diff options
Diffstat (limited to '')
28 files changed, 120 insertions, 66 deletions
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix index 5d9ca30..b7dd5a3 100644 --- a/modules/nixfiles/alertmanager.nix +++ b/modules/nixfiles/alertmanager.nix @@ -25,8 +25,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://alertmanager"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix index 32045c0..0f5a93e 100644 --- a/modules/nixfiles/chromium.nix +++ b/modules/nixfiles/chromium.nix @@ -25,6 +25,7 @@ in { {id = "cnojnbdhbhnkbcieeekonklommdnndci";} # Search By Image {id = "doojmbjmlfjjnbmnoijecmcbfeoakpjm";} # NoScript {id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";} # Dark Reader + {id = "hlepfoohegkhhmjieoechaddaejaokhf";} # Refined GitHub {id = "jinjaccalgkegednnccohejagnlnfdag";} # Violentmonkey {id = "nibjojkomfdiaoajekhjakgkdhaomnch";} # IPFS Companion {id = "nngceckbapebfimnlniiiahkandclblb";} # Bitwarden diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixfiles/common/tmp.nix index 3fbf253..9527f28 100644 --- a/modules/nixfiles/common/tmp.nix +++ b/modules/nixfiles/common/tmp.nix @@ -1,9 +1,9 @@ _: { systemd.mounts = [ { + type = "tmpfs"; what = "tmpfs"; where = "/tmp"; - type = "tmpfs"; mountConfig.Options = [ "huge=within_size" "mode=1777" @@ -11,7 +11,7 @@ _: { "nodev" "nosuid" "rw" - "size=25%" + "size=50%" ]; } ]; diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el index d4fb577..29eabc9 100644 --- a/modules/nixfiles/emacs/doom/config.el +++ b/modules/nixfiles/emacs/doom/config.el @@ -92,11 +92,11 @@ (lsp-register-client (make-lsp-client :new-connection (lsp-stdio-connection '("rnix-lsp")) :major-modes '(nix-mode) - :server-id 'nix)) - (add-hook! 'nix-mode-hook #'lsp!)) + :server-id 'nix))) ;; ;;; YAML + ;; (setq-hook! 'yaml-mode-hook +format-with-lsp nil) diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index 9ad69c6..b547cb9 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -86,14 +86,14 @@ emacs-lisp (go +lsp +tree-sitter) ;; graphql - (haskell +lsp) + (haskell +lsp +tree-sitter) (java +lsp +tree-sitter) (javascript +lsp +tree-sitter) - (json +tree-sitter) - (latex +lsp +tree-sitter) + json + (latex +lsp) (lua +lsp +tree-sitter) markdown - (nix +lsp +tree-sitter) + (nix +lsp) (org +hugo +journal +noter @@ -109,7 +109,7 @@ ;; (scheme +racket) (sh +lsp +tree-sitter) (web +lsp +tree-sitter) - (yaml +tree-sitter) + yaml (zig +lsp +tree-sitter) :email diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index d7afdae..6e42d76 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -32,7 +32,7 @@ in { }; }; - profiles.default = (import ./profile.nix) config.nixfiles.modules lib; + profiles.default = (import ./profile.nix) config lib; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ @@ -41,6 +41,7 @@ in { ipfs-companion noscript privacy-redirect + refined-github stylus ublock-origin violentmonkey diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix index 3382b85..6735db3 100644 --- a/modules/nixfiles/firefox/profile.nix +++ b/modules/nixfiles/firefox/profile.nix @@ -1,8 +1,8 @@ -modules: lib: +config: lib: with lib; let mkCssWithRoot = css: mkMerge [ - (with modules.profiles.common.colourScheme; '' + (with config.colourScheme; '' :root { --black: ${black}; --red: ${red}; @@ -23,7 +23,7 @@ with lib; let --background: ${background}; --foreground: ${foreground}; '') - (with modules.fonts.fontScheme; '' + (with config.fontScheme; '' --sans-serif-font-family: "${sansSerifFont.family}", "${sansSerifFontFallback.family}", sans-serif; --sans-serif-font-size: ${toString sansSerifFont.size}; --serif-font-family: "${serifFont.family}", "${serifFontFallback.family}", serif; @@ -39,10 +39,13 @@ in { isDefault = true; + # A way to change the look of the Firefox itself. userChrome = mkCssWithRoot ./userChrome.css; + # A way to remove annoyances and visual bloat of many webpages. userContent = mkCssWithRoot ./userContent.css; + # Mostly appropriated from https://github.com/arkenfox/user.js settings = { # Updates # @@ -395,6 +398,7 @@ in { # "toolkit.legacyUserProfileCustomizations.stylesheets" = true; # + "browser.startup.page" = 