From aab8691c7b44c27929a7a205f654412490285e03 Mon Sep 17 00:00:00 2001 From: Joshua Bell Date: Sun, 8 Feb 2026 23:27:01 -0600 Subject: [PATCH 1/4] Add nginx vhosts for location and photos with ACME and proxy --- hosts/oracle/o001/nginx.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index 779d8d9d..7c84197e 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -255,6 +255,22 @@ in ''; }; }; + "location.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://100.64.0.13"; + }; + }; + "photos.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://100.64.0.13"; + }; + }; "llm.joshuabell.xyz" = { enableACME = true; forceSSL = true; From ff7bb9a36e8d800ff972eeb4dbbb874336a24960 Mon Sep 17 00:00:00 2001 From: Joshua Bell Date: Sun, 8 Feb 2026 23:42:06 -0600 Subject: [PATCH 2/4] Add systemd service to route joshuabell.xyz via Tailscale DNS --- flakes/common/nix_modules/tailnet.nix | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/flakes/common/nix_modules/tailnet.nix b/flakes/common/nix_modules/tailnet.nix index bcc151e4..698dc432 100644 --- a/flakes/common/nix_modules/tailnet.nix +++ b/flakes/common/nix_modules/tailnet.nix @@ -29,6 +29,38 @@ in ]; }; + # Route joshuabell.xyz DNS queries through Tailscale for extra_records defined in headscale + # This adds ~joshuabell.xyz as a routing domain alongside the MagicDNS domain + systemd.services.tailscale-dns-routes = { + description = "Configure DNS routing for Tailscale extra_records"; + after = [ "tailscaled.service" "systemd-resolved.service" ]; + requires = [ "tailscaled.service" "systemd-resolved.service" ]; + wantedBy = [ "multi-user.target" ]; + # Wait for tailscale0 interface to be up and have DNS configured + script = '' + # Wait for tailscale to be connected and DNS configured + for i in $(seq 1 30); do + if ${pkgs.iproute2}/bin/ip link show tailscale0 &>/dev/null && \ + ${pkgs.systemd}/bin/resolvectl status tailscale0 2>/dev/null | grep -q "DNS Servers"; then + break + fi + sleep 1 + done + # Add joshuabell.xyz to the routing domains (keeping existing ones) + current_domains=$(${pkgs.systemd}/bin/resolvectl domain tailscale0 2>/dev/null | grep -oP '(?<=tailscale0: ).*' || echo "") + if ! echo "$current_domains" | grep -q "joshuabell.xyz"; then + ${pkgs.systemd}/bin/resolvectl domain tailscale0 $current_domains ~joshuabell.xyz + echo "Added ~joshuabell.xyz to tailscale0 DNS routing domains" + else + echo "joshuabell.xyz already in routing domains" + fi + ''; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + }; + systemd.services.tailscaled = { after = [ "systemd-modules-load.service" From c62cf59a317d37b30dfca485a6bf17479313d5c9 Mon Sep 17 00:00:00 2001 From: Joshua Bell Date: Sun, 8 Feb 2026 23:51:17 -0600 Subject: [PATCH 3/4] Remove tailscale-dns-routes systemd service --- flakes/common/nix_modules/tailnet.nix | 32 --------------------------- 1 file changed, 32 deletions(-) diff --git a/flakes/common/nix_modules/tailnet.nix b/flakes/common/nix_modules/tailnet.nix index 698dc432..bcc151e4 100644 --- a/flakes/common/nix_modules/tailnet.nix +++ b/flakes/common/nix_modules/tailnet.nix @@ -29,38 +29,6 @@ in ]; }; - # Route joshuabell.xyz DNS queries through Tailscale for extra_records defined in headscale - # This adds ~joshuabell.xyz as a routing domain alongside the MagicDNS domain - systemd.services.tailscale-dns-routes = { - description = "Configure DNS routing for Tailscale extra_records"; - after = [ "tailscaled.service" "systemd-resolved.service" ]; - requires = [ "tailscaled.service" "systemd-resolved.service" ]; - wantedBy = [ "multi-user.target" ]; - # Wait for tailscale0 interface to be up and have DNS configured - script = '' - # Wait for tailscale to be connected and DNS configured - for i in $(seq 1 30); do - if ${pkgs.iproute2}/bin/ip link show tailscale0 &>/dev/null && \ - ${pkgs.systemd}/bin/resolvectl status tailscale0 2>/dev/null | grep -q "DNS Servers"; then - break - fi - sleep 1 - done - # Add joshuabell.xyz to the routing domains (keeping existing ones) - current_domains=$(${pkgs.systemd}/bin/resolvectl domain tailscale0 2>/dev/null | grep -oP '(?<=tailscale0: ).*' || echo "") - if ! echo "$current_domains" | grep -q "joshuabell.xyz"; then - ${pkgs.systemd}/bin/resolvectl domain tailscale0 $current_domains ~joshuabell.xyz - echo "Added ~joshuabell.xyz to tailscale0 DNS routing domains" - else - echo "joshuabell.xyz already in routing domains" - fi - ''; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - }; - systemd.services.tailscaled = { after = [ "systemd-modules-load.service" From 4497fa29b166224f14cdc49aca2ed0f1f18db830 Mon Sep 17 00:00:00 2001 From: Joshua Bell Date: Sun, 8 Feb 2026 23:51:42 -0600 Subject: [PATCH 4/4] update lio flake --- hosts/lio/flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 92e2c60a..792decf3 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -64,11 +64,11 @@ "common": { "locked": { "dir": "flakes/common", - "lastModified": 1770332845, - "narHash": "sha256-jgBoqzdhyZaD4zJ+xfZBh/gWEqEL8amibqc90nP4eXM=", + "lastModified": 1770613864, + "narHash": "sha256-Wn/dJdzToNfAqrZp1oRbXTvcF88UUCYkfOBPLsHpHNY=", "ref": "refs/heads/master", - "rev": "92ea9d16f8cf9f2f761cc668225fa2498fe2c15b", - "revCount": 1213, + "rev": "9e5e3cd4fa9ddae4ede2ba6c83f3c734a33f27b4", + "revCount": 1240, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" },