diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 79353bd..aeb8db3 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,14 +1,37 @@ -{ lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { + systemd.services.init-librespeed-network = { + description = "Create the network bridge for librespeed."; + after = [ "network.target" ]; + wantedBy = [ "podman-librespeed.service" ]; + serviceConfig.Type = "oneshot"; + script = '' + check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true) + if [ -z "$check" ]; then + ${config.virtualisation.podman.package}/bin/podman network create librespeed + else + echo "librespeed network already exists" + fi + ''; + }; + virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; environment = { TZ = "America/Bahia"; }; + networks = [ "librespeed" ]; extraOptions = [ "--pull=newer" "--label=io.containers.autoupdate=registry" diff --git a/hosts/alexandria/nextcloud.nix b/hosts/alexandria/nextcloud.nix index 2b7670d..b097616 100644 --- a/hosts/alexandria/nextcloud.nix +++ b/hosts/alexandria/nextcloud.nix @@ -80,12 +80,12 @@ "nextcloud-secrets.json" = { file = ../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; nextcloud-adminpass = { file = ../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; - group = "hosted"; + group = "nextcloud"; }; }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 192dbda..0a0a261 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -4,10 +4,12 @@ inputs, ... }: + let utils = import ../../utils.nix { inherit inputs lib; }; inherit (utils) mkNginxVHosts; in + { security.acme = { acceptTerms = true; @@ -22,12 +24,6 @@ in }; }; - age.secrets.cloudflare = { - file = ../../secrets/cloudflare.age; - owner = "nginx"; - group = "nginx"; - }; - services.nginx = { enable = true; recommendedGzipSettings = true; @@ -41,4 +37,10 @@ in }; users.users.nginx.extraGroups = [ "acme" ]; + + age.secrets.cloudflare = { + file = ../../secrets/cloudflare.age; + owner = "nginx"; + group = "nginx"; + }; } diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 21f7d46..fd10d6b 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -14,13 +14,14 @@ in config = { DOMAIN = "https://pass.baduhai.dev"; SIGNUPS_ALLOWED = false; - ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 58222; }; }; services.nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; domains."pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; }; } diff --git a/utils.nix b/utils.nix index 7b8e502..1f2c66c 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,5 @@ { inputs, lib }: + let inherit (inputs) self @@ -8,6 +9,7 @@ let agenix ; in + { # Tag-based host configuration system mkHost =