fix(access): gensokyo

2026-02-09 12:29:19 -08:00 · 2024-01-24 08:09:05 -08:00 · 2024-01-24 08:09:05 -08:00 · 228e2cf788
commit 228e2cf788
parent fdfd6260c1
6 changed files with 17 additions and 6 deletions
--- a/nixos/access/gensokyo.nix
+++ b/nixos/access/gensokyo.nix
@ -7,7 +7,6 @@
  inherit (lib.modules) mkDefault;
 in {
  services.nginx.virtualHosts.${config.networking.domain} = {
-    default = mkDefault true;
    locations."/" = {
      root = pkgs.gensokyoZone;
    };
--- a/nixos/access/plex.nix
+++ b/nixos/access/plex.nix
@ -4,7 +4,7 @@
  ...
 }: let
  inherit (lib.options) mkOption;
-  inherit (lib.modules) mkIf mkOptionDefault;
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
  cfg = config.services.plex;
  access = config.services.nginx.access.plex;
 in {
@ -53,11 +53,13 @@ in {
    in {
      ${access.domain} = {
        locations."/" = location;
+        kTLS = mkDefault true;
        inherit extraConfig;
      };
      ${access.localDomain} = {
        local.enable = true;
        locations."/" = location;
+        kTLS = mkDefault true;
        inherit extraConfig;
      };
    };
--- a/nixos/access/zigbee2mqtt.nix
+++ b/nixos/access/zigbee2mqtt.nix
@ -24,6 +24,10 @@ in {
      type = str;
      default = "z2m.local.${config.networking.domain}";
    };
+    tailDomain = mkOption {
+      type = str;
+      default = "z2m.tail.${config.networking.domain}";
+    };
    port = mkOption {
      type = port;
    };
@ -42,10 +46,7 @@ in {
        locations."/" = location;
      };
      ${access.localDomain} = {
-        local.enable = true;
-        locations."/" = location;
-      };
-      "z2m.tail.${config.networking.domain}" = mkIf config.services.tailscale.enable {
+        serverAliases = mkIf config.services.tailscale.enable [ access.tailDomain ];
        local.enable = true;
        locations."/" = location;
      };
--- a/nixos/nginx.nix
+++ b/nixos/nginx.nix
@ -29,5 +29,12 @@ with lib; {
      #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
    '';
    clientMaxBodySize = "512m";
+    virtualHosts.fallback = {
+      serverName = null;
+      default = mkDefault true;
+      locations."/".extraConfig = mkDefault ''
+        return 404;
+      '';
+    };
  };
 }
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -41,6 +41,7 @@ in {
      credentialsFile = config.sops.secrets.cloudflared-tunnel-hakurei.path;
      ingress = {
        "prox.${config.networking.domain}".service = "http://localhost";
+        ${config.networking.domain}.service = "http://localhost";
      };
    };
  };
--- a/tf/cloudflare_tunnels.tf
+++ b/tf/cloudflare_tunnels.tf
@ -10,6 +10,7 @@ module "hakurei" {
  account_id = var.cloudflare_account_id
  zone_id    = cloudflare_zone.gensokyo-zone_zone.id
  subdomains = [
+    "@",
    "prox",
  ]
 }