feat[server]: also proxy roundcube

hosts/nixos/aarch64-linux/belchsfactory/default.nix

@@ -13,7 +13,6 @@
   topology.self = {
     icon = "devices.cloud-server";
   };
-  swarselmodules.server.nginx = false;
 
   swarselsystems = {
     flakePath = "/root/.dotfiles";
@@ -62,7 +61,7 @@
     postgresql = true;
     attic = true;
     garage = true;
-    hydra = true;
+    hydra = false;
     dns-hostrecord = true;
   };
 

hosts/nixos/aarch64-linux/liliputsteps/default.nix

@@ -32,7 +32,6 @@
   };
 
   swarselmodules.server = {
-    nginx = false;
     bastion = true;
     dns-hostrecord = true;
     # ssh = false;

hosts/nixos/aarch64-linux/stoicclub/default.nix

@@ -10,8 +10,6 @@
   topology.self = {
     icon = "devices.cloud-server";
   };
-  swarselmodules.server.nginx = false;
-
 
   swarselsystems = {
     flakePath = "/root/.dotfiles";
@@ -34,7 +32,6 @@
 
   swarselmodules.server = {
     nsd = true;
-    nginx = false;
     dns-hostrecord = true;
   };
 }

hosts/nixos/aarch64-linux/twothreetunnel/default.nix

@@ -33,7 +33,7 @@
             "moonside"
             "winters"
             "belchsfactory"
-            # "eagleland"
+            "eagleland"
           ];
         };
       };
@@ -45,8 +45,8 @@
   };
 
   swarselmodules.server = {
-    nginx = true; # for now
-    oauth2-proxy = true; # for now
+    nginx = true;
+    oauth2-proxy = true;
     dns-hostrecord = true;
     wireguard = true;
   };

