From 6eb0b818f104ccc7fa6af71df19d49e7923c8134 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Sun, 3 Sep 2023 20:51:52 +0200 Subject: [PATCH] Liberate nkagami.me domains from Cloudflare origin cert requirement --- modules/cloud/bitwarden/default.nix | 3 +++ modules/cloud/conduit/default.nix | 6 +++++- modules/cloud/mail/default.nix | 1 + modules/cloud/writefreely/default.nix | 1 - nki-personal-do/configuration.nix | 6 ++++-- 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/cloud/bitwarden/default.nix b/modules/cloud/bitwarden/default.nix index 93a99f5..84627a3 100644 --- a/modules/cloud/bitwarden/default.nix +++ b/modules/cloud/bitwarden/default.nix @@ -35,11 +35,13 @@ in # traefik cloud.traefik.hosts.bitwarden = { inherit port host; + noCloudflare = true; }; cloud.traefik.hosts.bitwarden-notifications = { inherit host; port = notificationsPort; path = "/notifications/hub"; + noCloudflare = true; }; # systemd unit systemd.services.bitwarden-server = { @@ -73,6 +75,7 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; StateDirectory = "bitwarden-server"; }; + requires = [ "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; }; }; diff --git a/modules/cloud/conduit/default.nix b/modules/cloud/conduit/default.nix index 0addaa5..8c69916 100644 --- a/modules/cloud/conduit/default.nix +++ b/modules/cloud/conduit/default.nix @@ -45,6 +45,10 @@ with lib; port = mkOption { type = types.int; }; + noCloudflare = mkOption { + type = types.bool; + default = false; + }; allow_registration = mkOption { type = types.bool; default = false; @@ -145,7 +149,7 @@ with lib; config.cloud.traefik.hosts = mkIf cfg.enable ( (lib.attrsets.mapAttrs' (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({ - inherit (instance) host port; + inherit (instance) host port noCloudflare; })) cfg.instances) // (lib.attrsets.mapAttrs' diff --git a/modules/cloud/mail/default.nix b/modules/cloud/mail/default.nix index ab488ac..1d7c513 100644 --- a/modules/cloud/mail/default.nix +++ b/modules/cloud/mail/default.nix @@ -268,6 +268,7 @@ in cloud.traefik.hosts.maddy-mta-sts = { port = mtaStsPort; host = "mta-sts.nkagami.me"; + noCloudflare = true; }; # maddy itself diff --git a/modules/cloud/writefreely/default.nix b/modules/cloud/writefreely/default.nix index d6127d5..d4babcc 100644 --- a/modules/cloud/writefreely/default.nix +++ b/modules/cloud/writefreely/default.nix @@ -13,7 +13,6 @@ in }; host = mkOption { type = types.str; - default = "write.nkagami.me"; description = "The hostname for the instance"; }; site.title = mkOption { diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix index 59df9d2..a555858 100644 --- a/nki-personal-do/configuration.nix +++ b/nki-personal-do/configuration.nix @@ -96,7 +96,7 @@ settings.HOST = "127.0.0.1"; settings.PORT = "16904"; }; - cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; }; + cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; noCloudflare = true; }; cloud.traefik.hosts.uptime-kuma-dtth = { host = "status.dtth.ch"; port = 16904; }; cloud.traefik.hosts.uptime-kuma-codefun = { host = "status.codefun.vn"; port = 16904; }; @@ -115,6 +115,7 @@ host = "m.nkagami.me"; port = 6167; well-known_port = 6168; + noCloudflare = true; }; }; cloud.conduit.heisenbridge = { @@ -138,6 +139,7 @@ host = "navidrome.nkagami.me"; port = 4533; localHost = "11.0.0.2"; + noCloudflare = true; }; # Mail @@ -251,7 +253,7 @@ system.stateVersion = "21.11"; # ntfy - cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; }; + cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; }; services.ntfy-sh = { enable = true; settings = {