From c5031244252d61973ffa886a5a97bb9bf95c6706 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Tue, 25 Feb 2025 20:32:50 +0200 Subject: [PATCH 1/4] Make loadbalancer domain mapping use exact matches --- nixos-modules/qois/loadbalancer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos-modules/qois/loadbalancer/default.nix b/nixos-modules/qois/loadbalancer/default.nix index fe5477c..3d8b4d7 100644 --- a/nixos-modules/qois/loadbalancer/default.nix +++ b/nixos-modules/qois/loadbalancer/default.nix @@ -148,7 +148,7 @@ in frontend http mode http bind *:80 - use_backend %[req.hdr(host),lower,map_dom(${domainMappingFile})]-http + use_backend %[req.hdr(host),lower,map(${domainMappingFile})]-http frontend https bind *:443 @@ -156,7 +156,7 @@ in tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } - use_backend %[req.ssl_sni,lower,map_dom(${domainMappingFile})]-https + use_backend %[req.ssl_sni,lower,map(${domainMappingFile})]-https ## Generated Backends: ${httpBackends} From 26022cf3dd36b037b0f8a55d651e5080bf077e4f Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Tue, 25 Feb 2025 22:17:58 +0200 Subject: [PATCH 2/4] Switch mstmp password reader to coreutils for services --- nixos-modules/outgoing-server-mail/default.nix | 2 +- nixos-modules/vault/default.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos-modules/outgoing-server-mail/default.nix b/nixos-modules/outgoing-server-mail/default.nix index 2f04382..8718fe4 100644 --- a/nixos-modules/outgoing-server-mail/default.nix +++ b/nixos-modules/outgoing-server-mail/default.nix @@ -40,7 +40,7 @@ with lib; host = "mail.cyon.ch"; user = "system@qo.is"; from = "no-reply@qo.is"; - passwordeval = "${pkgs.busybox}/bin/cat ${config.sops.secrets."msmtp/password".path}"; + passwordeval = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."msmtp/password".path}"; }; }; }; diff --git a/nixos-modules/vault/default.nix b/nixos-modules/vault/default.nix index 36332af..0171b45 100644 --- a/nixos-modules/vault/default.nix +++ b/nixos-modules/vault/default.nix @@ -34,6 +34,8 @@ with lib; ROCKET_PORT = 8222; USE_SENDMAIL = true; + SENDMAIL_COMMAND = "${pkgs.msmtp}/bin/sendmail"; + SMTP_FROM = "vault@qo.is"; SMTP_FROM_NAME = cfg.domain; @@ -68,7 +70,6 @@ with lib; # See https://search.nixos.org/options?channel=unstable&show=services.vaultwarden.environmentFile sops.secrets."vaultwarden/environment-file".restartUnits = [ "vaultwarden.service" ]; - systemd.services.vaultwarden.path = [ pkgs.msmtp ]; users.users.vaultwarden.extraGroups = [ "postdrop" ]; networking.hosts."127.0.0.1" = [ cfg.domain ]; From f2dc1001d356be2e8d89be5cbd2ed453a94d2e1a Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 Mar 2025 17:33:15 +0200 Subject: [PATCH 3/4] Upgrade attic max body size --- nixos-modules/qois/attic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-modules/qois/attic/default.nix b/nixos-modules/qois/attic/default.nix index adb9e4b..c64ed7c 100644 --- a/nixos-modules/qois/attic/default.nix +++ b/nixos-modules/qois/attic/default.nix @@ -85,7 +85,7 @@ in services.nginx = { enable = true; - clientMaxBodySize = "1g"; + clientMaxBodySize = "5G"; virtualHosts.${cfg.domain} = { kTLS = true; forceSSL = true; From c3fcdc9322ca339d1a69f6f94e6dd04c5a134389 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 Mar 2025 17:33:15 +0200 Subject: [PATCH 4/4] Upgrade attic max body size --- nixos-modules/qois/attic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-modules/qois/attic/default.nix b/nixos-modules/qois/attic/default.nix index adb9e4b..c64ed7c 100644 --- a/nixos-modules/qois/attic/default.nix +++ b/nixos-modules/qois/attic/default.nix @@ -85,7 +85,7 @@ in services.nginx = { enable = true; - clientMaxBodySize = "1g"; + clientMaxBodySize = "5G"; virtualHosts.${cfg.domain} = { kTLS = true; forceSSL = true;