refactored nginx config
This commit is contained in:
baritone
parent
7310892cf9
commit
67146a509d
|
|
@ -22,6 +22,7 @@
|
||||||
ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
|
ports-list = pkgs.lib.attrsets.mapAttrsToList (name: value: value.port) ports;
|
||||||
in {
|
in {
|
||||||
microvm.autostart = [vm-name];
|
microvm.autostart = [vm-name];
|
||||||
|
imports = [./nginx.nix];
|
||||||
|
|
||||||
users.extraUsers.microvm.extraGroups = [
|
users.extraUsers.microvm.extraGroups = [
|
||||||
"jellyfin" # access to media folder
|
"jellyfin" # access to media folder
|
||||||
|
|
@ -158,7 +159,6 @@ in {
|
||||||
peer-port-random-high = 65535;
|
peer-port-random-high = 65535;
|
||||||
peer-port-random-on-start = true;
|
peer-port-random-on-start = true;
|
||||||
download-queue-enabled = false;
|
download-queue-enabled = false;
|
||||||
|
|
||||||
};
|
};
|
||||||
downloadDirPermissions = "775";
|
downloadDirPermissions = "775";
|
||||||
performanceNetParameters = true;
|
performanceNetParameters = true;
|
||||||
|
|
@ -215,6 +215,6 @@ in {
|
||||||
)
|
)
|
||||||
ports);
|
ports);
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [80 443] ++ ports-list;
|
networking.firewall.allowedTCPPorts = ports-list;
|
||||||
networking.firewall.allowedUDPPorts = [80 443] ++ ports-list;
|
networking.firewall.allowedUDPPorts = ports-list;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
34
services/conduwuit.nix
Normal file
34
services/conduwuit.nix
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
{...}: let
|
||||||
|
port = 6167;
|
||||||
|
address = "127.0.0.1";
|
||||||
|
domain = "matrix.spoodythe.one";
|
||||||
|
mb = 1024 * 1024;
|
||||||
|
max-request-size = 20;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
./nginx.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.conduwuit = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
global = {
|
||||||
|
inherit port;
|
||||||
|
inherit address;
|
||||||
|
server_name = domain;
|
||||||
|
max_request_size = max-request-size * mb;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${address}:${toString port}";
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size ${max-request-size}M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 6969;
|
port = 6969;
|
||||||
in {
|
in {
|
||||||
|
imports = [./nginx.nix];
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
|
@ -42,8 +43,4 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open port 80 and 443 for reverse proxy
|
|
||||||
networking.firewall.allowedTCPPorts = [80 443];
|
|
||||||
networking.firewall.allowedUDPPorts = [80 443];
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,35 +6,8 @@
|
||||||
}: let
|
}: let
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 8096;
|
port = 8096;
|
||||||
jellyfin =
|
|
||||||
if config.services.mullvad-vpn.enable == true
|
|
||||||
then
|
|
||||||
pkgs.callPackage ({...}:
|
|
||||||
pkgs.stdenv.mkDerivation {
|
|
||||||
pname = "jellyfin-excluded";
|
|
||||||
version = "1.0.0";
|
|
||||||
|
|
||||||
phases = ["installPhase"];
|
|
||||||
|
|
||||||
buildInputs = [pkgs.jellyfin];
|
|
||||||
|
|
||||||
# Define the install phase
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
# Create a wrapper script
|
|
||||||
echo "${pkgs.mullvad-vpn}/bin/mullvad-exclude ${pkgs.jellyfin}/bin/jellyfin \"$@\"" > $out/bin/jellyfin-excluded
|
|
||||||
chmod +x $out/bin/jellyfin-excluded
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Specify the output
|
|
||||||
meta = with pkgs.lib; {
|
|
||||||
description = "A wrapper for the hello command";
|
|
||||||
mainProgram = "jellyfin-excluded";
|
|
||||||
license = licenses.mit;
|
|
||||||
};
|
|
||||||
}) {}
|
|
||||||
else pkgs.jellyfin;
|
|
||||||
in {
|
in {
|
||||||
|
imports = [./nginx.nix];
|
||||||
# Enable VAAPI
|
# Enable VAAPI
|
||||||
config.nixpkgs.config.packageOverrides = pkgs: {
|
config.nixpkgs.config.packageOverrides = pkgs: {
|
||||||
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
|
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
|
||||||
|
|
@ -60,7 +33,6 @@ in {
|
||||||
# Enable Jellyfin
|
# Enable Jellyfin
|
||||||
config.services.jellyfin = {
|
config.services.jellyfin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = jellyfin;
|
|
||||||
openFirewall = false; # We want jellyfin behind a reverse proxy
|
openFirewall = false; # We want jellyfin behind a reverse proxy
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -90,6 +62,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open port 80 and 443 for reverse proxy
|
# Open port 80 and 443 for reverse proxy
|
||||||
config.networking.firewall.allowedTCPPorts = [port 80 443];
|
config.networking.firewall.allowedTCPPorts = [port];
|
||||||
config.networking.firewall.allowedUDPPorts = [port 80 443];
|
config.networking.firewall.allowedUDPPorts = [port];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,4 +9,8 @@
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "snorre@altschul.dk";
|
security.acme.defaults.email = "snorre@altschul.dk";
|
||||||
|
|
||||||
|
# Open port 80 and 443 for reverse proxy
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
networking.firewall.allowedUDPPorts = [80 443];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = 8222;
|
port = 8222;
|
||||||
in {
|
in {
|
||||||
|
imports = [./nginx.nix];
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
|
@ -24,9 +25,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [port];
|
|
||||||
networking.firewall.allowedUDPPorts = [port];
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
|
services.nginx.virtualHosts."vaultwarden.spoodythe.one" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@
|
||||||
user = "website-host-user";
|
user = "website-host-user";
|
||||||
uid = 1900;
|
uid = 1900;
|
||||||
in {
|
in {
|
||||||
|
imports = [./nginx.nix];
|
||||||
services.nginx.virtualHosts."spoodythe.one" = {
|
services.nginx.virtualHosts."spoodythe.one" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue