diff options
33 files changed, 165 insertions, 113 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 4f6b8ef..f3b59f5 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -100,14 +100,14 @@ with lib; { } ]; } - # { - # job_name = "wireguard"; - # static_configs = [{ - # targets = with wireguard; [ - # "${manwe.hostname}:${toString port}" - # ]; - # }]; - # } + { + job_name = "wireguard"; + static_configs = [ + { + targets = with wireguard; ["${manwe.hostname}:${toString port}"]; + } + ]; + } ]; }; diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix index 710f26c..fb9b6e6 100644 --- a/configurations/melian/default.nix +++ b/configurations/melian/default.nix @@ -61,7 +61,6 @@ with lib; { home.packages = with pkgs; [ (aspellWithDicts (p: with p; [en ru])) calibre - iaito kotatogram-desktop nheko tor-browser @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1662046976, + "narHash": "sha256-BrTReGRhkVm/Kmmf4zQrL+oYWy0sds/BDBgXNX1CL3c=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "9f136ecfa5bf954538aed3245e4408cf87c85097", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1661856816, - "narHash": "sha256-pb/Xu1p5q3xtk5nxBj25eoeM02SFSQ53FjSBqT+FNhE=", + "lastModified": 1662179110, + "narHash": "sha256-13KYsuzprRvJQK3XXzaFGNyWZS9Pucxl+OZO6gJVzE8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "b726259df1d6defe5af8c5be45ff6457885f2a5f", + "rev": "b042c46bb68bbd24b3b8f80f21889237b3b23eef", "type": "github" }, "original": { @@ -377,11 +377,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1661480711, - "narHash": "sha256-gwvvwppGDBFYXfuchpvRRHiKBM8XCE1ZnpldryKPN9o=", + "lastModified": 1662085301, + "narHash": "sha256-eEnqSDEORBJOrD0yuPU9FDjF8QOs8CSmVDvC0lRjBjI=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "ae22b4a3fe31ae31b3e8b415889f8c2c5a77d8dc", + "rev": "b4efdd150232f6d11312ddb0e4d35dd15cbbe01c", "type": "github" }, "original": { @@ -401,11 +401,11 @@ ] }, "locked": { - "lastModified": 1661824817, - "narHash": "sha256-rKKTjwIVRD5YyD4/X0HMgQkPunAI1rb9vwP2l3M7NWY=", + "lastModified": 1662169888, + "narHash": "sha256-vXcEbRINemb+ype/JQohaU8TyzUbclOFwiv+soYn6wI=", "owner": "jyooru", "repo": "nix-minecraft-servers", - "rev": "835355ef3f51f9ba1a75a35315f997b189337d81", + "rev": "7921fbc0656f8e8c5a95f1142aaf07bf6253aa55", "type": "github" }, "original": { @@ -433,11 +433,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660407119, - "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", + "lastModified": 1662092548, + "narHash": "sha256-nmAbyJ5+DBXcNJ2Rcy/Gx84maqtLdr6xEe82+AXCaY8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", + "rev": "786633331724f36967853b98d9100b5cfaa4d798", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1661353537, - "narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=", + "lastModified": 1662096612, + "narHash": "sha256-R+Q8l5JuyJryRPdiIaYpO5O3A55rT+/pItBrKcy7LM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e304ff0d9db453a4b230e9386418fd974d5804a", + "rev": "21de2b973f9fee595a7a1ac4693efff791245c34", "type": "github" }, "original": { @@ -465,11 +465,11 @@ }, "nixpkgs-endlessh-go": { "locked": { - "lastModified": 1661766727, - "narHash": "sha256-4K3q+YOG2wpx+aighjiuxWFdgNb08YLhQSbJNC07tVY=", + "lastModified": 1662056195, + "narHash": "sha256-aVRDrBgZUyGT9FMTOvJmiemu6baJTlYEfdpVKloOOj0=", "owner": "azahi", "repo": "nixpkgs", - "rev": "157111fe56e266928b46d88d3c14e7b9a2624385", + "rev": "c23131bc34da36f938c6f64de685afbd0f149039", "type": "github" }, "original": { @@ -481,11 +481,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1661882215, - "narHash": "sha256-7hfA5v0ZXQr963htXo8q4d/OUnoEjPWx8WiSt3DGC9c=", + "lastModified": 1662195462, + "narHash": "sha256-eGgXhg58bnNmqy09s+XKyP1fn8ZKvUXlG16q57egP+A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3402d9c4a4fe77e245c1b3b061997a83e6f7504e", + "rev": "bef7a8c36fa01d4427f1854bf2ae09a2368ca1f3", "type": "github" }, "original": { @@ -497,11 +497,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1661864979, - "narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=", + "lastModified": 1662197005, + "narHash": "sha256-E1XUvRbdOMiooVyUpHnYe3tSOTwEq5ePKQZ1qMETtnQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979", + "rev": "a69918f60e882d7cb685e502d8260af68933c853", "type": "github" }, "original": { @@ -563,11 +563,11 @@ }, "nur": { "locked": { - "lastModified": 1661883947, - "narHash": "sha256-qaz+6u+PJAfiW/dhSd8HWu5Mpm9jru53aH/gk3TruIM=", + "lastModified": 1662195553, + "narHash": "sha256-XSlibodNyO5N5m7AnRfJ1jQWZi56jeqBcE2STAtXOyA=", "owner": "nix-community", "repo": "NUR", - "rev": "2ec06c9e786ef01e7dd4bfab9644ffe0d9e0a71d", + "rev": "d685b4574fc5f6422101461473a411af7ab08b44", "type": "github" }, "original": { @@ -596,11 +596,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1661237582, - "narHash": "sha256-pebP1mA019FejUe6CURqDUaqPyTUZ3wRcqfd6gE+YVg=", + "lastModified": 1662044935, + "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "3c11e9df6e8353ae5d7e1179f9bcb114f469c942", + "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12", "type": "github" }, "original": { @@ -785,11 +785,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1661407110, - "narHash": "sha256-tJfJFYeANRGu3ObQHGTxhXqS++JVVQREh8RTMwwbwYQ=", + "lastModified": 1662006199, + "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "3b2e70db92f127dc2e8e302e009447c1a9eb49aa", + "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502", "type": "github" }, "original": { @@ -138,7 +138,6 @@ owner = "numtide"; repo = "flake-utils"; ref = "master"; - inputs.nixpkgs.follows = "nixpkgs"; }; # NOTE Used indirectly by nix-minecraft-servers. @@ -138,13 +138,13 @@ with lib; "alertmanager.${shire}" "frodo.${rohan}" "frodo.${gondor}" - "bitwarden.${shire}" "gotify.${shire}" "grafana.${shire}" "loki.${shire}" "prometheus.${shire}" "radicale.${shire}" "rss-bridge.${shire}" + "vaultwarden.${shire}" azahi rohan gondor diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix index 5d9ca30..b7dd5a3 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixfiles/alertmanager.nix @@ -25,8 +25,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://alertmanager"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix index 32045c0..0f5a93e 100644 --- a/modules/nixfiles/chromium.nix +++ b/modules/nixfiles/chromium.nix @@ -25,6 +25,7 @@ in { {id = "cnojnbdhbhnkbcieeekonklommdnndci";} # Search By Image {id = "doojmbjmlfjjnbmnoijecmcbfeoakpjm";} # NoScript {id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";} # Dark Reader + {id = "hlepfoohegkhhmjieoechaddaejaokhf";} # Refined GitHub {id = "jinjaccalgkegednnccohejagnlnfdag";} # Violentmonkey {id = "nibjojkomfdiaoajekhjakgkdhaomnch";} # IPFS Companion {id = "nngceckbapebfimnlniiiahkandclblb";} # Bitwarden diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixfiles/common/tmp.nix index 3fbf253..9527f28 100644 --- a/modules/nixfiles/common/tmp.nix +++ b/modules/nixfiles/common/tmp.nix @@ -1,9 +1,9 @@ _: { systemd.mounts = [ { + type = "tmpfs"; what = "tmpfs"; where = "/tmp"; - type = "tmpfs"; mountConfig.Options = [ "huge=within_size" "mode=1777" @@ -11,7 +11,7 @@ _: { "nodev" "nosuid" "rw" - "size=25%" + "size=50%" ]; } ]; diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index d4fb577..29eabc9 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -92,11 +92,11 @@ (lsp-register-client (make-lsp-client :new-connection (lsp-stdio-connection '("rnix-lsp")) :major-modes '(nix-mode) - :server-id 'nix)) - (add-hook! 'nix-mode-hook #'lsp!)) + :server-id 'nix))) ;; ;;; YAML + ;; (setq-hook! 'yaml-mode-hook +format-with-lsp nil) diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index 9ad69c6..b547cb9 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -86,14 +86,14 @@ emacs-lisp (go +lsp +tree-sitter) ;; graphql - (haskell +lsp) + (haskell +lsp +tree-sitter) (java +lsp +tree-sitter) (javascript +lsp +tree-sitter) - (json +tree-sitter) - (latex +lsp +tree-sitter) + json + (latex +lsp) (lua +lsp +tree-sitter) markdown - (nix +lsp +tree-sitter) + (nix +lsp) (org +hugo +journal +noter @@ -109,7 +109,7 @@ ;; (scheme +racket) (sh +lsp +tree-sitter) (web +lsp +tree-sitter) - (yaml +tree-sitter) + yaml (zig +lsp +tree-sitter) :email diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index d7afdae..6e42d76 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -32,7 +32,7 @@ in { }; }; - profiles.default = (import ./profile.nix) config.nixfiles.modules lib; + profiles.default = (import ./profile.nix) config lib; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ @@ -41,6 +41,7 @@ in { ipfs-companion noscript privacy-redirect + refined-github stylus ublock-origin violentmonkey diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix index 3382b85..6735db3 100644 --- a/modules/nixfiles/firefox/profile.nix +++ b/modules/nixfiles/firefox/profile.nix @@ -1,8 +1,8 @@ -modules: lib: +config: lib: with lib; let mkCssWithRoot = css: mkMerge [ - (with modules.profiles.common.colourScheme; '' + (with config.colourScheme; '' :root { --black: ${black}; --red: ${red}; @@ -23,7 +23,7 @@ with lib; let --background: ${background}; --foreground: ${foreground}; '') - (with modules.fonts.fontScheme; '' + (with config.fontScheme; '' --sans-serif-font-family: "${sansSerifFont.family}", "${sansSerifFontFallback.family}", sans-serif; --sans-serif-font-size: ${toString sansSerifFont.size}; --serif-font-family: "${serifFont.family}", "${serifFontFallback.family}", serif; @@ -39,10 +39,13 @@ in { isDefault = true; + # A way to change the look of the Firefox itself. userChrome = mkCssWithRoot ./userChrome.css; + # A way to remove annoyances and visual bloat of many webpages. userContent = mkCssWithRoot ./userContent.css; + # Mostly appropriated from https://github.com/arkenfox/user.js settings = { # Updates # @@ -395,6 +398,7 @@ in { # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # + "browser.startup.page" = 1; "browser.startup.homepage" = "about:blank"; # TODO Custom? "browser.startup.homepage_welcome_url" = ""; "browser.startup.homepage_welcome_url.additional" = ""; @@ -406,11 +410,6 @@ in { "browser.newtabpage.enabled" = false; "browser.newtabpage.enhanced" = false; "browser.newtabpage.activity-stream.default.sites" = ""; - "browser.newtabpage.activity-stream.asrouter.disable-captive-portal-vpn-promo" = - true; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = - false; "browser.newtabpage.activity-stream.discoverystream.enabled" = false; "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false; "browser.newtabpage.activity-stream.feeds.places" = false; @@ -422,6 +421,8 @@ in { "browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; "browser.newtabpage.activity-stream.telemetry" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; # "layout.css.color-mix.enabled" = true; # @@ -473,7 +474,7 @@ in { # Toolbar # "browser.uiCustomization.state" = '' - {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":6} + {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button","_a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad_-browser-action"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":7} ''; }; } diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css index b93d5dd..97365f9 100644 --- a/modules/nixfiles/firefox/userContent.css +++ b/modules/nixfiles/firefox/userContent.css @@ -26,6 +26,14 @@ @-moz-document url-prefix(https://github.com/), url-prefix(https://gist.github.com/) { + .footer { + display: none !important; + } + + .application-main { + padding-bottom: 20px !important; + } + .blob-num, .blob-code-inner { font-family: var(--monospace-font-family) !important; @@ -250,3 +258,14 @@ --offset: default !important; } } + +@-moz-document regexp("https:\/\/\.*\.wikipedia\.org/.*") { + #footer, + #mp-topbanner, + #mw-head, + #mw-page-base, + #siteNotice, + .wbc-editpage { + display: none !important; + } +} diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix index 440aff8..1cfd9a7 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixfiles/gotify.nix @@ -23,11 +23,15 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.gotify.port}"; - proxyWebsockets = true; - }; + upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://gotify"; + proxyWebsockets = true; + extraConfig = '' + if ($internal != 1) { + return 403; + } + ''; }; }; postgresql.enable = true; diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix index 66cde70..fcc85f8 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixfiles/grafana.nix @@ -40,9 +40,15 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyPass = "http://grafana"; proxyWebsockets = true; + extraConfig = '' + if ($internal != 1) { + return 403; + } + ''; }; }; postgresql.enable = true; diff --git a/modules/nixfiles/hydra.nix b/modules/nixfiles/hydra.nix index 0814b3a..2168ed5 100644 --- a/modules/nixfiles/hydra.nix +++ b/modules/nixfiles/hydra.nix @@ -26,7 +26,8 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}"; + upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; }; postgresql.enable = true; }; diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix index 455f8e8..8bdbc12 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixfiles/ipfs.nix @@ -134,8 +134,13 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; + upstreams = { + ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {}; + ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {}; + ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {}; + }; virtualHosts = { - ${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.gatewayPort}"; + ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway"; "swarm.${cfg.domain}" = { serverName = cfg.domain; listen = [ @@ -148,12 +153,12 @@ in { port = swarmDefaultPort; } ]; - locations."/".proxyPass = "http://127.0.0.1:${toString cfg.swarmPort}"; + locations."/".proxyPass = "http://ipfs_swarm"; }; "api.${cfg.domain}" = { # TODO Redirect "/" to "/webui" but keep other endpoints. locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.apiPort}"; + proxyPass = "http://ipfs_api"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/lidarr.nix b/modules/nixfiles/lidarr.nix index 15e91ae..f73f917 100644 --- a/modules/nixfiles/lidarr.nix +++ b/modules/nixfiles/lidarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8686"; + upstreams.lidarr.servers."127.0.0.1:8686" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr"; }; services.lidarr.enable = true; diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix index 7f85852..77b6ca0 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixfiles/loki.nix @@ -26,8 +26,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://loki"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixfiles/matrix/dendrite.nix index eb3c437..4792f0e 100644 --- a/modules/nixfiles/matrix/dendrite.nix +++ b/modules/nixfiles/matrix/dendrite.nix @@ -27,8 +27,9 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; virtualHosts.${cfg.domain}.locations = { - "/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; + "/_matrix".proxyPass = "http://dendrite"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixfiles/matrix/synapse.nix index 877d7e9..5f16b7d 100644 --- a/modules/nixfiles/matrix/synapse.nix +++ b/modules/nixfiles/matrix/synapse.nix @@ -25,8 +25,9 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.synapse.servers."${bind_address}:${toString port}" = {}; virtualHosts.${cfg.domain}.locations = { - "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://${bind_address}:${toString port}"; + "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix index d08fdab..38fc613 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixfiles/nginx.nix @@ -11,10 +11,14 @@ in { options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; + upstreams = mkOption { + description = "Defines a group of servers to use as proxy target."; + type = with types; anything; + default = null; + }; + virtualHosts = mkOption { description = "Attrset of virtual hosts."; - # Not sure how to "inherit" the type from the original Nixpkgs option. - # Just make sure it's compatible with service.nginx.virtualHosts, ok? type = with types; anything; default = null; }; @@ -30,6 +34,8 @@ in { statusPage = true; + serverTokens = false; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; @@ -50,6 +56,8 @@ in { '')) ]; + inherit (cfg) upstreams; + virtualHosts = { default = { diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix index 35fd668..5426414 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixfiles/nsd.nix @@ -100,7 +100,6 @@ in { # ns2 = varda; alertmanager = manwe; - bitwarden = manwe; flood = yavanna; gotify = manwe; grafana = manwe; @@ -108,6 +107,7 @@ in { prometheus = manwe; radicale = manwe; rss-bridge = manwe; + vaultwarden = manwe; }; }; }) diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix index 696cfe4..e816b74 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixfiles/prometheus.nix @@ -25,8 +25,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain}.locations."