1; "browser.startup.homepage" = "about:blank"; # TODO Custom? "browser.startup.homepage_welcome_url" = ""; "browser.startup.homepage_welcome_url.additional" = ""; @@ -406,11 +410,6 @@ in { "browser.newtabpage.enabled" = false; "browser.newtabpage.enhanced" = false; "browser.newtabpage.activity-stream.default.sites" = ""; - "browser.newtabpage.activity-stream.asrouter.disable-captive-portal-vpn-promo" = - true; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = - false; "browser.newtabpage.activity-stream.discoverystream.enabled" = false; "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false; "browser.newtabpage.activity-stream.feeds.places" = false; @@ -422,6 +421,8 @@ in { "browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; "browser.newtabpage.activity-stream.telemetry" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; + "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; # "layout.css.color-mix.enabled" = true; # @@ -473,7 +474,7 @@ in { # Toolbar # "browser.uiCustomization.state" = '' - {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":6} + {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button","_a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad_-browser-action"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":7} ''; }; } diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css index b93d5dd..97365f9 100644 --- a/modules/nixfiles/firefox/userContent.css +++ b/modules/nixfiles/firefox/userContent.css @@ -26,6 +26,14 @@ @-moz-document url-prefix(https://github.com/), url-prefix(https://gist.github.com/) { + .footer { + display: none !important; + } + + .application-main { + padding-bottom: 20px !important; + } + .blob-num, .blob-code-inner { font-family: var(--monospace-font-family) !important; @@ -250,3 +258,14 @@ --offset: default !important; } } + +@-moz-document regexp("https:\/\/\.*\.wikipedia\.org/.*") { + #footer, + #mp-topbanner, + #mw-head, + #mw-page-base, + #siteNotice, + .wbc-editpage { + display: none !important; + } +} diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix index 440aff8..1cfd9a7 100644 --- a/modules/nixfiles/gotify.nix +++ b/modules/nixfiles/gotify.nix @@ -23,11 +23,15 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.gotify.port}"; - proxyWebsockets = true; - }; + upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://gotify"; + proxyWebsockets = true; + extraConfig = '' + if ($internal != 1) { + return 403; + } + ''; }; }; postgresql.enable = true; diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix index 66cde70..fcc85f8 100644 --- a/modules/nixfiles/grafana.nix +++ b/modules/nixfiles/grafana.nix @@ -40,9 +40,15 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyPass = "http://grafana"; proxyWebsockets = true; + extraConfig = '' + if ($internal != 1) { + return 403; + } + ''; }; }; postgresql.enable = true; diff --git a/modules/nixfiles/hydra.nix b/modules/nixfiles/hydra.nix index 0814b3a..2168ed5 100644 --- a/modules/nixfiles/hydra.nix +++ b/modules/nixfiles/hydra.nix @@ -26,7 +26,8 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}"; + upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; }; postgresql.enable = true; }; diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix index 455f8e8..8bdbc12 100644 --- a/modules/nixfiles/ipfs.nix +++ b/modules/nixfiles/ipfs.nix @@ -134,8 +134,13 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; + upstreams = { + ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {}; + ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {}; + ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {}; + }; virtualHosts = { - ${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.gatewayPort}"; + ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway"; "swarm.${cfg.domain}" = { serverName = cfg.domain; listen = [ @@ -148,12 +153,12 @@ in { port = swarmDefaultPort; } ]; - locations."/".proxyPass = "http://127.0.0.1:${toString cfg.swarmPort}"; + locations."/".proxyPass = "http://ipfs_swarm"; }; "api.