diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 62be55c..2828ff6 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -19,38 +19,43 @@ in DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; + TRUSTED_PROXIES = "**"; + APP_URL = "https://${host}"; }; }; - nginx = { - enable = true; - virtualHosts.${config.services.firefly-iii.virtualHost} = { - listen = [ - { - addr = "0.0.0.0"; - port = 8080; - } - ]; - }; - }; + + # nginx = { + # enable = true; + # virtualHosts.${config.services.firefly-iii.virtualHost} = { + # listen = [ + # { + # addr = "0.0.0.0"; + # port = 8080; + # } + # ]; + # }; + # }; + caddy = { virtualHosts = { "${host}" = { extraConfig = '' encode gzip - reverse_proxy 0.0.0.0:8080 { - header_up Host {host}:{server_port} + # Proxy to Firefly III (which runs on port 8080 by default) + reverse_proxy localhost:8080 { + header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} header_up X-Forwarded-Ssl on header_up Connection "" - timeout 240s dial_timeout 240s } + # Handle session cookies @session_cookie header Cookie *session* handle @session_cookie { header Cache-Control "no-cache, no-store, must-revalidate" @@ -59,6 +64,7 @@ in request_body { max_size 64MB } + tls ${service.ssl.cert} ${service.ssl.key} ''; };