From d8bcbab8251b4182efca9eb1b1a0b72c86dbe8e1 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Sun, 23 Feb 2025 14:35:46 +0300 Subject: [PATCH] fix: fix import graph and errors --- hosts/cube/forgejo/default.nix | 4 +++- hosts/cube/grafana/default.nix | 4 +++- hosts/cube/matrix/default.nix | 8 +++++--- hosts/cube/nextcloud/default.nix | 6 ++++-- hosts/disk/site.nix | 6 +----- modules/nginx.nix | 10 ++++++---- modules/site.nix | 12 +++++++----- 7 files changed, 29 insertions(+), 21 deletions(-) diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix index c8dabdf..5c38645 100644 --- a/hosts/cube/forgejo/default.nix +++ b/hosts/cube/forgejo/default.nix @@ -6,6 +6,8 @@ port = 8001; in { + imports = [(self + /modules/nginx.nix)]; + secrets.forgejoPasswordRunner = { file = ./password.runner.age; owner = "forgejo"; @@ -155,7 +157,7 @@ in { }; }; - services.nginx.virtualHosts.${fqdn} = merge config.nginx.sslTemplate { + services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate { locations."/".proxyPass = "http://[::1]:${toString port}"; }; } diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index f3ff58e..7c354e3 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -6,6 +6,8 @@ port = 8000; in { + imports = [(self + /modules/nginx.nix)]; + secrets.grafanaPassword = { file = ./password.age; owner = "grafana"; @@ -76,7 +78,7 @@ in { }; }; - services.nginx.virtualHosts.${fqdn} = merge config.nginx.sslTemplate { + services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate { locations."/" = { proxyPass = "http://[::1]:${toString port}"; proxyWebsockets = true; diff --git a/hosts/cube/matrix/default.nix b/hosts/cube/matrix/default.nix index 59174c1..febf9b3 100644 --- a/hosts/cube/matrix/default.nix +++ b/hosts/cube/matrix/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: let +{ self, config, lib, ... }: let inherit (config.networking) domain; inherit (lib) const enabled genAttrs merge strings; @@ -35,6 +35,8 @@ portSynapse = 8002; portSync = 8003; in { + imports = [(self + /modules/nginx.nix)]; + secrets.matrixSecret = { file = ./password.secret.age; owner = "matrix-synapse"; @@ -108,7 +110,7 @@ in { services.nginx.virtualHosts.${domain} = configWellKnownResponse; - services.nginx.virtualHosts.${domainChat} = merge config.nginx.sslTemplate configWellKnownResponse configNotFoundLocation { + services.nginx.virtualHosts.${domainChat} = merge config.services.nginx.sslTemplate configWellKnownResponse configNotFoundLocation { root = "${pathSite}"; locations."/_matrix".proxyPass = "http://[::1]:${toString portSynapse}"; @@ -124,7 +126,7 @@ in { }; }; - services.nginx.virtualHosts.${domainSync} = merge config.nginx.sslTemplate configNotFoundLocation { + services.nginx.virtualHosts.${domainSync} = merge config.services.nginx.sslTemplate configNotFoundLocation { root = pathSite; locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" diff --git a/hosts/cube/nextcloud/default.nix b/hosts/cube/nextcloud/default.nix index 158b11a..d215563 100644 --- a/hosts/cube/nextcloud/default.nix +++ b/hosts/cube/nextcloud/default.nix @@ -1,4 +1,4 @@ - { config, lib, pkgs, ... }: let + { self, config, lib, pkgs, ... }: let inherit (config.networking) domain; inherit (lib) const enabled genAttrs mkAfter; @@ -6,6 +6,8 @@ packageNextcloud = pkgs.nextcloud29; in { + imports = [(self + /modules/nginx.nix)]; + secrets.nextcloudPassword = { file = ./password.age; owner = "nextcloud"; @@ -114,5 +116,5 @@ in { nginx.recommendedHttpHeaders = true; }; - services.nginx.virtualHosts.${fqdn} = config.ngnixSslTemplate; + services.nginx.virtualHosts.${fqdn} = config.services.nginx.sslTemplate; } diff --git a/hosts/disk/site.nix b/hosts/disk/site.nix index b7fe2c7..ab68b9a 100644 --- a/hosts/disk/site.nix +++ b/hosts/disk/site.nix @@ -1,7 +1,3 @@ { self, ... }: { - imports = [ - (self + /modules/acme) - (self + /modules/nginx.nix) - (self + /modules/site.nix) - ]; + imports = [(self + /modules/site.nix)]; } diff --git a/modules/nginx.nix b/modules/nginx.nix index f5aa742..beacdc1 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -1,14 +1,16 @@ -{ config, lib, pkgs, ... }: let +{ self, config, lib, pkgs, ... }: let inherit (config.networking) domain; inherit (lib) enabled mkConst; in { - options.nginx.sslTemplate = mkConst { + imports = [(self + /modules/acme)]; + + options.services.nginx.sslTemplate = mkConst { forceSSL = true; quic = true; useACMEHost = config.networking.domain; }; - options.nginx.headers = mkConst '' + options.services.nginx.headers = mkConst '' # TODO: Not working for some reason. add_header Access-Control-Allow-Origin $allow_origin; add_header Access-Control-Allow-Methods $allow_methods; @@ -61,7 +63,7 @@ in { ~^https://.+\.${domain}$ "GET, HEAD, OPTIONS"; } - ${config.nginx.headers} + ${config.services.nginx.headers} proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; diff --git a/modules/site.nix b/modules/site.nix index 55c2d9e..6e61477 100644 --- a/modules/site.nix +++ b/modules/site.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: let +{ self, config, lib, ... }: let inherit (config.networking) domain; inherit (lib) enabled merge; @@ -9,15 +9,17 @@ locations."/404".extraConfig = "internal;"; }; in { + imports = [(self + /modules/nginx.nix)]; + services.nginx = enabled { - virtualHosts.${domain} = merge config.nginx.sslTemplate configNotFoundLocation { + virtualHosts.${domain} = merge config.services.nginx.sslTemplate configNotFoundLocation { root = pathSite; locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; locations."/assets/".extraConfig = '' if ($request_method = OPTIONS) { - ${config.nginx.headers} + ${config.services.nginx.headers} add_header Content-Type text/plain; add_header Content-Length 0; return 204; @@ -27,11 +29,11 @@ in { ''; }; - virtualHosts."www.${domain}" = merge config.nginx.sslTemplate { + virtualHosts."www.${domain}" = merge config.services.nginx.sslTemplate { locations."/".extraConfig = "return 301 https://${domain}$request_uri;"; }; - virtualHosts._ = merge config.nginx.sslTemplate configNotFoundLocation { + virtualHosts._ = merge config.services.nginx.sslTemplate configNotFoundLocation { root = pathSite; locations."/".extraConfig = "return 404;";