/" = { - proxyPass = with cfg; "http://127.0.0.1:${toString port}"; + proxyPass = "http://prometheus"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/radarr.nix b/modules/nixfiles/radarr.nix index 1ed0747..0abfdf2 100644 --- a/modules/nixfiles/radarr.nix +++ b/modules/nixfiles/radarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:7878"; + upstreams.radarr.servers."127.0.0.1:7878" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr"; }; services.radarr.enable = true; diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix index 45702b6..679a8be 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixfiles/radicale.nix @@ -29,8 +29,9 @@ in { nixfiles.modules.nginx = { enable = true; + upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://radicale"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix index c35b749..42bb7d0 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixfiles/rss-bridge.nix @@ -17,14 +17,7 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.domain}.extraConfig = '' - if ($internal != 1) { - return 403; - } - ''; - }; + nixfiles.modules.nginx.enable = true; services = { rss-bridge = { diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix index 3560be2..320da03 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixfiles/rtorrent.nix @@ -190,6 +190,7 @@ in { mkIf cfg.flood.enable { nixfiles.modules.nginx = { enable = true; + upstreams.flood.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { @@ -202,7 +203,7 @@ in { ''; }; "/api" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://flood"; extraConfig = '' proxy_buffering off; proxy_cache off; diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix index c01c517..fd11904 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixfiles/searx.nix @@ -32,8 +32,9 @@ in { nixfiles.modules.nginx = { enable = true; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyPass = "http://searx"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/sonarr.nix b/modules/nixfiles/sonarr.nix index 1b22d63..8c79175 100644 --- a/modules/nixfiles/sonarr.nix +++ b/modules/nixfiles/sonarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8989"; + upstreams.sonarr.servers."127.0.0.1:8989" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr"; }; services.sonarr.enable = true; diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix index 8f68675..6e6e629 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixfiles/syncthing.nix @@ -144,8 +144,9 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://${config.services.syncthing.guiAddress}"; + proxyPass = "http://syncthing"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixfiles/vaultwarden.nix index f40e4f5..dc8bb84 100644 --- a/modules/nixfiles/vaultwarden.nix +++ b/modules/nixfiles/vaultwarden.nix @@ -13,7 +13,7 @@ in { domain = mkOption { description = "Domain name sans protocol scheme."; type = with types; str; - default = "bitwarden.${config.networking.domain}"; + default = "vaultwarden.${config.networking.domain}"; }; }; @@ -27,17 +27,21 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = with config.services.vaultwarden.config; { + upstreams = with config.services.vaultwarden.config; { + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + }; + virtualHosts.${cfg.domain} = { locations."/" = { - proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}"; + proxyPass = "http://vaultwarden_rocket"; proxyWebsockets = true; }; locations."/notifications/hub" = { - proxyPass = "http://[${WEBSOCKET_ADDRESS}]:${toString WEBSOCKET_PORT}"; + proxyPass = "http://vaultwarden_websocket"; proxyWebsockets = true; }; locations."/notifications/hub/negotiate" = { - proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}"; + proxyPass = "http://vaultwarden_rocket"; proxyWebsockets = true; }; }; @@ -60,11 +64,11 @@ in { SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = true; - ROCKET_ADDRESS = "::1"; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8812; WEBSOCKET_ENABLED = true; - WEBSOCKET_ADDRESS = "::1"; + WEBSOCKET_ADDRESS = "127.0.0.1"; WEBSOCKET_PORT = 8813; LOG_LEVEL = "error"; diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix index fa7ad34..c4fca1e 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixfiles/wireguard.nix @@ -193,13 +193,12 @@ in { firewall.allowedUDPPorts = [cfg.server.port]; }; - # # TODO Dashboard for this. - # services.prometheus.exporters.wireguard = { - # enable = true; - # listenAddress = mkDefault this.wireguard.ipv4.address; - # withRemoteIp = true; - # port = 9586; - # }; + services.prometheus.exporters.wireguard = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + withRemoteIp = true; + port = 9586; + }; }) ]; } |