rm coredns and step-ca. use hs extra dns records. resolve vaultwarden

2026-05-17 22:44:00 +02:00 · 2026-05-17 22:44:00 +02:00 · 41ce9b892b
commit 41ce9b892b
parent 1bb2b7c194
10 changed files with 73 additions and 36 deletions
--- a/hosts/sid/services/coredns.nix
+++ b/hosts/sid/services/coredns.nix
@ -14,12 +14,7 @@
        hosts {
          ${hosts.sid.ip} ${ca-fqdn} 

-          ${hosts.rx4.ip} rx4.tail
-          ${hosts.sid.ip} sid.tail
-          ${hosts.vde.ip} vde.tail
-
          ${hosts.sid.ip} ${services.netdata.fqdn}
-          ${hosts.sid.ip} ${services.vaultwarden.fqdn}

          fallthrough
        }
--- a/hosts/sid/services/default.nix
+++ b/hosts/sid/services/default.nix
@ -10,7 +10,6 @@

    outputs.nixosModules.tailscale

-    ./coredns.nix
    ./headscale.nix
    ./mailserver.nix
    ./matrix-synapse.nix
@ -18,6 +17,8 @@
    ./nginx.nix
    ./radicale.nix
    ./rss-bridge.nix
-    ./step-ca.nix
+
+    # ./coredns.nix
+    # ./step-ca.nix
  ];
 }
--- a/hosts/sid/services/headscale.nix
+++ b/hosts/sid/services/headscale.nix
@ -1,5 +1,6 @@
 {
  inputs,
+  constants,
  ...
 }:

@ -24,5 +25,17 @@
      enable = true;
      subdomain = "hs";
    };
+    settings.dns.extra_records = [
+      {
+        name = constants.services.vaultwarden.fqdn;
+        type = "A";
+        value = constants.hosts.rx4.ip;
+      }
+      {
+        name = constants.services.netdata.fqdn;
+        type = "A";
+        value = constants.hosts.sid.ip;
+      }
+    ];
  };
 }
--- a/hosts/sid/services/mailserver.nix
+++ b/hosts/sid/services/mailserver.nix
@ -1,4 +1,4 @@
-{ inputs, config, ... }:
+{ inputs, ... }:

 {
  imports = [ inputs.synix.nixosModules.mailserver ];
@ -6,10 +6,12 @@
  mailserver = {
    enable = true;
    stateVersion = 3;
-    localDnsResolver = !config.services.coredns.enable;
    accounts = {
      sid = {
-        aliases = [ "postmaster" ];
+        aliases = [
+          "admin"
+          "postmaster"
+        ];
      };
      vaultwarden = { };
    };
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@ -56,15 +56,6 @@ in
      address = constants.hosts.rx4.ip;
      port = constants.services.miniflux.port;
    };
-    virtualHosts."${constants.services.netdata.fqdn}" = {
-      useACMEHost = "sid-internal";
-      forceSSL = ssl;
-      locations."/" = {
-        # proxyPass = "http://${constants.hosts.sid.ip}:${toString constants.services.netdata.port}";
-        proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
-        proxyWebsockets = true;
-      };
-    };
    virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost {
      inherit ssl;
      address = constants.hosts.rx4.ip;
@ -82,15 +73,6 @@ in
      address = constants.hosts.rx4.ip;
      port = constants.services.rsshub-oci.port;
    };
-    virtualHosts."${constants.services.vaultwarden.fqdn}" = {
-      useACMEHost = "sid-internal";
-      forceSSL = ssl;
-      locations = {
-        "/" = {
-          proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}";
-        };
-      };
-    };
    # FIXME
    # virtualHosts."print.sid.ovh" = {
    #   enableACME = true;
--- a/hosts/sid/services/step-ca.nix
+++ b/hosts/sid/services/step-ca.nix
@ -78,10 +78,8 @@ in
  security.acme = {
    certs."sid-internal" = {
      # domain = constants.intranet;
-      domain = constants.services.vaultwarden.fqdn;
+      domain = constants.services.netdata.fqdn;
      extraDomainNames = [
-        constants.services.netdata.fqdn
-        # constants.services.vaultwarden.fqdn
      ];
      server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory";
      group = "nginx";