From e1d6fe22c016168ca76d94057306c28ac54d13a4 Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Sun, 17 Mar 2024 10:41:45 +0100 Subject: [PATCH] fix picard compile --- hosts/picard/default.nix | 3 + nixos-modules/services/authelia.nix | 4 - nixos-modules/services/bitwarden.nix | 13 +-- nixos-modules/services/hedgedoc.nix | 4 - nixos-modules/services/synapse.nix | 141 --------------------------- 5 files changed, 6 insertions(+), 159 deletions(-) delete mode 100644 nixos-modules/services/synapse.nix diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 38e54467..57f6385d 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -13,15 +13,18 @@ ./plausible.nix ../../nixos-modules/system/persist.nix + ../../nixos-modules/system/agenix.nix ../../nixos-modules/system/fs.nix ../../nixos-modules/system/security.nix ../../nixos-modules/services/ssh.nix ../../nixos-modules/services/msmtp.nix + ../../nixos-modules/services/caddy ../../nixos-modules/services/bitwarden.nix ../../nixos-modules/networking/tailscale.nix ../../nixos-modules/services/authelia.nix ../../nixos-modules/services/hedgedoc.nix ../../nixos-modules/services/ts3.nix + ../../nixos-modules/user ]; documentation.enable = false; diff --git a/nixos-modules/services/authelia.nix b/nixos-modules/services/authelia.nix index 6aa2ef73..ce2f130e 100644 --- a/nixos-modules/services/authelia.nix +++ b/nixos-modules/services/authelia.nix @@ -57,10 +57,6 @@ in }; }; - services.nginx.virtualHosts."${cfg.domain}" = { - locations."/".proxyWebsockets = true; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.authelia.instances.${instanceName}.settings.server.port}"; - } // (lib.my.findOutTlsConfig cfg.domain config); services.postgresql = { enable = true; diff --git a/nixos-modules/services/bitwarden.nix b/nixos-modules/services/bitwarden.nix index 515cd59b..65c1774e 100644 --- a/nixos-modules/services/bitwarden.nix +++ b/nixos-modules/services/bitwarden.nix @@ -1,14 +1,13 @@ { config, lib, pkgs, ... }: let cfg = config.ragon.services.bitwarden; - domain = config.ragon.services.nginx.domain; in { options.ragon.services.bitwarden.enable = lib.mkEnableOption "Enables the vaultwarden BitWarden Server"; - options.ragon.services.bitwarden.domainPrefix = + options.ragon.services.bitwarden.domain = lib.mkOption { type = lib.types.str; - default = "bw"; + default = "bw.ragon.xyz"; }; config = lib.mkIf cfg.enable { services.vaultwarden = { @@ -16,7 +15,7 @@ in package = pkgs.unstable.vaultwarden; #backupDir = "/persistent/backups/vaultwarden"; config = { - domain = "https://${cfg.domainPrefix}.${domain}"; + domain = "https://${cfg.domain}"; signupsAllowed = true; rocketPort = 8222; rocketAddress = "127.0.0.1"; @@ -26,12 +25,6 @@ in dbBackend = "postgresql"; }; - services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."/".proxyPass = "http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}"; - locations."/".proxyWebsockets = true; - }; services.postgresql = { enable = true; diff --git a/nixos-modules/services/hedgedoc.nix b/nixos-modules/services/hedgedoc.nix index e58d8ab3..374886f6 100644 --- a/nixos-modules/services/hedgedoc.nix +++ b/nixos-modules/services/hedgedoc.nix @@ -46,10 +46,6 @@ in }; ragon.agenix.secrets.hedgedocSecret.owner = "hedgedoc"; - services.nginx.virtualHosts."${cfg.domain}" = { - locations."/".proxyWebsockets = true; - locations."/".proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}"; - } // (lib.my.findOutTlsConfig cfg.domain config); services.postgresql = { enable = true; diff --git a/nixos-modules/services/synapse.nix b/nixos-modules/services/synapse.nix deleted file mode 100644 index 48074618..00000000 --- a/nixos-modules/services/synapse.nix +++ /dev/null @@ -1,141 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -with lib.my; -let - cfg = config.ragon.services.synapse; - fqdn = cfg.fqdn; - serverName = cfg.serverName; - domain = config.ragon.services.nginx.domain; -in -{ - options.ragon.services.synapse.enable = mkEnableOption "Enables synapse"; - options.ragon.services.synapse.fqdn = - lib.mkOption { - type = lib.types.str; - default = "m.ragon.xyz"; - }; - options.ragon.services.synapse.enableElement = mkBoolOpt true; # TODO fix - options.ragon.services.synapse.elementFqdn = - lib.mkOption { - type = lib.types.str; - default = "e.ragon.xyz"; - }; - options.ragon.services.synapse.serverName = - lib.mkOption { - type = lib.types.str; - default = "ragon.xyz"; - }; - config = lib.mkIf cfg.enable { - services.matrix-synapse = { - enable = true; - extraConfigFiles = [ config.age.secrets.matrixSecrets.path ]; - settings.server_name = serverName; - settings.listeners = [ - { - port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - - - }; - services.postgresql = { - enable = true; - }; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - services.nginx.virtualHosts = { - #"${cfg.elementFqdn}" = { - # useACMEHost = "${domain}"; - # forceSSL = true; - - # root = pkgs.element-web.override { - # conf = { - # default_server_config."m.homeserver" = { - # "base_url" = "https://${fqdn}"; - # "server_name" = "${domain}"; - # }; - # default_theme = "dark"; - # }; # TODO make this less shit - # }; - #}; - - "${cfg.serverName}" = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in - '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - "im.vector.riot.jitsi" = { "preferredDomain" = "jitsi.${domain}"; }; - }; - # ACAO required to allow element-web on any URL to request this json file - in - '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - }; - # Reverse proxy for Matrix client-server and server-server communication - "${fqdn}" = { - forceSSL = true; - useACMEHost = "${domain}"; - - # Or do a redirect instead of the 404, or whatever is appropriate for you. - # But do not put a Matrix Web client here! See the Element web section below. - locations."/".extraConfig = '' - return 404; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - locations."/synapse" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - }; - "slidingsync.${domain}" = { - forceSSL = true; - useACMEHost = "${domain}"; - locations."/" = { - proxyPass = "http://127.0.0.1:8009"; - }; - }; - - - - }; - - ragon.persist.extraDirectories = [ - "${config.services.postgresql.dataDir}" - "${config.services.matrix-synapse.dataDir}" - ]; - }; -}