fix mkNginxVHosts usage; fix librespeed proxy; fix vaultwarden proxy

2025-10-17 08:37:09 -03:00 · 2025-10-17 08:37:09 -03:00 · c8f1b3a5e0
commit c8f1b3a5e0
parent ee1ed3b88e
5 changed files with 39 additions and 11 deletions
--- a/hosts/alexandria/librespeed.nix
+++ b/hosts/alexandria/librespeed.nix
@ -1,14 +1,37 @@
-{ lib, inputs, ... }:
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+
 let
  utils = import ../../utils.nix { inherit inputs lib; };
  inherit (utils) mkNginxVHosts;
 in
+
 {
+  systemd.services.init-librespeed-network = {
+    description = "Create the network bridge for librespeed.";
+    after = [ "network.target" ];
+    wantedBy = [ "podman-librespeed.service" ];
+    serviceConfig.Type = "oneshot";
+    script = ''
+      check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true)
+      if [ -z "$check" ]; then
+        ${config.virtualisation.podman.package}/bin/podman network create librespeed
+      else
+        echo "librespeed network already exists"
+      fi
+    '';
+  };
+
  virtualisation.oci-containers.containers."librespeed" = {
    image = "lscr.io/linuxserver/librespeed:latest";
    environment = {
      TZ = "America/Bahia";
    };
+    networks = [ "librespeed" ];
    extraOptions = [
      "--pull=newer"
      "--label=io.containers.autoupdate=registry"
--- a/hosts/alexandria/nextcloud.nix
+++ b/hosts/alexandria/nextcloud.nix
@ -80,12 +80,12 @@
    "nextcloud-secrets.json" = {
      file = ../../secrets/nextcloud-secrets.json.age;
      owner = "nextcloud";
-      group = "hosted";
+      group = "nextcloud";
    };
    nextcloud-adminpass = {
      file = ../../secrets/nextcloud-adminpass.age;
      owner = "nextcloud";
-      group = "hosted";
+      group = "nextcloud";
    };
  };
 }
--- a/hosts/alexandria/nginx.nix
+++ b/hosts/alexandria/nginx.nix
@ -4,10 +4,12 @@
  inputs,
  ...
 }:
+
 let
  utils = import ../../utils.nix { inherit inputs lib; };
  inherit (utils) mkNginxVHosts;
 in
+
 {
  security.acme = {
    acceptTerms = true;
@ -22,12 +24,6 @@ in
    };
  };

-  age.secrets.cloudflare = {
-    file = ../../secrets/cloudflare.age;
-    owner = "nginx";
-    group = "nginx";
-  };
-
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@ -41,4 +37,10 @@ in
  };

  users.users.nginx.extraGroups = [ "acme" ];
+
+  age.secrets.cloudflare = {
+    file = ../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "nginx";
+  };
 }
--- a/hosts/alexandria/vaultwarden.nix
+++ b/hosts/alexandria/vaultwarden.nix
@ -14,13 +14,14 @@ in
    config = {
      DOMAIN = "https://pass.baduhai.dev";
      SIGNUPS_ALLOWED = false;
-      ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock";
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 58222;
    };
  };

  services.nginx.virtualHosts = mkNginxVHosts {
    acmeHost = "baduhai.dev";
    domains."pass.baduhai.dev".locations."/".proxyPass =
-      "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/";
+      "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
  };
 }
--- a/utils.nix
+++ b/utils.nix
@ -1,4 +1,5 @@
 { inputs, lib }:
+
 let
  inherit (inputs)
    self
@ -8,6 +9,7 @@ let
    agenix
    ;
 in
+
 {
  # Tag-based host configuration system
  mkHost =