hosts/nixos/aarch64-linux/twothreetunnel/secrets/acme.json

@@ -1,28 +0,0 @@
-{
-	"swarsel.win": {
-		"fulldomain": "ENC[AES256_GCM,data:CVasUSMRn/KWzVRlcYfTO/RL+W5Cz2JpDj0JLAKITXrDZrl+Wsg46X8zv4hX6NLj/wAyvXQ=,iv:N3DL4JPX8vWTbllFWcpNulwtDJ57xpHrAwoUxWhTzxs=,tag:CYWoK9uT121rFXQ5h69CZA==,type:str]",
-		"subdomain": "ENC[AES256_GCM,data:uM457vEJa10IV4SovBDUzLLlW+mPwh1SiWr8thQisFoe6zAk,iv:Tdbd5a20Gv/thkPfsvNiAbI86JjcDs70MAfk4yCZLgs=,tag:MulJiRWPs215x0bc+1jBiA==,type:str]",
-		"username": "ENC[AES256_GCM,data:ePE2BEKL5uaXqzGngW9ArhwP3qwDzwULtfwUfb5Q56VGGURp,iv:/GZRbyXHorcq1PIYlhfOmUVwCg0I/N4ZraEzSrc8qmA=,tag:wM5B1U0BsRsBAJg3qNOXpA==,type:str]",
-		"password": "ENC[AES256_GCM,data:RGzdi8IMqm+rtiuU4RtWGQ4N/7FYBbp5Pir8/k2V1QEdM8z7SIn0FQ==,iv:ThFbY9eZuEZoyzcWV5DwtSi8ugNwM49JfRof560Qx/Y=,tag:sgMaLrPB8WgpXWPzaCwOBQ==,type:str]",
-		"server_url": "ENC[AES256_GCM,data:zJdXoO7ED7qeskYJ9Wu0Rdprbvj/uP+Z,iv:ce+QXocqCjNKCsZRyVt6koUyc2lsTwPNMcfQyqbktN0=,tag:bQSE4/6va+V0TORWANLdUA==,type:str]"
-	},
-	"sops": {
-		"age": [
-			{
-				"recipient": "age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZ0ErYjZTb2o1LzdZY2tz\nNUR0dy9DWkVyQlZBQU1WSmFja0pUN3NJSkNvClNLbTU5RFFwUkJQVUNML291eG5N\nZDlCK0JvMjVDL3lvMURMbFptQ1Z4ZWsKLS0tIFA3OEUrL2tXZGM3TFk4L2l6RUo0\nMVBZOFBYS2lablRuR0hneU02eURYQWMK1M9ng/GcFH+NEmknJ8SHOUxc8atX3p1E\nB/3+4dVWSwVdTEkG2VqQTdo/irjbTKpqZ0m5bg9zDhxZpyQ2lr2ePA==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-12-04T19:04:02Z",
-		"mac": "ENC[AES256_GCM,data:nWV/knCo/MeWTBrfq1VlV6SPEQ2i2P+le82S2So0BIxPfz8tqan0MdaIaKLFlapsT9VRJOv8ZCCXSLWeGcbEvfmEz4MP1E4iHcU/4YaO+n895D1JrjeyP1cgGisnXqe01xMXCsDY178sqxHcnDDlXp9foCem+mGjIlKGPYGu5Oo=,iv:qbavbW3MF4fx+E3aybBYaz/T/Hb63ggWml4Oe9WFz+I=,tag:05vBbBGDGRNaXJWoZn1bVw==,type:str]",
-		"pgp": [
-			{
-				"created_at": "2025-12-04T17:59:06Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//bwwqP095CUku9qYMYLJToU9iuL7USF7UxfKQLgP7Lx3a\nilbrofOS508V2og32sZD8y8GGDCMc7HMQv8TcgIk/kq6jX5dHUYN68nVMQ8ZG0As\nW1kpo/cLZAPHoWWEG5E1INX+KSN3b/KhZgXohuVyrax3aTy0kcKeApAJlntr+gyV\nfjPjjvGxXrCXZHN6DzKZ+zqEIs18T0ByLtqLsYzTlD4FszISGCnf6Kr5jpj43BcA\ny1Hj6avzk1bQqPEFovf5JcB+O3DnkIwus+GlXihu/6gIiatbdshVKk/vDdR6TR1/\noDg2EV98uX1K+gEe1JvJdC1JrAPZkOtx4hiFcLVc5G6phdQ08hY4PZ8On4Yajkby\nj46FkPNLB4TwwSC2Ga03CadpaUK0twNGAH7oya3VXUiHqqu2rnVgUjrsZCr6yA4d\nJmumRiTHvnQjECQB5J837wXoDOivaaY0OszELM41p6UIhMTG4/SkkEvfgAI3goGN\nV5g4uBES/TGCedU5NS5EMtsjRoJSQDyvhfkzMUBDcUm8xQ3RKRtdqTZVkT75Ti6M\nmnZolAkqq3uWwmSTIXTgC7T2dnWLRVgfpj7hzZX43ucf5bXCn6QXoZscMUL9LKR5\nd3lyh66PoHghatrb0u3E1ub6XJQWkbDDkKDHRuYjU02Ai12oPd48nhyTuhnmeLCF\nAgwDC9FRLmchgYQBEACgklMklJy3J1U542h3ofmkH5otjNaWv14oVr2yNdOxhlIG\nDYTb9vuLL1lAwxOB7JW6sgPbS9TmiCU6ZBYDeQDmfth7yPWK3/Epmd5wmXDENqra\njoZcpNSvvMnescS0MJWsSF2BHJiwPJewuOCAiL0EXGYVNB7z54kAt342okScNDK2\ndS6/ddjVKFsSi73HmLqQk7wmYpZuqIGoJQXH+E2to8h19e35YxOEsnG2DcVyC7xZ\nqHeUfuM9BTVJmUvqFdovz3lYJ+xg2CjBf8u0jRKOhhufS8JAu9H2ye9dWPktslMF\nRjfRbTAwryVGYmajnlmfoge+OD0XsubSaT79BixZ6xwXgA8xrCvM8in8ZeYsug66\nrgA/I7sO2PPQBh+FNVfuxVVr4MC1Nehk3/JghYzF9Ip7uAvoB9bzi0Yx7L3wGY8i\nr5Rss81IIYvZY4NmPwsOkeX+v9k6GbrcBDa521nl9gz3Ll9Q59jicZBaNyuIvJ3f\nP/bmh1nZc9CM+uIP3A5e/5tUTS5E7judEmOeqlotOjZGdoqyGsG1VqJcrcyTzscY\n8LxCIJtQEeM4KoptKaIXt0Mu/puMzQxIpcx9eFDZ+SE7Cl1QXC6HRLW5N99AuD5f\nSmxquKsmc+xB+gNGkYuySeTqfklK3FLTvISXZmoAQKgqdgO0d+hpCpOQ9lkprtJc\nAbMyytjCe+RLnIWHXi1hjQyspcF8JvBgnRp0zWEZwn+C7QI7ChHlSIrudMohS76L\nN2rF646oaFcxr8mDHy9bebQDXlWahbDB/2jFm3/SuyARtKSg8/PaNcuh+c8=\n=LxIo\n-----END PGP MESSAGE-----",
-				"fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
-			}
-		],
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.11.0"
-	}
-}

