feat: Server monitroing, NixOS 24.05 (#84)

Co-authored-by: nhnn <nhnn@disroot.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/84
2024-07-30 19:19:06 +03:00
parent a6caa18981
commit 5218868b33
12 changed files with 195 additions and 102 deletions
--- a/sp-modules/bitwarden/module.nix
+++ b/sp-modules/bitwarden/module.nix
@@ -59,6 +59,9 @@ in
        ];
      };
    };
+    systemd.tmpfiles.rules = lib.mkIf sp.useBinds [
+      "d /volumes/${cfg.location}/bitwarden/backup 0700 vaultwarden vaultwarden -"
+    ];
    services.vaultwarden = {
      enable = true;
      dbBackend = "sqlite";
@@ -72,28 +75,36 @@ in
        EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed;
      };
    };
-    systemd.services.bitwarden-secrets = {
-      before = [ "vaultwarden.service" ];
-      requiredBy = [ "vaultwarden.service" ];
-      serviceConfig.Type = "oneshot";
-      path = with pkgs; [ coreutils jq ];
-      script = ''
-        set -o nounset
+    systemd = {
+      services = {
+        vaultwarden.serviceConfig.Slice = "bitwarden.slice";
+        bitwarden-secrets = {
+          before = [ "vaultwarden.service" ];
+          requiredBy = [ "vaultwarden.service" ];
+          serviceConfig.Type = "oneshot";
+          path = with pkgs; [ coreutils jq ];
+          script = ''
+            set -o nounset

-        token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
-        if [ "$token" == "null" ]; then
-            # If it's null, empty the contents of the file
-            bitwarden_env=""
-        else
-            bitwarden_env="ADMIN_TOKEN=$token"
-        fi
+            token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
+            if [ "$token" == "null" ]; then
+                # If it's null, empty the contents of the file
+                bitwarden_env=""
+            else
+                bitwarden_env="ADMIN_TOKEN=$token"
+            fi

-        install -C -m 0700 -o vaultwarden -g vaultwarden \
-        -d /var/lib/bitwarden
+            install -C -m 0700 -o vaultwarden -g vaultwarden \
+            -d /var/lib/bitwarden

-        install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
-        <(printf "%s" "$bitwarden_env") ${bitwarden-env}
-      '';
+            install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
+            <(printf "%s" "$bitwarden_env") ${bitwarden-env}
+          '';
+        };
+      };
+      slices.bitwarden = {
+        description = "Bitwarden service slice";
+      };
    };
    services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
      useACMEHost = sp.domain;