diff --git a/flake.lock b/flake.lock index a08e725..26cf2db 100644 --- a/flake.lock +++ b/flake.lock @@ -442,11 +442,11 @@ ] }, "locked": { - "lastModified": 1774647770, - "narHash": "sha256-UNNi14XiqRWWjO8ykbFwA5wRwx7EscsC+GItOVpuGjc=", + "lastModified": 1774898676, + "narHash": "sha256-0Utnqo+FbB+0CVUi0MI3oonF0Kuzy9VcgRkxl53Euvk=", "owner": "nix-community", "repo": "home-manager", - "rev": "02371c05a04a2876cf92e2d67a259e8f87399068", + "rev": "a184bd2f8426087bae93f203403cd4b86c99e57d", "type": "github" }, "original": { @@ -463,11 +463,11 @@ ] }, "locked": { - "lastModified": 1774559029, - "narHash": "sha256-deix7yg3j6AhjMPnFDCmWB3f83LsajaaULP5HH2j34k=", + "lastModified": 1774875830, + "narHash": "sha256-WPYlTmZvVa9dWlAziFkVjBdv1Z6giNIq40O1DxsBmiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0bb0d11514f92b639514220114ac8063c72d0a3", + "rev": "7afd8cebb99e25a64a745765920e663478eb8830", "type": "github" }, "original": { @@ -517,11 +517,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774684080, - "narHash": "sha256-eJIUxivNSrQG8XSdr5L1Wd22D4rk7tBFe9cu232Ko24=", + "lastModified": 1774928491, + "narHash": "sha256-blqxzOmDdR35BjHeA8V6NeoQot4mysWy8N8ZMiHyEsk=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "7176adaf9eff4f30fc4ec1c635da530c083cd52e", + "rev": "fb1dfb5960aa4b8a91995f8f99ec2452e5052dbe", "type": "github" }, "original": { @@ -582,11 +582,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1774684080, - "narHash": "sha256-eJIUxivNSrQG8XSdr5L1Wd22D4rk7tBFe9cu232Ko24=", + "lastModified": 1774928491, + "narHash": "sha256-blqxzOmDdR35BjHeA8V6NeoQot4mysWy8N8ZMiHyEsk=", "owner": "numtide", "repo": "nix-ai-tools", - "rev": "7176adaf9eff4f30fc4ec1c635da530c083cd52e", + "rev": "fb1dfb5960aa4b8a91995f8f99ec2452e5052dbe", "type": "github" }, "original": { @@ -768,11 +768,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1774709303, + "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", "type": "github" }, "original": { @@ -800,11 +800,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1774273680, - "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", + "lastModified": 1774610258, + "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", + "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611", "type": "github" }, "original": { @@ -832,11 +832,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1774273680, - "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", + "lastModified": 1774610258, + "narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", + "rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611", "type": "github" }, "original": { @@ -848,11 +848,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1774388614, - "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", + "lastModified": 1774799055, + "narHash": "sha256-Tsq9BCz0q47ej1uFF39m4tuhcwru/ls6vCCJzutEpaw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", + "rev": "107cba9eb4a8d8c9f8e9e61266d78d340867913a", "type": "github" }, "original": { @@ -902,11 +902,11 @@ ] }, "locked": { - "lastModified": 1774700410, - "narHash": "sha256-2vvPMI78Wye6HttV+mQgX0QeaSQkNgkkbXaOXlt5uhM=", + "lastModified": 1774929276, + "narHash": "sha256-StSnsgFFogwcaXqdULLxDHOessfwlZwm3k49u90GoM0=", "owner": "nix-community", "repo": "NUR", - "rev": "560b181abe2bba9d130123a5dfa56f03c1d5be88", + "rev": "f270f94a836545d0ac21331984ac23af5a70cbd5", "type": "github" }, "original": { diff --git a/hosts/AZ-CLD-1/services/containers/baserow.nix b/hosts/AZ-CLD-1/services/containers/baserow.nix index f1604a3..cc6cada 100644 --- a/hosts/AZ-CLD-1/services/containers/baserow.nix +++ b/hosts/AZ-CLD-1/services/containers/baserow.nix @@ -8,11 +8,19 @@ servicePort = portUtils.getPort serviceName "AZ-CLD-1"; in { virtualisation.oci-containers.containers.${serviceName} = { - image = "docker.io/baserow/baserow:2.1.0"; + image = "docker.io/baserow/baserow:2.1.6"; environment = { BASEROW_AMOUNT_OF_GUNICORN_WORKERS = "4"; BASEROW_AMOUNT_OF_WORKERS = "2"; DATABASE_CONN_MAX_AGE = "60"; + # Proxy: tell Django the connection is HTTPS so cookies get Secure flag + BASEROW_ENABLE_SECURE_PROXY_SSL_HEADER = "yes"; + # Published apps run on different origins — allow cross-origin cookie delivery + BASEROW_FRONTEND_SAME_SITE_COOKIE = "none"; + # Valid base domain for published app subdomains + BASEROW_BUILDER_DOMAINS = "az-gruppe.com"; + # Disable Caddy's on_demand TLS — Traefik handles TLS termination + BASEROW_CADDY_GLOBAL_CONF = "auto_https off"; }; environmentFiles = [config.age.secrets.baserow-env.path]; ports = ["127.0.0.1:${toString servicePort}:80"]; @@ -28,6 +36,13 @@ in { } ]; + middlewares."${serviceName}-headers".headers = { + customRequestHeaders = { + X-Forwarded-Proto = "https"; + X-Forwarded-Port = "443"; + }; + }; + routers.${serviceName} = { rule = "Host(`br.az-gruppe.com`)"; tls = { @@ -35,6 +50,7 @@ in { }; service = serviceName; entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; }; routers.azubi = { @@ -44,6 +60,7 @@ in { }; service = serviceName; entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; }; routers.ausbilder = { rule = "Host(`ausbilder.az-gruppe.com`)"; @@ -52,6 +69,7 @@ in { }; service = serviceName; entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; }; }; }