refactored nginx config
This commit is contained in:
baritone
parent
7310892cf9
commit
67146a509d
|
|
@ -22,6 +22,7 @@
|
|||
ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
|
||||
in {
|
||||
microvm.autostart = [vm-name];
|
||||
imports = [./nginx.nix];
|
||||
|
||||
users.extraUsers.microvm.extraGroups = [
|
||||
"jellyfin" # access to media folder
|
||||
|
|
@ -158,7 +159,6 @@ in {
|
|||
peer-port-random-high = 65535;
|
||||
peer-port-random-on-start = true;
|
||||
download-queue-enabled = false;
|
||||
|
||||
};
|
||||
downloadDirPermissions = "775";
|
||||
performanceNetParameters = true;
|
||||
|
|
@ -215,6 +215,6 @@ in {
|
|||
)
|
||||
ports);
|
||||
|
||||
networking.firewall.allowedTCPPorts = [80 443] ++ ports-list;
|
||||
networking.firewall.allowedUDPPorts = [80 443] ++ ports-list;
|
||||
networking.firewall.allowedTCPPorts = ports-list;
|
||||
networking.firewall.allowedUDPPorts = ports-list;
|
||||
}
|
||||
|
|
|
|||
34
services/conduwuit.nix
Normal file
34
services/conduwuit.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
{...}: let
|
||||
port = 6167;
|
||||
address = "127.0.0.1";
|
||||
domain = "matrix.spoodythe.one";
|
||||
mb = 1024 * 1024;
|
||||
max-request-size = 20;
|
||||
in {
|
||||
imports = [
|
||||
./nginx.nix
|
||||
];
|
||||
|
||||
services.conduwuit = {
|
||||
enable = true;
|
||||
settings = {
|
||||
global = {
|
||||
inherit port;
|
||||
inherit address;
|
||||
server_name = domain;
|
||||
max_request_size = max-request-size * mb;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${address}:${toString port}";
|
||||
extraConfig = ''
|
||||
client_max_body_size ${max-request-size}M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -2,6 +2,7 @@
|
|||
host = "127.0.0.1";
|
||||
port = 6969;
|
||||
in {
|
||||
imports = [./nginx.nix];
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -42,8 +43,4 @@ in {
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# Open port 80 and 443 for reverse proxy
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
networking.firewall.allowedUDPPorts = [80 443];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,35 +6,8 @@
|
|||
}: let
|
||||
host = "127.0.0.1";
|
||||
port = 8096;
|
||||
jellyfin =
|
||||
if config.services.mullvad-vpn.enable == true
|
||||
then
|
||||
pkgs.callPackage ({...}:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
pname = "jellyfin-excluded";
|
||||
version = "1.0.0";
|
||||
|
||||
phases = ["installPhase"];
|
||||
|
||||
buildInputs = [pkgs.jellyfin];
|
||||
|
||||
# Define the install phase
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
# Create a wrapper script
|
||||
echo "${pkgs.mullvad-vpn}/bin/mullvad-exclude ${pkgs.jellyfin}/bin/jellyfin \"$@\"" > $out/bin/jellyfin-excluded
|
||||
chmod +x $out/bin/jellyfin-excluded
|
||||
'';
|
||||
|
||||
# Specify the output
|
||||
meta = with pkgs.lib; {
|
||||
description = "A wrapper for the hello command";
|
||||
mainProgram = "jellyfin-excluded";
|
||||
license = licenses.mit;
|
||||
};
|
||||
}) {}
|
||||
else pkgs.jellyfin;
|
||||
in {
|
||||
imports = [./nginx.nix];
|
||||
# Enable VAAPI
|
||||
config.nixpkgs.config.packageOverrides = pkgs: {
|
||||
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
|
||||
|
|
@ -60,7 +33,6 @@ in {
|
|||
# Enable Jellyfin
|
||||
config.services.jellyfin = {
|
||||
enable = true;
|
||||
package = jellyfin;
|
||||
openFirewall = false; # We want jellyfin behind a reverse proxy
|
||||
};
|
||||
|
||||
|
|
@ -90,6 +62,6 @@ in {
|
|||
};
|
||||
|
||||
# Open port 80 and 443 for reverse proxy
|
||||
config.networking.firewall.allowedTCPPorts = [port 80 443];
|
||||
config.networking.firewall.allowedUDPPorts = [port 80 443];
|
||||
config.networking.firewall.allowedTCPPorts = [port];
|
||||
config.networking.firewall.allowedUDPPorts = [port];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,4 +9,8 @@
|
|||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "snorre@altschul.dk";
|
||||
|
||||
# Open port 80 and 443 for reverse proxy
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
networking.firewall.allowedUDPPorts = [80 443];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
host = "127.0.0.1";
|
||||
port = 8222;
|
||||
in {
|
||||
imports = [./nginx.nix];
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -24,9 +25,6 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [port];
|
||||
networking.firewall.allowedUDPPorts = [port];
|
||||
|
||||
services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
user = "website-host-user";
|
||||
uid = 1900;
|
||||
in {
|
||||
imports = [./nginx.nix];
|
||||
services.nginx.virtualHosts."spoodythe.one" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue