blacksteel: fix element sso login

home/applications/ssh/default.nix

@@ -0,0 +1,11 @@
+{config, ...}: {
+  programs.ssh = {
+    enable = true;
+    matchBlocks = let
+      inherit (config.home) homeDirectory;
+    in {
+      "blacksteel".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+      "tyo0.ny4.dev".identityFile = "${homeDirectory}/.ssh/id_github_signing";
+    };
+  };
+}

home/default.nix

@@ -42,6 +42,7 @@
     ./applications/git
     ./applications/gpg
     ./applications/neovim
+    ./applications/ssh
     ./applications/starship
     ./applications/tealdeer
     ./applications/tmux

hosts/aristotle/default.nix

@@ -30,9 +30,6 @@
     localsend
   ];
 
-  networking.firewall.allowedTCPPorts = [53317];
-  networking.firewall.allowedUDPPorts = [53317];
-
   programs.adb.enable = true;
   programs.anime-game-launcher.enable = true;
   programs.seahorse.enable = true;

hosts/blacksteel/Caddyfile

@@ -40,12 +40,20 @@ http://mastodon.ny4.dev:80 {
 
 http://matrix.ny4.dev:80 {
 	import default
-	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock
+	reverse_proxy /_matrix/* unix//run/matrix-synapse/synapse.sock {
-	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock
+		header_up X-Forwarded-Proto "https"
-	reverse_proxy /health unix//run/matrix-synapse/synapse.sock
+	}
+	reverse_proxy /_synapse/client/* unix//run/matrix-synapse/synapse.sock {
+		header_up X-Forwarded-Proto "https"
+	}
+	reverse_proxy /health unix//run/matrix-synapse/synapse.sock {
+		header_up X-Forwarded-Proto "https"
+	}
 }
 
 http://syncv3.ny4.dev:80 {
 	import default
-	reverse_proxy unix//run/matrix-sliding-sync/sync.sock
+	reverse_proxy unix//run/matrix-sliding-sync/sync.sock {
+		header_up X-Forwarded-Proto "https"
+	}
 }

hosts/blacksteel/default.nix

@@ -47,7 +47,7 @@
   };
 
   ######## Services
-  environment.systemPackages = with pkgs; [qbittorrent];
+  environment.systemPackages = with pkgs; [qbittorrent-nox];
 
   services.tailscale = {
     enable = true;
@@ -60,14 +60,11 @@
       "6222a3e0-98da-4325-be19-0f86a7318a41" = {
         credentialsFile = config.sops.secrets."cloudflared/secret".path;
         default = "http_status:404";
-        ingress = {
+        ingress = lib.genAttrs [
-          # TODO: is this safe?
+          "mastodon.ny4.dev"
-          # browser <-> cloudflare cdn <-> cloudflared <-> caddy <-> mastodon
+          "matrix.ny4.dev"
-          #                                             ^ no tls in this part?
+          "syncv3.ny4.dev"
-          "mastodon.ny4.dev" = "http://localhost:80";
+        ] (_: "http://localhost");
-          "matrix.ny4.dev" = "http://localhost:80";
-          "syncv3.ny4.dev" = "http://localhost:80";
-        };
       };
     };
   };

hosts/dust/default.nix

@@ -27,13 +27,13 @@
 
   environment.systemPackages = with pkgs; [
     yubikey-manager
-    localsend
   ];
 
   networking.firewall.allowedTCPPorts = [53317];
   networking.firewall.allowedUDPPorts = [53317];
 
   programs.adb.enable = true;
+  programs.localsend.enable = true;
   programs.seahorse.enable = true;
   programs.steam.enable = true;
   programs.kdeconnect = {