${cfg.domain}" = { # TODO Redirect "/" to "/webui" but keep other endpoints. locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.apiPort}"; + proxyPass = "http://ipfs_api"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/lidarr.nix b/modules/nixfiles/lidarr.nix index 15e91ae..f73f917 100644 --- a/modules/nixfiles/lidarr.nix +++ b/modules/nixfiles/lidarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8686"; + upstreams.lidarr.servers."127.0.0.1:8686" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr"; }; services.lidarr.enable = true; diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix index 7f85852..77b6ca0 100644 --- a/modules/nixfiles/loki.nix +++ b/modules/nixfiles/loki.nix @@ -26,8 +26,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://loki"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixfiles/matrix/dendrite.nix index eb3c437..4792f0e 100644 --- a/modules/nixfiles/matrix/dendrite.nix +++ b/modules/nixfiles/matrix/dendrite.nix @@ -27,8 +27,9 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; virtualHosts.${cfg.domain}.locations = { - "/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}"; + "/_matrix".proxyPass = "http://dendrite"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixfiles/matrix/synapse.nix index 877d7e9..5f16b7d 100644 --- a/modules/nixfiles/matrix/synapse.nix +++ b/modules/nixfiles/matrix/synapse.nix @@ -25,8 +25,9 @@ in { nixfiles.modules = { nginx = { enable = true; + upstreams.synapse.servers."${bind_address}:${toString port}" = {}; virtualHosts.${cfg.domain}.locations = { - "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://${bind_address}:${toString port}"; + "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse"; "= /.well-known/matrix/server" = { extraConfig = '' add_header Content-Type application/json; diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix index d08fdab..38fc613 100644 --- a/modules/nixfiles/nginx.nix +++ b/modules/nixfiles/nginx.nix @@ -11,10 +11,14 @@ in { options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; + upstreams = mkOption { + description = "Defines a group of servers to use as proxy target."; + type = with types; anything; + default = null; + }; + virtualHosts = mkOption { description = "Attrset of virtual hosts."; - # Not sure how to "inherit" the type from the original Nixpkgs option. - # Just make sure it's compatible with service.nginx.virtualHosts, ok? type = with types; anything; default = null; }; @@ -30,6 +34,8 @@ in { statusPage = true; + serverTokens = false; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; @@ -50,6 +56,8 @@ in { '')) ]; + inherit (cfg) upstreams; + virtualHosts = { default = { diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix index 35fd668..5426414 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixfiles/nsd.nix @@ -100,7 +100,6 @@ in { # ns2 = varda; alertmanager = manwe; - bitwarden = manwe; flood = yavanna; gotify = manwe; grafana = manwe; @@ -108,6 +107,7 @@ in { prometheus = manwe; radicale = manwe; rss-bridge = manwe; + vaultwarden = manwe; }; }; }) diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix index 696cfe4..e816b74 100644 --- a/modules/nixfiles/prometheus.nix +++ b/modules/nixfiles/prometheus.nix @@ -25,8 +25,9 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = with cfg; { enable = true; + upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain}.locations."/" = { - proxyPass = with cfg; "http://127.0.0.1:${toString port}"; + proxyPass = "http://prometheus"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/radarr.nix b/modules/nixfiles/radarr.nix index 1ed0747..0abfdf2 100644 --- a/modules/nixfiles/radarr.nix +++ b/modules/nixfiles/radarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:7878"; + upstreams.radarr.servers."127.0.0.1:7878" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr"; }; services.radarr.enable = true; diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix index 45702b6..679a8be 100644 --- a/modules/nixfiles/radicale.nix +++ b/modules/nixfiles/radicale.nix @@ -29,8 +29,9 @@ in { nixfiles.modules.nginx = { enable = true; + upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://radicale"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix index c35b749..42bb7d0 100644 --- a/modules/nixfiles/rss-bridge.nix +++ b/modules/nixfiles/rss-bridge.nix @@ -17,14 +17,7 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.domain}.extraConfig = '' - if ($internal != 1) { - return 403; - } - ''; - }; + nixfiles.modules.nginx.enable = true; services = { rss-bridge = { diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix index 3560be2..320da03 100644 --- a/modules/nixfiles/rtorrent.nix +++ b/modules/nixfiles/rtorrent.nix @@ -190,6 +190,7 @@ in { mkIf cfg.flood.enable { nixfiles.modules.nginx = { enable = true; + upstreams.flood.