Use davis for dav

2025-03-25 11:30:36 -04:00 · 2025-03-25 11:30:36 -04:00 · aa2d1ffcd9
commit aa2d1ffcd9
parent edbef36e0e
8 changed files with 67 additions and 25 deletions
--- a/clients/quadraticserver/caldav.nix
+++ b/clients/quadraticserver/caldav.nix
@ -1,13 +0,0 @@
 {config, ...}: {
  services = {
    radicale = {
      enable = true;
      settings.auth = {
        type = "htpasswd";
        htpasswd_filename = config.age.secrets."caldavUsers.age".path;
        htpasswd_encryption = "htpasswd";
      };
    };
    caddy.virtualHosts."dav.henryhiles.com".extraConfig = "reverse_proxy localhost:5232";
  };
 }
--- a/clients/quadraticserver/dav.nix
+++ b/clients/quadraticserver/dav.nix
@ -0,0 +1,38 @@
 {config, ...}: {
  services = let
    domain = "dav.henryhiles.com";
  in {
    davis = {
      enable = true;
      hostname = domain;
      appSecretFile = config.age.secrets."davSecret.age".path;
      adminPasswordFile = config.age.secrets."davPassword.age".path;
      poolConfig = with config.services.caddy; {
        "listen.owner" = user;
        "listen.group" = group;
      };
      mail.dsn = "smtp://username:password@example.com:25";
      nginx = {};
    };
    nginx.enable = false; # We use caddy instead
    caddy.virtualHosts."${domain}".extraConfig = ''
      encode zstd gzip
      header {
          -Server
          -X-Powered-By
          Strict-Transport-Security max-age=31536000;
          X-Content-Type-Options nosniff
          Referrer-Policy no-referrer-when-downgrade
      }
      root * ${config.services.davis.package}/public
      php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
      file_server
      redir /.well-known/carddav /dav/ 301
      redir /.well-known/caldav /dav/ 301
    '';
  };
 }
--- a/clients/quadraticserver/matrix.nix
+++ b/clients/quadraticserver/matrix.nix
@ -1,19 +1,22 @@
-{
+{config, ...}: {
  networking.firewall.allowedTCPPorts = [8448];
-  services = {
+  services = let
    domain = "matrix.henryhiles.com";
    socket = "/run/conduwuit/socket";
  in {
    conduwuit = {
      enable = true;
-      group = "caddy";
+      group = config.services.caddy.group;
      settings.global = {
        server_name = "henryhiles.com";
-        unix_socket_path = "/run/conduwuit/socket";
+        unix_socket_path = socket;
      };
    };
-    caddy.virtualHosts."matrix.henryhiles.com" = {
+    caddy.virtualHosts."${domain}" = {
-      serverAliases = ["matrix.henryhiles.com:8448"];
+      serverAliases = ["${domain}:8448"];
-      extraConfig = "reverse_proxy unix//run/conduwuit/socket";
+      extraConfig = "reverse_proxy unix/${socket}";
    };
  };
 }
--- a/clients/quadraticserver/vaultwarden.nix
+++ b/clients/quadraticserver/vaultwarden.nix
@ -1,15 +1,17 @@
 {
-  services = {
+  services = let
    domain = "vaultwarden.henryhiles.com";
  in {
    vaultwarden = {
      enable = true;
      config = {
-        domain = "https://vaultwarden.henryhiles.com";
+        domain = "https://${domain}";
        signupsAllowed = false;
        passwordHintsAllowed = false;
        rocketAddress = "127.0.0.1";
      };
    };
-    caddy.virtualHosts."vaultwarden.henryhiles.com".extraConfig = "reverse_proxy localhost:8000";
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy localhost:8000";
  };
 }
--- a/modules/desktop/firefox/default.nix
+++ b/modules/desktop/firefox/default.nix
@ -70,6 +70,11 @@
      DisableSetDesktopBackground = true;
      DisableMasterPasswordCreation = true;
      # We use bitwarden for these
      PasswordManagerEnabled = false;
      AutofillAddressEnabled = false;
      AutofillCreditCardEnabled = false;
      DontCheckDefaultBrowser = true;
      HttpsOnlyMode = "force_enabled";
@ -144,8 +149,9 @@
            IconURL = "https://github.com/NixOS/nixos-artwork/raw/refs/heads/master/logo/nix-snowflake-white.svg";
            Alias = "np";
            preferences = {
-              "gnomeTheme.oledBlack" = true; # Enable nord theme
+              "gnomeTheme.oledBlack" = true; # Enable nord theme (doesn't work)
-              "svg.context-properties.content.enabled" = true;
+              "svg.context-properties.content.enabled" = true; # This doesn't work either
              "signon.firefoxRelay.feature" = "disabled";
              "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
              "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"developer-button\"],\"dirtyAreaCache\":[\"nav-bar\",\"PersonalToolbar\",\"toolbar-menubar\",\"TabsToolbar\"],\"currentVersion\":19}";
            };
--- a/secrets/caldavUsers.age
+++ b/secrets/caldavUsers.age
--- a/secrets/davPassword.age
+++ b/secrets/davPassword.age
@ -0,0 +1,6 @@
 age-encryption.org/v1
 -> ssh-ed25519 VKQUdQ BVNxPsMHCe7NDcGokSCvtJ8rc5bvkCRpnG2aSf5D6iw
 gssZhiKazFaIUGgdrzCkkM1Nwf+36sOOThwau8XgkCI
 --- G5goKzXT+An3d7HKCuT6BLyf9OAyY9QaBp5Z7zpC1CQ
 S<EFBFBD>gxdU2.¤ßßj¤f ¯º²·/üÝû?‹•ŽN²|áÒ»Ðã
--- a/secrets/davSecret.age
+++ b/secrets/davSecret.age