diff --git a/hosts/suwako/hardware.nix b/hosts/suwako/hardware.nix index fca19ec..a591e59 100644 --- a/hosts/suwako/hardware.nix +++ b/hosts/suwako/hardware.nix @@ -12,7 +12,7 @@ ]; fileSystems."/" = { - device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf "; + device = "/dev/disk/by-label/cloudimg-rootfs"; fsType = "ext4"; }; diff --git a/hosts/suwako/networking.nix b/hosts/suwako/networking.nix index e927c1f..515f1e0 100644 --- a/hosts/suwako/networking.nix +++ b/hosts/suwako/networking.nix @@ -1,8 +1,5 @@ { - lib, - config, conf, - pkgs, ... }: { @@ -16,6 +13,8 @@ 22 443 80 + 8080 + 25565 ]; }; }; diff --git a/hosts/suwako/services.nix b/hosts/suwako/services.nix index fa470a8..46d8764 100644 --- a/hosts/suwako/services.nix +++ b/hosts/suwako/services.nix @@ -9,6 +9,10 @@ let domain = conf.network.addresses.domain.natto; in { + virtualisation.docker = { + enable = true; + }; + services = { cron.enable = true; @@ -17,5 +21,50 @@ in settings.PermitRootLogin = "yes"; ports = [ 22 ]; }; + + nginx = { + enable = true; + virtualHosts = with conf.network.addresses.wireguard.ips; { + "moj.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "https://${suwako}:25565"; + }; + }; + "puffer.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://${suwako}:8080"; + }; + extraConfig = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Nginx-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 100M; + ''; + }; + }; + }; + pufferpanel = { + enable = true; + extraGroups = [ "docker" ]; + package = pkgs.buildFHSEnv { + name = "pufferpanel-fhs"; + runScript = lib.getExe pkgs.pufferpanel; + targetPkgs = + pkgs': with pkgs'; [ + icu + openssl + zlib + ]; + }; + }; }; }