RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 18:17:44 +00:00
Code Issues Activity

fix: fix import graph and errors

Browse source
This commit is contained in:
RGBCube 2025-02-23 14:35:46 +03:00
parent f2ab446c48
commit d8bcbab825
7 changed files with 29 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/cube/forgejo/default.nix
View file

@ -6,6 +6,8 @@
port = 8001;
in {
imports = [(self + /modules/nginx.nix)];
secrets.forgejoPasswordRunner = {
file = ./password.runner.age;
owner = "forgejo";
@ -155,7 +157,7 @@ in {
};
};
services.nginx.virtualHosts.${fqdn} = merge config.nginx.sslTemplate {
services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
locations."/".proxyPass = "http://[::1]:${toString port}";
};
}

4
hosts/cube/grafana/default.nix
View file

@ -6,6 +6,8 @@
port = 8000;
in {
imports = [(self + /modules/nginx.nix)];
secrets.grafanaPassword = {
file = ./password.age;
owner = "grafana";
@ -76,7 +78,7 @@ in {
};
};
services.nginx.virtualHosts.${fqdn} = merge config.nginx.sslTemplate {
services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
locations."/" = {
proxyPass = "http://[::1]:${toString port}";
proxyWebsockets = true;

8
hosts/cube/matrix/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: let
{ self, config, lib, ... }: let
inherit (config.networking) domain;
inherit (lib) const enabled genAttrs merge strings;
@ -35,6 +35,8 @@
portSynapse = 8002;
portSync = 8003;
in {
imports = [(self + /modules/nginx.nix)];
secrets.matrixSecret = {
file = ./password.secret.age;
owner = "matrix-synapse";
@ -108,7 +110,7 @@ in {
services.nginx.virtualHosts.${domain} = configWellKnownResponse;
services.nginx.virtualHosts.${domainChat} = merge config.nginx.sslTemplate configWellKnownResponse configNotFoundLocation {
services.nginx.virtualHosts.${domainChat} = merge config.services.nginx.sslTemplate configWellKnownResponse configNotFoundLocation {
root = "${pathSite}";
locations."/_matrix".proxyPass = "http://[::1]:${toString portSynapse}";
@ -124,7 +126,7 @@ in {
};
};
services.nginx.virtualHosts.${domainSync} = merge config.nginx.sslTemplate configNotFoundLocation {
services.nginx.virtualHosts.${domainSync} = merge config.services.nginx.sslTemplate configNotFoundLocation {
root = pathSite;
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)"

6
hosts/cube/nextcloud/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: let
{ self, config, lib, pkgs, ... }: let
inherit (config.networking) domain;
inherit (lib) const enabled genAttrs mkAfter;
@ -6,6 +6,8 @@
packageNextcloud = pkgs.nextcloud29;
in {
imports = [(self + /modules/nginx.nix)];
secrets.nextcloudPassword = {
file = ./password.age;
owner = "nextcloud";
@ -114,5 +116,5 @@ in {
nginx.recommendedHttpHeaders = true;
};
services.nginx.virtualHosts.${fqdn} = config.ngnixSslTemplate;
services.nginx.virtualHosts.${fqdn} = config.services.nginx.sslTemplate;
}

6
hosts/disk/site.nix
View file

@ -1,7 +1,3 @@
{ self, ... }: {
imports = [
(self + /modules/acme)
(self + /modules/nginx.nix)
(self + /modules/site.nix)
];
imports = [(self + /modules/site.nix)];
}

10
modules/nginx.nix
View file

@ -1,14 +1,16 @@
{ config, lib, pkgs, ... }: let
{ self, config, lib, pkgs, ... }: let
inherit (config.networking) domain;
inherit (lib) enabled mkConst;
in {
options.nginx.sslTemplate = mkConst {
imports = [(self + /modules/acme)];
options.services.nginx.sslTemplate = mkConst {
forceSSL = true;
quic = true;
useACMEHost = config.networking.domain;
};
options.nginx.headers = mkConst ''
options.services.nginx.headers = mkConst ''
# TODO: Not working for some reason.
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
@ -61,7 +63,7 @@ in {
~^https://.+\.${domain}$ "GET, HEAD, OPTIONS";
}
${config.nginx.headers}
${config.services.nginx.headers}
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';

12
modules/site.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: let
{ self, config, lib, ... }: let
inherit (config.networking) domain;
inherit (lib) enabled merge;
@ -9,15 +9,17 @@
locations."/404".extraConfig = "internal;";
};
in {
imports = [(self + /modules/nginx.nix)];
services.nginx = enabled {
virtualHosts.${domain} = merge config.nginx.sslTemplate configNotFoundLocation {
virtualHosts.${domain} = merge config.services.nginx.sslTemplate configNotFoundLocation {
root = pathSite;
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = ''
if ($request_method = OPTIONS) {
${config.nginx.headers}
${config.services.nginx.headers}
add_header Content-Type text/plain;
add_header Content-Length 0;
return 204;
@ -27,11 +29,11 @@ in {
'';
};
virtualHosts."www.${domain}" = merge config.nginx.sslTemplate {
virtualHosts."www.${domain}" = merge config.services.nginx.sslTemplate {
locations."/".extraConfig = "return 301 https://${domain}$request_uri;";
};
virtualHosts._ = merge config.nginx.sslTemplate configNotFoundLocation {
virtualHosts._ = merge config.services.nginx.sslTemplate configNotFoundLocation {
root = pathSite;
locations."/".extraConfig = "return 404;";