Use davis for dav

2025-03-25 11:30:36 -04:00 · 2025-03-25 11:30:36 -04:00 · aa2d1ffcd9
commit aa2d1ffcd9
parent edbef36e0e
8 changed files with 67 additions and 25 deletions
--- a/clients/quadraticserver/caldav.nix
+++ b/clients/quadraticserver/caldav.nix
@ -1,13 +0,0 @@
-{config, ...}: {
-  services = {
-    radicale = {
-      enable = true;
-      settings.auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.age.secrets."caldavUsers.age".path;
-        htpasswd_encryption = "htpasswd";
-      };
-    };
-    caddy.virtualHosts."dav.henryhiles.com".extraConfig = "reverse_proxy localhost:5232";
-  };
-}
--- a/clients/quadraticserver/dav.nix
+++ b/clients/quadraticserver/dav.nix
@ -0,0 +1,38 @@
+{config, ...}: {
+  services = let
+    domain = "dav.henryhiles.com";
+  in {
+    davis = {
+      enable = true;
+      hostname = domain;
+      appSecretFile = config.age.secrets."davSecret.age".path;
+      adminPasswordFile = config.age.secrets."davPassword.age".path;
+
+      poolConfig = with config.services.caddy; {
+        "listen.owner" = user;
+        "listen.group" = group;
+      };
+      mail.dsn = "smtp://username:password@example.com:25";
+      nginx = {};
+    };
+    nginx.enable = false; # We use caddy instead
+
+    caddy.virtualHosts."${domain}".extraConfig = ''
+      encode zstd gzip
+      header {
+          -Server
+          -X-Powered-By
+          Strict-Transport-Security max-age=31536000;
+          X-Content-Type-Options nosniff
+          Referrer-Policy no-referrer-when-downgrade
+      }
+
+      root * ${config.services.davis.package}/public
+      php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
+      file_server
+
+      redir /.well-known/carddav /dav/ 301
+      redir /.well-known/caldav /dav/ 301
+    '';
+  };
+}
--- a/clients/quadraticserver/matrix.nix
+++ b/clients/quadraticserver/matrix.nix
@ -1,19 +1,22 @@
-{
+{config, ...}: {
  networking.firewall.allowedTCPPorts = [8448];

-  services = {
+  services = let
+    domain = "matrix.henryhiles.com";
+    socket = "/run/conduwuit/socket";
+  in {
    conduwuit = {
      enable = true;
-      group = "caddy";
+      group = config.services.caddy.group;
      settings.global = {
        server_name = "henryhiles.com";
-        unix_socket_path = "/run/conduwuit/socket";
+        unix_socket_path = socket;
      };
    };

-    caddy.virtualHosts."matrix.henryhiles.com" = {
-      serverAliases = ["matrix.henryhiles.com:8448"];
-      extraConfig = "reverse_proxy unix//run/conduwuit/socket";
+    caddy.virtualHosts."${domain}" = {
+      serverAliases = ["${domain}:8448"];
+      extraConfig = "reverse_proxy unix/${socket}";
    };
  };
 }
--- a/clients/quadraticserver/vaultwarden.nix
+++ b/clients/quadraticserver/vaultwarden.nix
@ -1,15 +1,17 @@
 {
-  services = {
+  services = let
+    domain = "vaultwarden.henryhiles.com";
+  in {
    vaultwarden = {
      enable = true;
      config = {
-        domain = "https://vaultwarden.henryhiles.com";
+        domain = "https://${domain}";
        signupsAllowed = false;
        passwordHintsAllowed = false;
        rocketAddress = "127.0.0.1";
      };
    };

-    caddy.virtualHosts."vaultwarden.henryhiles.com".extraConfig = "reverse_proxy localhost:8000";
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy localhost:8000";
  };
 }
--- a/modules/desktop/firefox/default.nix
+++ b/modules/desktop/firefox/default.nix
@ -70,6 +70,11 @@
      DisableSetDesktopBackground = true;
      DisableMasterPasswordCreation = true;

+      # We use bitwarden for these
+      PasswordManagerEnabled = false;
+      AutofillAddressEnabled = false;
+      AutofillCreditCardEnabled = false;
+
      DontCheckDefaultBrowser = true;

      HttpsOnlyMode = "force_enabled";
@ -144,8 +149,9 @@
            IconURL = "https://github.com/NixOS/nixos-artwork/raw/refs/heads/master/logo/nix-snowflake-white.svg";
            Alias = "np";
            preferences = {
-              "gnomeTheme.oledBlack" = true; # Enable nord theme
-              "svg.context-properties.content.enabled" = true;
+              "gnomeTheme.oledBlack" = true; # Enable nord theme (doesn't work)
+              "svg.context-properties.content.enabled" = true; # This doesn't work either
+              "signon.firefoxRelay.feature" = "disabled";
              "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
              "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"developer-button\"],\"dirtyAreaCache\":[\"nav-bar\",\"PersonalToolbar\",\"toolbar-menubar\",\"TabsToolbar\"],\"currentVersion\":19}";
            };
--- a/secrets/caldavUsers.age
+++ b/secrets/caldavUsers.age
--- a/secrets/davPassword.age
+++ b/secrets/davPassword.age
@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 VKQUdQ BVNxPsMHCe7NDcGokSCvtJ8rc5bvkCRpnG2aSf5D6iw
+gssZhiKazFaIUGgdrzCkkM1Nwf+36sOOThwau8XgkCI
+--- G5goKzXT+An3d7HKCuT6BLyf9OAyY9QaBp5Z7zpC1CQ
+S<EFBFBD>gxdU2.¤ßßj¤f ¯º²·/üÝû?‹•ŽN²|áÒ»Ðã
+
--- a/secrets/davSecret.age
+++ b/secrets/davSecret.age