From aa2d1ffcd9034b8e735529944c1e80d6daa93b43 Mon Sep 17 00:00:00 2001
From: Henry-Hiles <henry@henryhiles.com>
Date: Tue, 25 Mar 2025 11:30:36 -0400
Subject: [PATCH] Use davis for dav

---
 clients/quadraticserver/caldav.nix      |  13 --------
 clients/quadraticserver/dav.nix         |  38 ++++++++++++++++++++++++
 clients/quadraticserver/matrix.nix      |  17 ++++++-----
 clients/quadraticserver/vaultwarden.nix |   8 +++--
 modules/desktop/firefox/default.nix     |  10 +++++--
 secrets/caldavUsers.age                 | Bin 551 -> 0 bytes
 secrets/davPassword.age                 |   6 ++++
 secrets/davSecret.age                   | Bin 0 -> 261 bytes
 8 files changed, 67 insertions(+), 25 deletions(-)
 delete mode 100644 clients/quadraticserver/caldav.nix
 create mode 100644 clients/quadraticserver/dav.nix
 delete mode 100644 secrets/caldavUsers.age
 create mode 100644 secrets/davPassword.age
 create mode 100644 secrets/davSecret.age

diff --git a/clients/quadraticserver/caldav.nix b/clients/quadraticserver/caldav.nix
deleted file mode 100644
index c39692e..0000000
--- a/clients/quadraticserver/caldav.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{config, ...}: {
-  services = {
-    radicale = {
-      enable = true;
-      settings.auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.age.secrets."caldavUsers.age".path;
-        htpasswd_encryption = "htpasswd";
-      };
-    };
-    caddy.virtualHosts."dav.henryhiles.com".extraConfig = "reverse_proxy localhost:5232";
-  };
-}
diff --git a/clients/quadraticserver/dav.nix b/clients/quadraticserver/dav.nix
new file mode 100644
index 0000000..1624188
--- /dev/null
+++ b/clients/quadraticserver/dav.nix
@@ -0,0 +1,38 @@
+{config, ...}: {
+  services = let
+    domain = "dav.henryhiles.com";
+  in {
+    davis = {
+      enable = true;
+      hostname = domain;
+      appSecretFile = config.age.secrets."davSecret.age".path;
+      adminPasswordFile = config.age.secrets."davPassword.age".path;
+
+      poolConfig = with config.services.caddy; {
+        "listen.owner" = user;
+        "listen.group" = group;
+      };
+      mail.dsn = "smtp://username:password@example.com:25";
+      nginx = {};
+    };
+    nginx.enable = false; # We use caddy instead
+
+    caddy.virtualHosts."${domain}".extraConfig = ''
+      encode zstd gzip
+      header {
+          -Server
+          -X-Powered-By
+          Strict-Transport-Security max-age=31536000;
+          X-Content-Type-Options nosniff
+          Referrer-Policy no-referrer-when-downgrade
+      }
+
+      root * ${config.services.davis.package}/public
+      php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
+      file_server
+
+      redir /.well-known/carddav /dav/ 301
+      redir /.well-known/caldav /dav/ 301
+    '';
+  };
+}
diff --git a/clients/quadraticserver/matrix.nix b/clients/quadraticserver/matrix.nix
index 61b951a..4ee7d12 100644
--- a/clients/quadraticserver/matrix.nix
+++ b/clients/quadraticserver/matrix.nix
@@ -1,19 +1,22 @@
-{
+{config, ...}: {
   networking.firewall.allowedTCPPorts = [8448];
 
-  services = {
+  services = let
+    domain = "matrix.henryhiles.com";
+    socket = "/run/conduwuit/socket";
+  in {
     conduwuit = {
       enable = true;
-      group = "caddy";
+      group = config.services.caddy.group;
       settings.global = {
         server_name = "henryhiles.com";
-        unix_socket_path = "/run/conduwuit/socket";
+        unix_socket_path = socket;
       };
     };
 
-    caddy.virtualHosts."matrix.henryhiles.com" = {
-      serverAliases = ["matrix.henryhiles.com:8448"];
-      extraConfig = "reverse_proxy unix//run/conduwuit/socket";
+    caddy.virtualHosts."${domain}" = {
+      serverAliases = ["${domain}:8448"];
+      extraConfig = "reverse_proxy unix/${socket}";
     };
   };
 }
diff --git a/clients/quadraticserver/vaultwarden.nix b/clients/quadraticserver/vaultwarden.nix
index be5286f..ea73c11 100644
--- a/clients/quadraticserver/vaultwarden.nix
+++ b/clients/quadraticserver/vaultwarden.nix
@@ -1,15 +1,17 @@
 {
-  services = {
+  services = let
+    domain = "vaultwarden.henryhiles.com";
+  in {
     vaultwarden = {
       enable = true;
       config = {
-        domain = "https://vaultwarden.henryhiles.com";
+        domain = "https://${domain}";
         signupsAllowed = false;
         passwordHintsAllowed = false;
         rocketAddress = "127.0.0.1";
       };
     };
 
