update: sputnik

.channelStable.json

@@ -1,7 +1,10 @@
 {
   "url": "https://github.com/NixOS/nixpkgs.git",
-  "rev": "58f9c4c7d3a42c912362ca68577162e38ea8edfb",
+  "rev": "a3a3dda3bacf61e8a39258a0ed9c924eeca8e293",
-  "date": "2020-11-18T12:49:40-05:00",
+  "date": "2020-12-21T23:27:46+09:00",
-  "sha256": "1517dy07jf4zhzknqbgm617lgjxsn7a6k1vgq61c67f6h55qs5ij",
+  "path": "/nix/store/w6v7bln3aqbx4656fknf9q4w9wksk42r-nixpkgs",
-  "fetchSubmodules": false
+  "sha256": "1ahn3srby9rjh7019b26n4rb4926di1lqdrclxfy2ff7nlf0yhd5",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
 }

.channelUnstable.json

@@ -1,7 +1,10 @@
 {
   "url": "https://github.com/NixOS/nixpkgs.git",
-  "rev": "2deeb58f49480f468adca6b08291322de4dbce6b",
+  "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4",
-  "date": "2020-11-12T23:50:31+00:00",
+  "date": "2020-12-09T15:09:49+01:00",
-  "sha256": "0fx2car6dcd1yz6jjkifcan0amwzhs3170h0r69k0wfwiaadpvjv",
+  "path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs",
-  "fetchSubmodules": false
+  "sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53",
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
 }

.nix-writers.json

@@ -2,6 +2,9 @@
   "url": "https://cgit.krebsco.de/nix-writers/",
   "rev": "fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1",
   "date": "2018-10-27T14:45:48+02:00",
+  "path": "/nix/store/81f2li00frwb29kzk7wjw7b87l65s8bg-nix-writers",
   "sha256": "1iy207rcbz9nv9bf64025ypy38x8mwzl6snbmbrq347h6vvs0ksc",
-  "fetchSubmodules": false
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
 }

.nixos-generators.json

@@ -2,6 +2,9 @@
   "url": "https://github.com/nix-community/nixos-generators.git",
   "rev": "ef1e4480cf8af45cfdeac597b2f1b1af33923e93",
   "date": "2019-01-18T10:41:01+01:00",
+  "path": "/nix/store/61wmz4fvlyxnxhw9smkl897rhavj06ry-nixos-generators-ef1e448",
   "sha256": "0ymzp4pmpkjjjg5h8d45gv8avy4wh1dj0v238i2cz3jp3j489ik9",
-  "fetchSubmodules": false
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
 }

configs/pepe/home-assistant.nix

@@ -429,7 +429,7 @@ in {
       #  };
       #};
 
-      hot = 22;
+      hot = 23;
       cold = 14;
 
       fyrtur_command = device: position: {

configs/sputnik/nginx.nix

@@ -55,7 +55,38 @@ in {
         extraConfig = error.extraConfig;
 
         locations = {
-          "/" = { proxyPass = "http://workhorse.private:3000"; };
+          "/" = {
+            proxyPass = "http://workhorse.private:3000";
+            extraConfig = ''
+              if ($request_method = 'OPTIONS') {
+              add_header 'Access-Control-Allow-Origin' '*';
+              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+              #
+              # Custom headers and headers various browsers *should* be OK with but aren't
+              #
+              add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+              #
+              # Tell client that this pre-flight info is valid for 20 days
+              #
+              add_header 'Access-Control-Max-Age' 1728000;
+              add_header 'Content-Type' 'text/plain; charset=utf-8';
+              add_header 'Content-Length' 0;
+              return 204;
+              }
+              if ($request_method = 'POST') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+              }
+              if ($request_method = 'GET') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
+              }
+            '';
+          };
         } // error.locations;
       };
 
@@ -256,19 +287,53 @@ in {
 
   services.sslh = {
     enable = true;
-    listenAddress = "0.0.0.0";
+    listenAddresses = [ "0.0.0.0" ];
     port = 443;
-    verbose = false;
+    verbose = true;
     transparent = true;
-    appendConfig = # json
+    # List of protocols
-      ''
+    #
-        protocols:
+    # Each protocol entry consists of:
-        (
+    #   name: name of the probe. These are listed on the command line (ssh -?), plus 'regex' and 'timeout'.
-          { name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
+    #   service: (optional) libwrap service name (see hosts_access(5))
-          { name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
+    #   host, port: where to connect when this probe succeeds
-          { name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
+    #   log_level:  0 to turn off logging
-        );
+    #               1 to log each incoming connection
-      '';
+    #   keepalive:  Should TCP keepalive be on or off for that
+    #               connection (default is off)
+    #   fork: Should a new process be forked for this protocol?
+    #         (only useful for sslh-select)
+    #   tfo_ok: Set to true if the server supports TCP FAST OPEN
+    #
+    #  Probe-specific options:
+    # (sslh will try each probe in order they are declared, and
+    # connect to the first that matches.)
+    #
+    #       tls:
+    #               sni_hostnames:  list of FQDN for that target
+    #               alpn_protocols: list of ALPN protocols for that target, see:
+    #               https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+    #
+    #               if both sni_hostnames AND alpn_protocols are specified, both must match
+    #
+    #               if neither are set, it is just checked whether this is the TLS protocol or not
+    #
+    #               Obviously set the most specific probes
+    #               first, and if you use TLS with no ALPN/SNI
+    #               set it as the last TLS probe
+    #       regex:
+    #               regex_patterns: list of patterns to match for
+    #               that target.
+    #
+    # You can specify several of 'regex' and 'tls'.
+    appendConfig = ''
+      protocols:
+      (
+        { name: "ssh"; service: "ssh"; host: "localhost"; port: "2222";},
+        { name: "tls";                 host: "localhost"; port: "4443";},
+        { name: "tinc";                host: "localhost"; port: "655"; }
+      );
+    '';
   };
 
   systemd.services."socat-proxy" = {