Liberate nkagami.me domains from Cloudflare origin cert requirement

2023-09-03 20:51:52 +02:00 · 2023-09-03 20:51:52 +02:00 · 6eb0b818f1
parent 2aa0ee2023
commit 6eb0b818f1
5 changed files with 13 additions and 4 deletions
--- a/modules/cloud/bitwarden/default.nix
+++ b/modules/cloud/bitwarden/default.nix
@ -35,11 +35,13 @@ in
    # traefik
    cloud.traefik.hosts.bitwarden = {
      inherit port host;
+      noCloudflare = true;
    };
    cloud.traefik.hosts.bitwarden-notifications = {
      inherit host;
      port = notificationsPort;
      path = "/notifications/hub";
+      noCloudflare = true;
    };
    # systemd unit
    systemd.services.bitwarden-server = {
@ -73,6 +75,7 @@ in
        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
        StateDirectory = "bitwarden-server";
      };
+      requires = [ "postgresql.service" ];
      wantedBy = [ "multi-user.target" ];
    };
  };
--- a/modules/cloud/conduit/default.nix
+++ b/modules/cloud/conduit/default.nix
@ -45,6 +45,10 @@ with lib;
          port = mkOption {
            type = types.int;
          };
+          noCloudflare = mkOption {
+            type = types.bool;
+            default = false;
+          };
          allow_registration = mkOption {
            type = types.bool;
            default = false;
@ -145,7 +149,7 @@ with lib;
  config.cloud.traefik.hosts = mkIf cfg.enable (
    (lib.attrsets.mapAttrs'
      (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
-        inherit (instance) host port;
+        inherit (instance) host port noCloudflare;
      }))
      cfg.instances)
    // (lib.attrsets.mapAttrs'
--- a/modules/cloud/mail/default.nix
+++ b/modules/cloud/mail/default.nix
@ -268,6 +268,7 @@ in
      cloud.traefik.hosts.maddy-mta-sts = {
        port = mtaStsPort;
        host = "mta-sts.nkagami.me";
+        noCloudflare = true;
      };

      # maddy itself
--- a/modules/cloud/writefreely/default.nix
+++ b/modules/cloud/writefreely/default.nix
@ -13,7 +13,6 @@ in
    };
    host = mkOption {
      type = types.str;
-      default = "write.nkagami.me";
      description = "The hostname for the instance";
    };
    site.title = mkOption {
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@ -96,7 +96,7 @@
    settings.HOST = "127.0.0.1";
    settings.PORT = "16904";
  };
-  cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; };
+  cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; noCloudflare = true; };
  cloud.traefik.hosts.uptime-kuma-dtth = { host = "status.dtth.ch"; port = 16904; };
  cloud.traefik.hosts.uptime-kuma-codefun = { host = "status.codefun.vn"; port = 16904; };

@ -115,6 +115,7 @@
      host = "m.nkagami.me";
      port = 6167;
      well-known_port = 6168;
+      noCloudflare = true;
    };
  };
  cloud.conduit.heisenbridge = {
@ -138,6 +139,7 @@
    host = "navidrome.nkagami.me";
    port = 4533;
    localHost = "11.0.0.2";
+    noCloudflare = true;
  };

  # Mail
@ -251,7 +253,7 @@
  system.stateVersion = "21.11";

  # ntfy
-  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; };
+  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
  services.ntfy-sh = {
    enable = true;
    settings = {