age;
      miniflux.file = ../../secrets/miniflux.age;
      bitwarden-env.file = ../../secrets/bitwarden-env.age;
      transmission-env.file = ../../secrets/transmission-env.age;
    };
    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
--- a/nix/system/network.nix
+++ b/nix/system/network.nix
@ -2,7 +2,7 @@
  networking = {
    hostName = "eve-psr-nix0";
    firewall = {
-      allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
+      allowedTCPPorts = [ 22 80 443 3000 7860 9418 23231 23232 23233 ];
      allowedUDPPorts = [ 53 1194 ];
      trustedInterfaces = [ "tun0" ];
    };
--- a/secrets.nix
+++ b/secrets.nix
@ -13,5 +13,6 @@ in
  "secrets/htpasswd-dock.age" = { publicKeys = all; };
  "secrets/keys.age" = { publicKeys = all; };
  "secrets/miniflux.age" = { publicKeys = all; };
  "secrets/bitwarden-env.age" = { publicKeys = all; };
  "secrets/transmission-env.age" = { publicKeys = all; };
 }
--- a/secrets/bitwarden-env.age
+++ b/secrets/bitwarden-env.age
--- a/secrets/transmission-env.age
+++ b/secrets/transmission-env.age