From e2914cd0f04ebf7d951a5bdf083177c2281fb412 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sun, 7 Jul 2024 00:10:11 -0600 Subject: [PATCH] migrated back to cloudflare... --- hosts/miniserver/configuration.nix | 2 +- modules/scripts/update-dns.nix | 3 +- modules/servers.nix | 5 --- modules/servers/flame.nix | 2 +- modules/servers/nextcloud.nix | 64 +++++++++++++++--------------- modules/servers/qbittorrent.nix | 2 +- secrets/env.yaml | 6 +-- 7 files changed, 39 insertions(+), 45 deletions(-) diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix index e2f13e9..008a3f3 100644 --- a/hosts/miniserver/configuration.nix +++ b/hosts/miniserver/configuration.nix @@ -40,7 +40,7 @@ adguardhome.enable = false; audiobookshelf.enable = true; bazarr.enable = false; - collabora.enable = false; + collabora.enable = true; flame.enable = true; flameSecret.enable = true; go-vod.enable = false; diff --git a/modules/scripts/update-dns.nix b/modules/scripts/update-dns.nix index e8dc9cd..c5786ff 100644 --- a/modules/scripts/update-dns.nix +++ b/modules/scripts/update-dns.nix @@ -1,4 +1,3 @@ - { config, pkgs, lib, ... }: { imports = [ ./base.nix ]; config = { @@ -16,7 +15,7 @@ ipv4 = true; ipv6 = false; proxied = false; - domains = [ config.my.domainSecret ]; + domains = [ config.my.domain ]; apiTokenFile = config.sops.secrets.cloudflare-api.path; }; my.scripts.update-dns = { diff --git a/modules/servers.nix b/modules/servers.nix index d332a42..0084370 100644 --- a/modules/servers.nix +++ b/modules/servers.nix @@ -73,11 +73,6 @@ in { default = "servidos.lat"; description = "The domain name."; }; - domainSecret = lib.mkOption { - type = lib.types.str; - default = "wedsgk5ac2qcaf9yb.click"; - description = "The domain name."; - }; miniserver-ip = lib.mkOption { type = lib.types.str; default = "192.168.1.100"; diff --git a/modules/servers/flame.nix b/modules/servers/flame.nix index 854b175..7ee0540 100644 --- a/modules/servers/flame.nix +++ b/modules/servers/flame.nix @@ -41,7 +41,7 @@ in { services.nginx = { enable = true; virtualHosts."start.${config.my.domain}" = proxyReverse port // { }; - virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domainSecret}" = + virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" = proxyReverse portSecret // { }; }; }; diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index 3a31bc6..5f2c67c 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -3,7 +3,6 @@ let inherit (config.my) localhost; collaboraPort = 9980; url = "cloud.${config.my.domain}"; - urlSecret = "collabora.${config.my.domainSecret}"; collaboraProxy = "http://${localhost}:${toString collaboraPort}"; commonProxyConfig = '' proxy_set_header Host $host; @@ -146,38 +145,39 @@ in { { }; }; }; - ${urlSecret} = lib.mkIf config.my.servers.collabora.enable { - forceSSL = true; - enableACME = true; - http2 = true; - locations = { - # static files - "^~ /loleaflet" = { - proxyPass = collaboraProxy; - extraConfig = commonProxyConfig; - }; - # WOPI discovery URL - "^~ /hosting/discovery" = { - proxyPass = collaboraProxy; - extraConfig = commonProxyConfig; - }; - # Capabilities - "^~ /hosting/capabilities" = { - proxyPass = collaboraProxy; - extraConfig = commonProxyConfig; - }; - # download, presentation, image upload and websocket - "~ ^/lool" = { - proxyPass = collaboraProxy; - extraConfig = commonWebsocketConfig; - }; - # Admin Console websocket - "^~ /lool/adminws" = { - proxyPass = collaboraProxy; - extraConfig = commonWebsocketConfig; + "collabora.${config.my.domain}" = + lib.mkIf config.my.servers.collabora.enable { + forceSSL = true; + enableACME = true; + http2 = true; + locations = { + # static files + "^~ /loleaflet" = { + proxyPass = collaboraProxy; + extraConfig = commonProxyConfig; + }; + # WOPI discovery URL + "^~ /hosting/discovery" = { + proxyPass = collaboraProxy; + extraConfig = commonProxyConfig; + }; + # Capabilities + "^~ /hosting/capabilities" = { + proxyPass = collaboraProxy; + extraConfig = commonProxyConfig; + }; + # download, presentation, image upload and websocket + "~ ^/lool" = { + proxyPass = collaboraProxy; + extraConfig = commonWebsocketConfig; + }; + # Admin Console websocket + "^~ /lool/adminws" = { + proxyPass = collaboraProxy; + extraConfig = commonWebsocketConfig; + }; }; }; - }; }; }; }; @@ -216,7 +216,7 @@ in { --o:ssl.termination=true ''; }; - extraOptions = [ "--cap-add" "MKNOD" ]; + extraOptions = [ "--cap-add=MKNOD" ]; }; }; systemd = lib.mkIf config.my.servers.nextcloud.enableCron { diff --git a/modules/servers/qbittorrent.nix b/modules/servers/qbittorrent.nix index 08ce9bd..5f009d0 100644 --- a/modules/servers/qbittorrent.nix +++ b/modules/servers/qbittorrent.nix @@ -52,7 +52,7 @@ in { }; services.nginx = { enable = true; - virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domainSecret}" = + virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" = proxyReverse port // { }; }; networking.firewall = { diff --git a/secrets/env.yaml b/secrets/env.yaml index a16b986..d9a9be4 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -6,7 +6,7 @@ maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8b multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str] vaultwarden: ENC[AES256_GCM,data:BH+G8FmYylTbOhzZy6T+sW0q2myJC2zpd/SrtG5WC7N5fmV++X4h+6/tU5dFv4owIOLm/13oGrkT/KOWkF2wwQ7qeQQ8bsyloEigNBMW6d7/ihXZtdtYid1HQrvc6U+Sjl8CPjInHz5j9fy5ouMrmDCGVIYdNrDzFW8AYn7KFLIa3c7oCWMTBCOeGS5rD55GSwy5y4AvBx7Hj9xnZmGG2cnzt5CR9hr/fnZhBTcPxquUZw==,iv:CxDdtWC7zKJZ/Ikq5fV33AT6MYx+pbAGI0Cy6I1fcyo=,tag:q8w4maD3vXTdxCLZ7qbCjg==,type:str] dns: ENC[AES256_GCM,data:eQACe2GRS0ZHyszFkZDG1CeJJZDe/0eXNnurujdv5VR5QQJjYRAQuJVzC3XgelXoWeIQdtW4IfpXTv7xaGuhEzPgsPm4hAdEKosNs6h0ZGg8FG73NSdMWw==,iv:n3i4Ll24+a82aKiRIJgMWLko1B2Lk7bLnpmUevBoHGA=,tag:bnZzVfRUSpZFvF2T6pMtsQ==,type:str] -cloudflare-api: ENC[AES256_GCM,data:UJwdEI8a9kmXogCxyUzPK3fm0Vhbi+4AwLEoSE43Y91KXLBJnb+aZUOMEbGRw6wyr3I74MU5YGXm5OwxxhM=,iv:HzxWF0IAmgboIt3bp0Pk6cpZAJFvcWbQbRIcfBGspZI=,tag:Se+ZvuahWwC54xVTSYOhKg==,type:str] +cloudflare-api: ENC[AES256_GCM,data:iNUMlY8rz5yHVitpK4HGaFSK7j+c8Pm7rOQMOQGmSJ3a8ASyrtouPgLbcnoPY/jalsJYAj991dSiui+Vwqs=,iv:qWONG/KLd9/F4tqrWF5T25Zxst3bk+kOYaOFBFSBAAY=,tag:gRFxar8KS8gnX8oaCD156Q==,type:str] homepage: ENC[AES256_GCM,data:065NyZDDVPM8z50si7t9a+Yk6hgUGqcizGX/SRzWVdEA2bLk+lcBO+1OhnM2HXlpHTABG7yaiKGnGXZ5rB29PFdCgXkkw0P131Dfn8LATbtpBJSLdG+h3w28+UFcgrpcgJusWJsn83GKI+XmiNqPkajmLSvdKycN3CSom3pUQC1dErAl8h0UqWOMVP+/RJjffPHLY9NzuLniBZwWAonrcngceB3SRr0Bqpfv/HJGcfUUu4CoCmdSlL3qBOc0XV+WSTQWiBVAqefQKwQs6STUMP1C4RRX3TdkCMi+y1dgAK+xJbTY3EuiouhW87m8nRKraKBY7LKssilt1M18syO4bE72T230H7ETodYMQ6+z+4Q59eM5ZA==,iv:swoOBjVAMVN2+788eCSqoNSFjER30QjJhcPYXr2DS34=,tag:nVaKsKoE+umBPmxj1ojFpw==,type:str] sops: kms: [] @@ -50,8 +50,8 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-06T17:21:51Z" - mac: ENC[AES256_GCM,data:oD+Zl5hdTgg7m4o+s/StFralyExQNPndGAFDNgMH7+vdXD9HFLJC/OuUqGynHmynbaND9X78jo00JwvjTMVLP/0abzrZfQtWbxl5dqcGN7wqRJgRpy03rnByx5boUgecHgQP99+o6rSOwHlMUhSjkNV8TMiTjjE/0HiRLFO9uTc=,iv:5NtmC6sjWpqMIUMCbO6IA95gSMYx+3bZ6bkl2HMpqEY=,tag:E+3CLSWEMrk/PbAt3qv+Hw==,type:str] + lastmodified: "2024-07-07T06:09:39Z" + mac: ENC[AES256_GCM,data:jbPiHhafnCt6NrEowzW1CmYSRst2d2OM/g9QA8aNLZmGBXUu11Wi9mYyAds4FFtdyoECeQ5fRK5PFtjRE6uFWxmSzanG1Py45hBU0qXsEJ3jh3BVa+atPcZg18v86Cz59FlzZ+3eZJ21u93oIT42x6JB2X9TXtAWj+hZbu4Qc1Q=,iv:8HQ4QPow0vTtxik/5AIqdKTfGGGvCFhjGzbCxQVcqkQ=,tag:w3KxdSl0YGbV2ZQYNv576Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1