From 2bbbe034447cac485b2dd04723b4f8de8ab28f58 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 23 Mar 2026 12:36:32 +0100 Subject: [PATCH] . --- .../authentication/zitadel/default.nix | 4 ++-- .../services/communication/matrix/default.nix | 4 ++-- .../services/networking/caddy/default.nix | 14 +++++++---- .../observability/promtail/default.nix | 23 ++++++++++++------- 4 files changed, 29 insertions(+), 16 deletions(-) diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 082330e..7674835 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -543,12 +543,12 @@ in networking.caddy = { hosts = { "auth.kruining.eu" = '' - reverse_proxy h2c://::1:9092 + reverse_proxy h2c://[::1]:9092 ''; }; extraConfig = '' (auth) { - forward_auth h2c://::1:9092 { + forward_auth h2c://[::1]:9092 { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Email Remote-Name } diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index f20e1ac..d2e47b0 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -89,8 +89,8 @@ in { ''; "${fqn}" = '' - reverse_proxy /_matrix/* http://::1:${toString port} - reverse_proxy /_synapse/client/* http://::1:${toString port} + reverse_proxy /_matrix/* http://[::1]:${toString port} + reverse_proxy /_synapse/client/* http://[::1]:${toString port} ''; }; }; diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index e18a707..ec9df3a 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -10,6 +10,15 @@ cfg = config.${namespace}.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; + caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { + buildGo125Module = pkgs.buildGo126Module; + caddy = caddyBase; + }; + caddyPackage = + caddyBase.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; + }; in { options.${namespace}.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; @@ -27,10 +36,7 @@ in { services.caddy = { enable = cfg.enable; - package = pkgs.caddy.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; - }; + package = caddyPackage; virtualHosts = cfg.hosts diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 25aabbd..38dbbab 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -1,11 +1,15 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; cfg = config.${namespace}.services.observability.promtail; -in -{ +in { options.${namespace}.services.observability.promtail = { enable = mkEnableOption "enable Grafana Promtail"; }; @@ -31,7 +35,7 @@ in clients = [ { - url = "http://::1:9003/loki/api/v1/push"; + url = "http://[::1]:9003/loki/api/v1/push"; } ]; @@ -46,13 +50,16 @@ in }; }; relabel_configs = [ - { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } + { + source_labels = ["__journal__systemd_unit"]; + target_label = "unit"; + } ]; } ]; }; }; - - networking.firewall.allowedTCPPorts = [ 9004 ]; + + networking.firewall.allowedTCPPorts = [9004]; }; }