hosts/nixos/x86_64-linux/eagleland/default.nix

@@ -26,7 +26,15 @@
     isBtrfs = true;
     isNixos = true;
     isLinux = true;
-    proxyHost = "eagleland";
+    proxyHost = "twothreetunnel"; # mail shall not be proxied through twothreetunnel
+    server = {
+      wireguard.interfaces = {
+        wgProxy = {
+          isClient = true;
+          serverName = "twothreetunnel";
+        };
+      };
+    };
   };
 } // lib.optionalAttrs (!minimal) {
 
@@ -34,6 +42,8 @@
     mailserver = true;
     dns-hostrecord = true;
     postgresql = true;
+    nginx = true;
+    wireguard = true;
   };
 
   swarselprofiles = {

hosts/nixos/x86_64-linux/hintbooth/default.nix

@@ -52,7 +52,6 @@
 
   swarselmodules = {
     server = {
-      nginx = lib.mkForce false; # we get this from the server profile
       wireguard = true;
     };
   };

hosts/nixos/x86_64-linux/summers/default.nix

@@ -43,10 +43,6 @@
     server = true;
   };
 
-  swarselmodules.server = {
-    nginx = lib.mkForce false;
-  };
-
   microvm.vms =
     let
       mkMicrovm = guestName: {

hosts/nixos/x86_64-linux/winters/default.nix

@@ -72,37 +72,36 @@
 
   swarselmodules.server = {
     diskEncryption = lib.mkForce false;
-    wireguard = lib.mkDefault true;
-    nfs = lib.mkDefault true;
-    nginx = lib.mkDefault true;
-    kavita = lib.mkDefault true;
-    restic = lib.mkDefault true;
-    jellyfin = lib.mkDefault true;
-    navidrome = lib.mkDefault true;
-    spotifyd = lib.mkDefault true;
-    mpd = lib.mkDefault true;
-    postgresql = lib.mkDefault true;
-    matrix = lib.mkDefault true;
-    nextcloud = lib.mkDefault true;
-    immich = lib.mkDefault true;
-    paperless = lib.mkDefault true;
-    transmission = lib.mkDefault true;
-    syncthing = lib.mkDefault true;
-    grafana = lib.mkDefault true;
-    emacs = lib.mkDefault true;
-    freshrss = lib.mkDefault true;
-    jenkins = lib.mkDefault false;
-    kanidm = lib.mkDefault true;
-    firefly-iii = lib.mkDefault true;
-    koillection = lib.mkDefault true;
-    radicale = lib.mkDefault true;
-    atuin = lib.mkDefault true;
-    forgejo = lib.mkDefault true;
-    ankisync = lib.mkDefault true;
-    # snipeit = lib.mkDefault false;
-    homebox = lib.mkDefault true;
-    opkssh = lib.mkDefault true;
-    garage = lib.mkDefault false;
+    nginx = true; # for php stuff
+    acme = false; # cert handled by proxy
+    wireguard = true;
+
+    nfs = true;
+    kavita = true;
+    restic = true;
+    jellyfin = true;
+    navidrome = true;
+    spotifyd = true;
+    mpd = true;
+    postgresql = true;
+    matrix = true;
+    nextcloud = true;
+    immich = true;
+    paperless = true;
+    transmission = true;
+    syncthing = true;
+    grafana = true;
+    emacs = true;
+    freshrss = true;
+    kanidm = true;
+    firefly-iii = true;
+    koillection = true;
+    radicale = true;
+    atuin = true;
+    forgejo = true;
+    ankisync = true;
+    homebox = true;
+    opkssh = true;
   };
 
 }