diff --git a/modules/nixos/nginx-vouch.nix b/modules/nixos/nginx-vouch.nix index 40be5d13..d32a335a 100644 --- a/modules/nixos/nginx-vouch.nix +++ b/modules/nixos/nginx-vouch.nix @@ -28,7 +28,8 @@ in { vouch = mkIf vouch-proxy.enable { proxyOrigin = let inherit (vouch-proxy.settings.vouch) listen port; - in mkOptionDefault "http://${listen}:${toString port}"; + host = if listen == "0.0.0.0" || listen == "[::]" then "localhost" else listen; + in mkOptionDefault "http://${host}:${toString port}"; authUrl = mkOptionDefault vouch-proxy.authUrl; url = mkOptionDefault vouch-proxy.url; }; diff --git a/nixos/access/zigbee2mqtt.nix b/nixos/access/zigbee2mqtt.nix index 50f4c2e9..a719fcf8 100644 --- a/nixos/access/zigbee2mqtt.nix +++ b/nixos/access/zigbee2mqtt.nix @@ -3,14 +3,15 @@ lib, ... }: -with lib; let +let + inherit (lib.modules) mkDefault; cfg = config.services.zigbee2mqtt; in { services.nginx.virtualHosts.${cfg.domain} = { vouch.enable = true; locations = { "/" = { - proxyPass = "http://127.0.0.1:${toString cfg.settings.frontend.port}"; + proxyPass = mkDefault "http://127.0.0.1:${toString cfg.settings.frontend.port}"; extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/nixos/vouch.nix b/nixos/vouch.nix index 3a913985..bb372fdc 100644 --- a/nixos/vouch.nix +++ b/nixos/vouch.nix @@ -10,6 +10,7 @@ in { enable = mkDefault true; domain = mkDefault "login.${config.networking.domain}"; settings = { + vouch.listen = mkDefault "0.0.0.0"; vouch.cookie.secure = mkDefault false; }; enableSettingsSecrets = mkDefault true; diff --git a/nixos/zigbee2mqtt.nix b/nixos/zigbee2mqtt.nix index dea4e7c0..921f7444 100644 --- a/nixos/zigbee2mqtt.nix +++ b/nixos/zigbee2mqtt.nix @@ -15,7 +15,6 @@ in { services.zigbee2mqtt = { enable = mkDefault true; - openFirewall = mkDefault true; domain = mkDefault "z2m.${config.networking.domain}"; settings = { advanced = {