AZ-Intec-GmbH/AZ-NIX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: basecamp headers

Browse Source
This commit is contained in:
m3tm3re
2026-03-31 08:24:18 +02:00
parent fb54000ad8
commit 7f05821126
2 changed files with 46 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
flake.lock generated
View File

@@ -442,11 +442,11 @@
]
},
"locked": {
"lastModified": 1774647770,
"narHash": "sha256-UNNi14XiqRWWjO8ykbFwA5wRwx7EscsC+GItOVpuGjc=",
"lastModified": 1774898676,
"narHash": "sha256-0Utnqo+FbB+0CVUi0MI3oonF0Kuzy9VcgRkxl53Euvk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "02371c05a04a2876cf92e2d67a259e8f87399068",
"rev": "a184bd2f8426087bae93f203403cd4b86c99e57d",
"type": "github"
},
"original": {
@@ -463,11 +463,11 @@
]
},
"locked": {
"lastModified": 1774559029,
"narHash": "sha256-deix7yg3j6AhjMPnFDCmWB3f83LsajaaULP5HH2j34k=",
"lastModified": 1774875830,
"narHash": "sha256-WPYlTmZvVa9dWlAziFkVjBdv1Z6giNIq40O1DxsBmiI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a0bb0d11514f92b639514220114ac8063c72d0a3",
"rev": "7afd8cebb99e25a64a745765920e663478eb8830",
"type": "github"
},
"original": {
@@ -517,11 +517,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1774684080,
"narHash": "sha256-eJIUxivNSrQG8XSdr5L1Wd22D4rk7tBFe9cu232Ko24=",
"lastModified": 1774928491,
"narHash": "sha256-blqxzOmDdR35BjHeA8V6NeoQot4mysWy8N8ZMiHyEsk=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "7176adaf9eff4f30fc4ec1c635da530c083cd52e",
"rev": "fb1dfb5960aa4b8a91995f8f99ec2452e5052dbe",
"type": "github"
},
"original": {
@@ -582,11 +582,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1774684080,
"narHash": "sha256-eJIUxivNSrQG8XSdr5L1Wd22D4rk7tBFe9cu232Ko24=",
"lastModified": 1774928491,
"narHash": "sha256-blqxzOmDdR35BjHeA8V6NeoQot4mysWy8N8ZMiHyEsk=",
"owner": "numtide",
"repo": "nix-ai-tools",
"rev": "7176adaf9eff4f30fc4ec1c635da530c083cd52e",
"rev": "fb1dfb5960aa4b8a91995f8f99ec2452e5052dbe",
"type": "github"
},
"original": {
@@ -768,11 +768,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1774386573,
"narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
"lastModified": 1774709303,
"narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
"rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685",
"type": "github"
},
"original": {
@@ -800,11 +800,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1774273680,
"narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=",
"lastModified": 1774610258,
"narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed",
"rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
"type": "github"
},
"original": {
@@ -832,11 +832,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1774273680,
"narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=",
"lastModified": 1774610258,
"narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed",
"rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
"type": "github"
},
"original": {
@@ -848,11 +848,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1774388614,
"narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=",
"lastModified": 1774799055,
"narHash": "sha256-Tsq9BCz0q47ej1uFF39m4tuhcwru/ls6vCCJzutEpaw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e",
"rev": "107cba9eb4a8d8c9f8e9e61266d78d340867913a",
"type": "github"
},
"original": {
@@ -902,11 +902,11 @@
]
},
"locked": {
"lastModified": 1774700410,
"narHash": "sha256-2vvPMI78Wye6HttV+mQgX0QeaSQkNgkkbXaOXlt5uhM=",
"lastModified": 1774929276,
"narHash": "sha256-StSnsgFFogwcaXqdULLxDHOessfwlZwm3k49u90GoM0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "560b181abe2bba9d130123a5dfa56f03c1d5be88",
"rev": "f270f94a836545d0ac21331984ac23af5a70cbd5",
"type": "github"
},
"original": {

20
hosts/AZ-CLD-1/services/containers/baserow.nix
View File

@@ -8,11 +8,19 @@
servicePort = portUtils.getPort serviceName "AZ-CLD-1";
in {
virtualisation.oci-containers.containers.${serviceName} = {
image = "docker.io/baserow/baserow:2.1.0";
image = "docker.io/baserow/baserow:2.1.6";
environment = {
BASEROW_AMOUNT_OF_GUNICORN_WORKERS = "4";
BASEROW_AMOUNT_OF_WORKERS = "2";
DATABASE_CONN_MAX_AGE = "60";
# Proxy: tell Django the connection is HTTPS so cookies get Secure flag
BASEROW_ENABLE_SECURE_PROXY_SSL_HEADER = "yes";
# Published apps run on different origins — allow cross-origin cookie delivery
BASEROW_FRONTEND_SAME_SITE_COOKIE = "none";
# Valid base domain for published app subdomains
BASEROW_BUILDER_DOMAINS = "az-gruppe.com";
# Disable Caddy's on_demand TLS — Traefik handles TLS termination
BASEROW_CADDY_GLOBAL_CONF = "auto_https off";
};
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:${toString servicePort}:80"];
@@ -28,6 +36,13 @@ in {
}
];
middlewares."${serviceName}-headers".headers = {
customRequestHeaders = {
X-Forwarded-Proto = "https";
X-Forwarded-Port = "443";
};
};
routers.${serviceName} = {
rule = "Host(`br.az-gruppe.com`)";
tls = {
@@ -35,6 +50,7 @@ in {
};
service = serviceName;
entrypoints = "websecure";
middlewares = ["${serviceName}-headers"];
};
routers.azubi = {
@@ -44,6 +60,7 @@ in {
};
service = serviceName;
entrypoints = "websecure";
middlewares = ["${serviceName}-headers"];
};
routers.ausbilder = {
rule = "Host(`ausbilder.az-gruppe.com`)";
@@ -52,6 +69,7 @@ in {
};
service = serviceName;
entrypoints = "websecure";
middlewares = ["${serviceName}-headers"];
};
};
}