diff --git a/nixos/access/taskchampion.nix b/nixos/access/taskchampion.nix new file mode 100644 index 00000000..1724e736 --- /dev/null +++ b/nixos/access/taskchampion.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + inherit (config.services) taskchampion-sync-server; + name.shortServer = mkDefault "task"; + upstreamName = "taskchampion'access"; +in { + config.services.nginx = { + upstreams'.${upstreamName}.servers = { + local = { + enable = mkDefault taskchampion-sync-server.enable; + addr = mkDefault "localhost"; + port = mkIf taskchampion-sync-server.enable (mkDefault taskchampion-sync-server.port); + }; + service = {upstream, ...}: { + enable = mkIf upstream.servers.local.enable (mkDefault false); + accessService = { + name = "taskchampion"; + }; + }; + }; + virtualHosts = let + copyFromVhost = mkDefault "taskchampion"; + locations = { + "/" = { + proxy.enable = true; + }; + }; + in { + taskchampion = { + inherit name locations; + proxy.upstream = mkDefault upstreamName; + vouch.enable = mkDefault true; + }; + taskchampion'local = { + inherit name locations; + ssl.cert = { + inherit copyFromVhost; + }; + proxy = { + inherit copyFromVhost; + }; + local.enable = mkDefault true; + }; + }; + }; +} diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 3dcb816e..11637d9b 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -48,6 +48,7 @@ in { nixos.access.nextjs-ollama nixos.access.openwebrx nixos.access.deluge + nixos.access.taskchampion nixos.access.home-assistant nixos.access.zigbee2mqtt nixos.access.grocy @@ -132,6 +133,14 @@ in { virtualHosts.vaultwarden'local.allServerNames ]; }; + task = { + inherit (nginx) group; + domain = virtualHosts.taskchampion.serverName; + extraDomainNames = mkMerge [ + virtualHosts.taskchampion.otherServerNames + virtualHosts.taskchampion'local.allServerNames + ]; + }; home = { inherit (nginx) group; domain = virtualHosts.home-assistant.serverName; @@ -380,6 +389,11 @@ in { local.denyGlobal = true; ssl.cert.enable = true; }; + taskchampion = { + # not the real task record-holder, so don't respond globally.. + local.denyGlobal = true; + ssl.cert.enable = true; + }; home-assistant = { # not the real hass record-holder, so don't respond globally.. local.denyGlobal = true; diff --git a/systems/tei/cloudflared.nix b/systems/tei/cloudflared.nix index b986f57f..8f833ad2 100644 --- a/systems/tei/cloudflared.nix +++ b/systems/tei/cloudflared.nix @@ -19,6 +19,7 @@ in { (nginx.virtualHosts.grocy.proxied.cloudflared.getIngress {}) (nginx.virtualHosts.barcodebuddy.proxied.cloudflared.getIngress {}) (nginx.virtualHosts.home-assistant.proxied.cloudflared.getIngress {}) + (nginx.virtualHosts.taskchampion.proxied.cloudflared.getIngress {}) ]; }; }; diff --git a/systems/tei/nixos.nix b/systems/tei/nixos.nix index 6e4de4fe..1b3e367a 100644 --- a/systems/tei/nixos.nix +++ b/systems/tei/nixos.nix @@ -16,6 +16,7 @@ in { nixos.postgres nixos.nginx nixos.adb + nixos.access.taskchampion nixos.access.home-assistant nixos.access.zigbee2mqtt nixos.access.grocy @@ -39,6 +40,7 @@ in { proxied.enable = "cloudflared"; vouch.enable = mkIf hassVouch true; }; + taskchampion.proxied.enable = "cloudflared"; }; }; services.home-assistant = { diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 8d3c8445..23b3f168 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -33,6 +33,7 @@ module "hakurei_system_records" { "lm", "webrx", "deluge", + "task", "home", "z2m", "grocy", diff --git a/tf/cloudflare_tunnels.tf b/tf/cloudflare_tunnels.tf index 6a77766b..d68bcfdd 100644 --- a/tf/cloudflare_tunnels.tf +++ b/tf/cloudflare_tunnels.tf @@ -106,6 +106,7 @@ module "tewi" { account_id = var.cloudflare_account_id zone_id = cloudflare_zone.gensokyo-zone_zone.id subdomains = [ + "task", "home", "z2m", "grocy",