From 2b15694fb8bbcee067550f98e52ba4bcc3909788 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Mon, 13 May 2024 11:51:43 -0700
Subject: [PATCH] fix(access): cockpit

---
 nixos/access/freeipa.nix | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/nixos/access/freeipa.nix b/nixos/access/freeipa.nix
index 25b8437c..559a9550 100644
--- a/nixos/access/freeipa.nix
+++ b/nixos/access/freeipa.nix
@@ -37,6 +37,20 @@ let
       };
     };
   };
+  locations'cockpit = {
+    "/" = {xvars, ...}: {
+      proxy = {
+        enable = true;
+        host = xvars.get.host;
+      };
+    };
+    "/cockpit/socket" = {
+      proxy = {
+        enable = true;
+        websocket.enable = true;
+      };
+    };
+  };
   ldapsPort = 636;
 in {
   imports = let
@@ -239,18 +253,21 @@ in {
           name = name'cockpit;
           vouch.enable = mkDefault true;
           ssl = {
-            force = mkDefault virtualHosts.freeipa'web.ssl.force;
+            force = mkDefault true;
             cert.copyFromVhost = "freeipa'web";
           };
           proxy.upstream = "freeipa'cockpit";
-          locations."/".proxy.enable = true;
+          locations = locations'cockpit;
         };
         freeipa'cockpit'local = {
           name = name'cockpit;
-          ssl.cert.copyFromVhost = "freeipa'cockpit";
+          ssl = {
+            force = mkDefault true;
+            cert.copyFromVhost = "freeipa'cockpit";
+          };
           proxy.copyFromVhost = "freeipa'cockpit";
           local.enable = true;
-          locations."/".proxy.enable = true;
+          locations = locations'cockpit;
         };
         freeipa'ldap = {
           serverName = mkDefault ldap.domain;