diff --git a/hosts/h001/containers/default.nix b/hosts/h001/containers/default.nix index bf033b0..2e987c3 100644 --- a/hosts/h001/containers/default.nix +++ b/hosts/h001/containers/default.nix @@ -58,13 +58,6 @@ proxyPass = "http://10.0.0.111"; }; }; - - "_" = { - default = true; - locations."/" = { - return = "404"; # or 444 for drop - }; - }; }; }; diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index bd42873..bda5dde 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -67,22 +67,17 @@ "home-manager": "home-manager", "hyprland": "hyprland", "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_3", "ragenix": "ragenix" }, "locked": { - "lastModified": 1760053007, - "narHash": "sha256-0csJRXdWM+ybfB41g6Ptndi0WRU33onQRH0SdNKZmio=", - "ref": "refs/heads/master", - "rev": "8e5e514b169b62833457d6d851bb1437fb8a8257", - "revCount": 711, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -537,7 +532,7 @@ }, "nixarr": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "vpnconfinement": "vpnconfinement", "website-builder": "website-builder" }, @@ -588,22 +583,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1758690382, - "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "e643668fd71b949c53f8626614b21ff71a07379d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -619,7 +598,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1748662220, "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", @@ -635,7 +614,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1759735786, "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", @@ -651,7 +630,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1759772810, "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", @@ -1607,7 +1586,7 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "rust-overlay": "rust-overlay" }, "locked": { @@ -1629,7 +1608,7 @@ "common": "common", "litellm-nixpkgs": "litellm-nixpkgs", "nixarr": "nixarr", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "oauth2-proxy-nixpkgs": "oauth2-proxy-nixpkgs", "open-webui-nixpkgs": "open-webui-nixpkgs", "ros_neovim": "ros_neovim", @@ -1638,7 +1617,7 @@ }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 3ef255e..e88622d 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -8,8 +8,8 @@ oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + common.url = "path:../../common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; diff --git a/hosts/h001/mods/nixarr.nix b/hosts/h001/mods/nixarr.nix index 0f10ce6..54cf34d 100644 --- a/hosts/h001/mods/nixarr.nix +++ b/hosts/h001/mods/nixarr.nix @@ -47,39 +47,23 @@ services.nginx = { virtualHosts = { "jellyfin.joshuabell.xyz" = { - enableACME = true; - # forceSSL = true; + addSSL = true; + sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem"; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:8096"; }; }; "media.joshuabell.xyz" = { - enableACME = true; - # forceSSL = true; + addSSL = true; + sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem"; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:5055"; }; }; - # "10.12.14.10" = { - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://localhost:8096"; - # }; - # }; - # "jellyfin.h001.local.joshuabell.xyz" = { - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://localhost:8096"; - # }; - # }; - # "media.h001.local.joshuabell.xyz" = { - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://localhost:5055"; - # }; - # }; }; }; }; diff --git a/hosts/h001/nginx.nix b/hosts/h001/nginx.nix index 052aa94..788dfe6 100644 --- a/hosts/h001/nginx.nix +++ b/hosts/h001/nginx.nix @@ -1,4 +1,5 @@ { + config, ... }: let @@ -8,8 +9,21 @@ let }; in { - security.acme.acceptTerms = true; - security.acme.defaults.email = "admin@joshuabell.xyz"; + # TODO transfer these to o001 to use same certs? + security.acme = { + acceptTerms = true; + defaults.email = "admin@joshuabell.xyz"; + certs."joshuabell.xyz" = { + domain = "joshuabell.xyz"; + extraDomainNames = [ "*.joshuabell.xyz" ]; + credentialFiles = { + LINODE_TOKEN_FILE = config.age.secrets.linode_rw_domains.path; + }; + dnsProvider = "linode"; + group = "nginx"; + }; + }; + services.nginx = { enable = true; recommendedGzipSettings = true; @@ -45,6 +59,14 @@ in "/" = homarr; }; }; + + "_" = { + rejectSSL = true; + default = true; + locations."/" = { + return = "444"; # 404 for not found or 444 for drop + }; + }; }; }; }