containers: clean up domain names

2026-03-17 17:01:15 +11:00 · 2026-03-17 17:01:15 +11:00 · 518c718a5d
commit 518c718a5d
parent 66332a980a
6 changed files with 17 additions and 13 deletions
--- a/containers/amethyst/flake.nix
+++ b/containers/amethyst/flake.nix
@ -9,6 +9,7 @@
    nixosModule = { ... }:
    let
      name = "amethyst";
+      fqdn = "amethyst.lava.moe";
      subnet = "1";
    in {
      networking.nat = {
@ -17,7 +18,7 @@
        internalInterfaces = [ "ve-${name}" ];
      };

-      services.nginx.virtualHosts."${name}.local.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
--- a/containers/beryllium/flake.nix
+++ b/containers/beryllium/flake.nix
@ -9,6 +9,7 @@
    nixosModule = { ... }:
    let
      name = "beryllium";
+      fqdn = "beryllium.lava.moe";
      subnet = "2";
    in {
      networking.nat = {
@ -17,7 +18,7 @@
        internalInterfaces = [ "ve-${name}" ];
      };

-      services.nginx.virtualHosts."${name}.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".extraConfig = "return 302 'https://lava.moe';";
@ -29,7 +30,7 @@
      services.nginx.virtualHosts."lava.moe" = {
        locations."= /.well-known/matrix/server".extraConfig =
          let
-            server = { "m.server" = "beryllium.lava.moe:443"; };
+            server = { "m.server" = "${fqdn}:443"; };
          in ''
            add_header Content-Type application/json;
            return 200 '${builtins.toJSON server}';
@ -37,7 +38,7 @@
        locations."= /.well-known/matrix/client".extraConfig =
          let
            client = {
-              "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; };
+              "m.homeserver" = { "base_url" = "https://${fqdn}"; };
              # "m.identity_server" = { "base_url" = "https://vector.im"; };
            };
          in ''
@ -51,8 +52,6 @@
      containers.${name} = {
        autoStart = true;
        privateNetwork = true;
-        hostAddress = "10.30.${subnet}.1";
-        localAddress = "10.30.${subnet}.2";
        hostAddress6 = "fd0d:1::${subnet}:1";
        localAddress6 = "fd0d:1::${subnet}:2";
        # privateUsers = "pick";
--- a/containers/citrine/configuration.nix
+++ b/containers/citrine/configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ config, fqdn, lib, ... }: {
  system.stateVersion = "25.11";
  networking.firewall.allowedTCPPorts = [ 22 3000 ];
  networking.firewall.allowedUDPPorts = [ 22 3000 ];
@ -13,8 +13,8 @@
    settings = {
      DEFAULT.APP_NAME = "Garden";
      server = {
-        DOMAIN = "garden.lava.moe";
-        ROOT_URL = "https://garden.lava.moe/";
+        DOMAIN = fqdn;
+        ROOT_URL = "https://${fqdn}/";
        HTTP_PORT = 3000;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
--- a/containers/citrine/flake.nix
+++ b/containers/citrine/flake.nix
@ -6,6 +6,7 @@
  outputs = { nixpkgs, catppuccin, ... }:
  let
    name = "citrine";
+    fqdn = "garden.lava.moe";
    subnetId = "3";

    subnet = x: "fd0d:1::${subnetId}:${toString x}";
@ -35,7 +36,7 @@
        internalInterfaces = [ "ve-${name}" ];
      };

-      services.nginx.virtualHosts."garden.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:3000";
@ -53,6 +54,7 @@
        nixpkgs = nixpkgs;
        ephemeral = true;
        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };

        bindMounts."persist" = {
          hostPath = "/persist/containers/${name}";
--- a/containers/diamond/configuration.nix
+++ b/containers/diamond/configuration.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }: {
+{ fqdn, ... }: {
  system.stateVersion = "25.11";
  systemd.tmpfiles.rules = [
    "d /persist/vaultwarden 755 vaultwarden vaultwarden"
@ -13,6 +13,6 @@

  services.vaultwarden = {
    enable = true;
-    domain = "diamond.local.lava.moe";
+    domain = fqdn;
  };
 }
--- a/containers/diamond/flake.nix
+++ b/containers/diamond/flake.nix
@ -5,6 +5,7 @@
  outputs = { nixpkgs, ... }:
  let
    name = "diamond";
+    fqdn = "astransia.lava.moe";
    subnetId = "4";

    subnet = x: "fd0d:1::${subnetId}:${toString x}";
@ -19,7 +20,7 @@
      inherit modules;
    };
    nixosModule = { ... }: {
-      services.nginx.virtualHosts."diamond.local.lava.moe" = {
+      services.nginx.virtualHosts."${fqdn}" = {
        useACMEHost = "lava.moe";
        forceSSL = true;
        locations."/".proxyPass = "http://[${client}]:8000";
@ -35,6 +36,7 @@
        nixpkgs = nixpkgs;
        ephemeral = true;
        config = { imports = modules; };
+        specialArgs = { inherit fqdn; };

        bindMounts."persist" = {
          hostPath = "/persist/containers/${name}";