-    caddy.virtualHosts."vaultwarden.henryhiles.com".extraConfig = "reverse_proxy localhost:8000";
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy localhost:8000";
   };
 }
diff --git a/modules/desktop/firefox/default.nix b/modules/desktop/firefox/default.nix
index 9aaf97a..1e7f881 100644
--- a/modules/desktop/firefox/default.nix
+++ b/modules/desktop/firefox/default.nix
@@ -70,6 +70,11 @@
       DisableSetDesktopBackground = true;
       DisableMasterPasswordCreation = true;
 
+      # We use bitwarden for these
+      PasswordManagerEnabled = false;
+      AutofillAddressEnabled = false;
+      AutofillCreditCardEnabled = false;
+
       DontCheckDefaultBrowser = true;
 
       HttpsOnlyMode = "force_enabled";
@@ -144,8 +149,9 @@
             IconURL = "https://github.com/NixOS/nixos-artwork/raw/refs/heads/master/logo/nix-snowflake-white.svg";
             Alias = "np";
             preferences = {
-              "gnomeTheme.oledBlack" = true; # Enable nord theme
-              "svg.context-properties.content.enabled" = true;
+              "gnomeTheme.oledBlack" = true; # Enable nord theme (doesn't work)
+              "svg.context-properties.content.enabled" = true; # This doesn't work either
+              "signon.firefoxRelay.feature" = "disabled";
               "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
               "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"developer-button\"],\"dirtyAreaCache\":[\"nav-bar\",\"PersonalToolbar\",\"toolbar-menubar\",\"TabsToolbar\"],\"currentVersion\":19}";
             };
diff --git a/secrets/caldavUsers.age b/secrets/caldavUsers.age
deleted file mode 100644
index c8b7e691de608adbc0cd84bbe635def228d846c6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 551
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+^9~G62~;RbGR(;h
zE-TE-H!E|=FHMOu@T<tL%Bie$$<1^POHT1N3#src%_>NAG2rs^HVe?tEH8@m&P@yO
zFp0`8t18b4Do*uF^z<_bDE6<cbj?r7NcYciGT_qH)m3maE(kU(E(&$Dh%mP_w@7iz
zsmKqlGAql8aEr_fPY$Wb3^FUo_l<~5GvV_48JJKVuEceWNpiL03D?S^ThncwETu9t
z&s9Zzv6P%Qt<i4|Uu5p#^&Ez8PV%dt$alTuE-9m5{qXKZMX|If^+u~{ZvyQTCs_+V
z3SDfsuy@g^JI}8gXvFg?Yrf~3@o+-M73r{<um6fH4_$51^z6b_Jthw+m%Jl#npf(h
z!ae5X+Az%Y;nD8$%Dz%_B0#=l!Pix;M@|c{?|NhUWR>Zj31XpXt@77*PQJ_AwPfpA
zW0`xC=Nj%j{rA_&%KZ+E{*3dJE?zTwc9Y@h^f2YU_q)ukzAyEjXDH{%#}dqRc}tjC
z`SXyJhnH4&ySqg!OA0FQPLzqr&#0Sibub}PLAq+^#K$icoqr@LtaKL9$r5Y#oVS;y
zWM|a%6WoOty=PVR8Q%+?%e(qqO|;SJHh=Ngv+f7Hd7E_pnC?sY$WsrC-t<4`@^Ef7
z*S-I>H1|}7pM&{@J%|0})~$#;qMW(m><X((6As*n*ev#%{{rW!4M$nRl_w^An#lFa
F2mr@)?E3%!

diff --git a/secrets/davPassword.age b/secrets/davPassword.age
new file mode 100644
index 0000000..1d19bc0
--- /dev/null
+++ b/secrets/davPassword.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 VKQUdQ BVNxPsMHCe7NDcGokSCvtJ8rc5bvkCRpnG2aSf5D6iw
+gssZhiKazFaIUGgdrzCkkM1Nwf+36sOOThwau8XgkCI
+--- G5goKzXT+An3d7HKCuT6BLyf9OAyY9QaBp5Z7zpC1CQ
+SgxdU2.¤ßßj¤f ¯º²·/üÝû?‹•ŽN²|áÒ»Ðã
+
\ No newline at end of file
diff --git a/secrets/davSecret.age b/secrets/davSecret.age
new file mode 100644
index 0000000000000000000000000000000000000000..5d041960f977dc7c8016d9d3c01be0f14811b89f
GIT binary patch
literal 261
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+^9~G62~<e)%g!~e
zO35h*s|+$KuBZt0vJ7#JH1u)zib(M*imLL7G<7!&w<z{YFX!^}PANz;a?Hz1w#abJ
z^9=Sa4oJ=~_q9k(3yla2&x`c%HqA7t2na9rwcyg#)m2DLada_v4{(nRjPNN;^o}w$
zGceBb3NFa=ObzvN^)^pS$?$V^jwmc~HsOj~!}u>WvUi4dYYoGSA2}a{XU&ONuT>s2
zk0m$n^83))W&eJcl)jg;70x_3?@3;swWsX)f=Pi7_ga`eKjzA2{KNjy^~+^9?^!Kr
MSo3S%_F2{10L=kpHUIzs

literal 0
HcmV?d00001