Liberate nkagami.me domains from Cloudflare origin cert requirement

modules/cloud/bitwarden/default.nix

@@ -35,11 +35,13 @@ in
     # traefik
     cloud.traefik.hosts.bitwarden = {
       inherit port host;
+      noCloudflare = true;
     };
     cloud.traefik.hosts.bitwarden-notifications = {
       inherit host;
       port = notificationsPort;
       path = "/notifications/hub";
+      noCloudflare = true;
     };
     # systemd unit
     systemd.services.bitwarden-server = {
@@ -73,6 +75,7 @@ in
         AmbientCapabilities = "CAP_NET_BIND_SERVICE";
         StateDirectory = "bitwarden-server";
       };
+      requires = [ "postgresql.service" ];
       wantedBy = [ "multi-user.target" ];
     };
   };

modules/cloud/conduit/default.nix

@@ -45,6 +45,10 @@ with lib;
           port = mkOption {
             type = types.int;
           };
+          noCloudflare = mkOption {
+            type = types.bool;
+            default = false;
+          };
           allow_registration = mkOption {
             type = types.bool;
             default = false;
@@ -145,7 +149,7 @@ with lib;
   config.cloud.traefik.hosts = mkIf cfg.enable (
     (lib.attrsets.mapAttrs'
       (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
-        inherit (instance) host port;
+        inherit (instance) host port noCloudflare;
       }))
       cfg.instances)
     // (lib.attrsets.mapAttrs'

modules/cloud/mail/default.nix

@@ -268,6 +268,7 @@ in
       cloud.traefik.hosts.maddy-mta-sts = {
         port = mtaStsPort;
         host = "mta-sts.nkagami.me";
+        noCloudflare = true;
       };
 
       # maddy itself

modules/cloud/writefreely/default.nix

@@ -13,7 +13,6 @@ in
     };
     host = mkOption {
       type = types.str;
-      default = "write.nkagami.me";
       description = "The hostname for the instance";
     };
     site.title = mkOption {

nki-personal-do/configuration.nix

@@ -96,7 +96,7 @@
     settings.HOST = "127.0.0.1";
     settings.PORT = "16904";
   };
-  cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; };
+  cloud.traefik.hosts.uptime-kuma = { host = "status.nkagami.me"; port = 16904; noCloudflare = true; };
   cloud.traefik.hosts.uptime-kuma-dtth = { host = "status.dtth.ch"; port = 16904; };
   cloud.traefik.hosts.uptime-kuma-codefun = { host = "status.codefun.vn"; port = 16904; };
 
@@ -115,6 +115,7 @@
       host = "m.nkagami.me";
       port = 6167;
       well-known_port = 6168;
+      noCloudflare = true;
     };
   };
   cloud.conduit.heisenbridge = {
@@ -138,6 +139,7 @@
     host = "navidrome.nkagami.me";
     port = 4533;
     localHost = "11.0.0.2";
+    noCloudflare = true;
   };
 
   # Mail
@@ -251,7 +253,7 @@
   system.stateVersion = "21.11";
 
   # ntfy
-  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; };
+  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; noCloudflare = true; };
   services.ntfy-sh = {
     enable = true;
     settings = {