qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests Projects 1 Activity Actions

Fix vpn configuration

Browse source
This commit is contained in:
Fabian Hauser 2024-12-11 13:01:22 +02:00
parent 747c637f80
commit aaebb4bc19
4 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos-modules/qois/vpn-server/default.nix
View file

@ -8,9 +8,13 @@ with lib;
let
cfg = config.qois.vpn-server;
cfgLoadbalancer = config.qois.loadbalancer;
defaultDnsRecords = mapAttrs (
name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value}
) cfgLoadbalancer.domains;
defaultDnsRecords =
(mapAttrs (
name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value}
) cfgLoadbalancer.domains)
// {
"vpn.qo.is" = config.services.headscale.address;
};
in
{
@ -37,6 +41,7 @@ in
environment.systemPackages = [ pkgs.headscale ];
# We bind to the backplane vpn IP, so wait for the wireguard net to be available
systemd.services.headscale.after = [ "wireguard-wg-backplane.service" ];
qois.backup-client.includePaths =
@ -63,7 +68,7 @@ in
in
{
enable = true;
address = vnet.backplane.hosts.cyprianspitz.v4.ip; # TODO: This entails that the backplane interface is up.
address = vnet.backplane.hosts.cyprianspitz.v4.ip;
port = 46084;
settings = {
server_url = "https://${cfg.domain}:443";

2
nixos-modules/vault/default.nix
View file

@ -80,7 +80,7 @@ with lib;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
proxyWebsockets = true;
};
};