diff --git a/flake.lock b/flake.lock index e2ef3a5..c9df8ee 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774210137, - "narHash": "sha256-QaPn/8NlrXd6jd8S9+KV2pYsGNZ8KWU5+jv2/QtRlUw=", - "rev": "1862f2641e54a51755b0b9acb907d01f6b324b2a", + "lastModified": 1774258552, + "narHash": "sha256-wTJJxhLPr3OHXQ23H9+Ch1YjdlaoMf3605ezfRYLaC4=", + "rev": "28bb98f5aec0ea70b623ab4953eb8186acdb7bba", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1862f2641e54a51755b0b9acb907d01f6b324b2a.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/28bb98f5aec0ea70b623ab4953eb8186acdb7bba.tar.gz" }, "original": { "type": "tarball", @@ -980,11 +980,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1774253681, - "narHash": "sha256-U3LMRHov4wQ4olZq/zvf94Qf7oL6W11fjvZGvWg3gZc=", + "lastModified": 1774259547, + "narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "16b430b0e3a5233df0444f14928af915555308ac", + "rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", "type": "github" }, "original": { diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index 082330e..7674835 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -543,12 +543,12 @@ in networking.caddy = { hosts = { "auth.kruining.eu" = '' - reverse_proxy h2c://::1:9092 + reverse_proxy h2c://[::1]:9092 ''; }; extraConfig = '' (auth) { - forward_auth h2c://::1:9092 { + forward_auth h2c://[::1]:9092 { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Email Remote-Name } diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index f20e1ac..d2e47b0 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -89,8 +89,8 @@ in { ''; "${fqn}" = '' - reverse_proxy /_matrix/* http://::1:${toString port} - reverse_proxy /_synapse/client/* http://::1:${toString port} + reverse_proxy /_matrix/* http://[::1]:${toString port} + reverse_proxy /_synapse/client/* http://[::1]:${toString port} ''; }; }; diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix index 4cab016..ec9df3a 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy/default.nix @@ -10,6 +10,15 @@ cfg = config.${namespace}.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; + caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { + buildGo125Module = pkgs.buildGo126Module; + caddy = caddyBase; + }; + caddyPackage = + caddyBase.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; + }; in { options.${namespace}.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; @@ -27,10 +36,7 @@ in { services.caddy = { enable = cfg.enable; - package = pkgs.caddy.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs="; - }; + package = caddyPackage; virtualHosts = cfg.hosts diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix index 92bd803..0cf5320 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard/default.nix @@ -33,15 +33,15 @@ in { }; config = mkIf hasPeers { - networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); - networking.wq-quick = { - # enable = cfg.enable; + # networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); + # networking.wq-quick = { + # # enable = cfg.enable; - interfaces = - cfg.peer - |> attrsToList - |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // { })); - |> listToAttrs - }; + # interfaces = + # cfg.peer + # |> attrsToList + # |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {}))) + # |> listToAttrs; + # }; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail/default.nix index 25aabbd..38dbbab 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail/default.nix @@ -1,11 +1,15 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + namespace, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; cfg = config.${namespace}.services.observability.promtail; -in -{ +in { options.${namespace}.services.observability.promtail = { enable = mkEnableOption "enable Grafana Promtail"; }; @@ -31,7 +35,7 @@ in clients = [ { - url = "http://::1:9003/loki/api/v1/push"; + url = "http://[::1]:9003/loki/api/v1/push"; } ]; @@ -46,13 +50,16 @@ in }; }; relabel_configs = [ - { source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } + { + source_labels = ["__journal__systemd_unit"]; + target_label = "unit"; + } ]; } ]; }; }; - - networking.firewall.allowedTCPPorts = [ 9004 ]; + + networking.firewall.allowedTCPPorts = [9004]; }; }