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.flood.domain} = { root = "${pkg}/lib/node_modules/flood/dist/assets"; locations = { @@ -202,7 +203,7 @@ in { ''; }; "/api" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://flood"; extraConfig = '' proxy_buffering off; proxy_cache off; diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix index c01c517..fd11904 100644 --- a/modules/nixfiles/searx.nix +++ b/modules/nixfiles/searx.nix @@ -32,8 +32,9 @@ in { nixfiles.modules.nginx = { enable = true; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; + proxyPass = "http://searx"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/sonarr.nix b/modules/nixfiles/sonarr.nix index 1b22d63..8c79175 100644 --- a/modules/nixfiles/sonarr.nix +++ b/modules/nixfiles/sonarr.nix @@ -19,7 +19,8 @@ in { config = mkIf cfg.enable { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8989"; + upstreams.sonarr.servers."127.0.0.1:8989" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr"; }; services.sonarr.enable = true; diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix index 8f68675..6e6e629 100644 --- a/modules/nixfiles/syncthing.nix +++ b/modules/nixfiles/syncthing.nix @@ -144,8 +144,9 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://${config.services.syncthing.guiAddress}"; + proxyPass = "http://syncthing"; extraConfig = '' if ($internal != 1) { return 403; diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixfiles/vaultwarden.nix index f40e4f5..dc8bb84 100644 --- a/modules/nixfiles/vaultwarden.nix +++ b/modules/nixfiles/vaultwarden.nix @@ -13,7 +13,7 @@ in { domain = mkOption { description = "Domain name sans protocol scheme."; type = with types; str; - default = "bitwarden.${config.networking.domain}"; + default = "vaultwarden.${config.networking.domain}"; }; }; @@ -27,17 +27,21 @@ in { nixfiles.modules = { nginx = { enable = true; - virtualHosts.${cfg.domain} = with config.services.vaultwarden.config; { + upstreams = with config.services.vaultwarden.config; { + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + }; + virtualHosts.${cfg.domain} = { locations."/" = { - proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}"; + proxyPass = "http://vaultwarden_rocket"; proxyWebsockets = true; }; locations."/notifications/hub" = { - proxyPass = "http://[${WEBSOCKET_ADDRESS}]:${toString WEBSOCKET_PORT}"; + proxyPass = "http://vaultwarden_websocket"; proxyWebsockets = true; }; locations."/notifications/hub/negotiate" = { - proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}"; + proxyPass = "http://vaultwarden_rocket"; proxyWebsockets = true; }; }; @@ -60,11 +64,11 @@ in { SIGNUPS_ALLOWED = false; INVITATIONS_ALLOWED = true; - ROCKET_ADDRESS = "::1"; + ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8812; WEBSOCKET_ENABLED = true; - WEBSOCKET_ADDRESS = "::1"; + WEBSOCKET_ADDRESS = "127.0.0.1"; WEBSOCKET_PORT = 8813; LOG_LEVEL = "error"; diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix index fa7ad34..c4fca1e 100644 --- a/modules/nixfiles/wireguard.nix +++ b/modules/nixfiles/wireguard.nix @@ -193,13 +193,12 @@ in { firewall.allowedUDPPorts = [cfg.server.port]; }; - # # TODO Dashboard for this. - # services.prometheus.exporters.wireguard = { - # enable = true; - # listenAddress = mkDefault this.wireguard.ipv4.address; - # withRemoteIp = true; - # port = 9586; - # }; + services.prometheus.exporters.wireguard = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + withRemoteIp = true; + port = 9586; + }; }) ]; } |