mew

2025-10-07 19:41:43 +02:00 · 2025-10-07 19:41:43 +02:00 · 714e1d5cd3
commit 714e1d5cd3
parent a046f47171
3 changed files with 28 additions and 5 deletions
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@ -227,11 +227,28 @@ in
      output file ${config.services.caddy.logDir}/access-*hailsatan.eu_internet.log
    '';
    virtualHosts."*.hailsatan.eu ".extraConfig = ''
-      @vanitygpg host vanitygpg.hailsatan.eu
-      handle @vanitygpg {
-        reverse_proxy h2c://[::1]:29328
-      }
      import blockBots
+      @blog host blog.hailsatan.eu
+      handle @blog {
+        route {
+        # always forward outpost path to actual outpost
+          reverse_proxy /outpost.goauthentik.io/* http://authentik-server:9000 {
+            transport http {
+              resolvers 10.88.0.1 # podman dns
+            }
+          }
+          forward_auth http://authentik-server:9000 {
+            transport http {
+              resolvers 10.88.0.1 # podman dns
+            }
+            uri /outpost.goauthentik.io/auth/caddy
+            copy_headers X-Authentik-Username X-Copyparty-Group X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version X-Grafana-Role
+          }
+          root * /srv/www/xynospace
+          file_server
+          
+        }
+      }
      @jellyfin host j.hailsatan.eu
      handle @jellyfin {
        handle /metrics* {
@ -427,6 +444,7 @@ in
      "/var/lib/rancher"
      "/etc/rancher"
      "/root/.cache"
+      "/srv/www"
      "/var/lib/${config.services.prometheus.stateDir}"
    ];

--- a/hosts/ds9/woodpecker.nix
+++ b/hosts/ds9/woodpecker.nix
@ -21,7 +21,8 @@
        ];
        containerConfig.environments = {
          WOODPECKER_HOST = "https://woodpecker.hailsatan.eu";
-          WOODPECKER_OPEN = "false";
+          WOODPECKER_OPEN = "true";
+          WOODPECKER_ADMIN = "xyno";
        };
        containerConfig.environmentFiles = [
          config.age.secrets.ds9WoodpeckerEnv.path
@ -39,9 +40,11 @@
        ];
        containerConfig.environments = {
          WOODPECKER_SERVER = "woodpecker-server:9000";
+          BACKEND_DOCKER_ENABLE_IPV6 = "true";
        };
        containerConfig.networks = [
          "woodpecker-net"
+          "podman"
        ];
      };
    };
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -167,6 +167,8 @@
        redir /post/nixos-utm-rosetta /posts/nixos-utm-rosetta/ 301
        redir /post/nix-store-nfs /posts/nix-store-nfs/ 301
        redir /post/parcel-quicktemplate /posts/parcel-quicktemplate/ 301
+        redir /posts.rss /atom.xml 301
+        redir /posts.atom /atom.xml 301
        root * /srv/www/xynospace
        file_server
      '';