natto1784/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

hosts/remilia: random nginx changes

Browse Source 
Signed-off-by: natto1784 <natto@weirdnatto.in>
This commit is contained in:
Amneesh Singh
2023-04-27 15:01:33 +05:30
parent 0e4ac5dfe5
commit be59cc0e8a
3 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/modules/minimal.nix
View File

@@ -6,7 +6,7 @@
enable = true; enable = true;
extraRules = [ extraRules = [
{ {
users = [ "wheel" ]; groups = [ "wheel" ];
keepEnv = true; keepEnv = true;
persist = true; persist = true;
} }

4
hosts/remilia/networking.nix
View File

@@ -17,8 +17,8 @@
let let
t = lib.splitString ":" x.destination; t = lib.splitString ":" x.destination;
in in
with builtins; with lib;
"iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${head (tail t)} -j MASQUERADE" "iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
) )
config.networking.nat.forwardPorts; config.networking.nat.forwardPorts;
}; };

28
hosts/remilia/services.nix
View File

@@ -4,6 +4,7 @@ let
in in
{ {
services = { services = {
cron.enable = true;
openssh = { openssh = {
enable = true; enable = true;
permitRootLogin = "yes"; permitRootLogin = "yes";
@@ -23,14 +24,15 @@ in
appendHttpConfig = '' appendHttpConfig = ''
map $uri $expires { map $uri $expires {
default off; default off;
~\.(jpg|jpeg|png|gif|ico|css|js)$ 30d; ~\.(jpg|jpeg|png|gif|ico)$ 30d;
} }
''; '';
virtualHosts = virtualHosts =
let let
genericHttpRProxy = { addr, ssl ? true, conf ? "" }: { genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
addSSL = ssl;
enableACME = ssl; enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = { locations."/" = {
proxyPass = toString addr; proxyPass = toString addr;
extraConfig = '' extraConfig = ''
@@ -54,7 +56,20 @@ in
"vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; }; "vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; };
"consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; }; "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; };
"f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8888"; }; "f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8888"; };
"radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; }; # "radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; };
"radio.${domain}" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${satori}:7590";
extraConfig = ''
expires $expires;
proxy_set_header Host $host;
'';
};
locations."= /".return = "301 /radio";
};
"git.${domain}" = genericHttpRProxy { "git.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:5000"; addr = "http://${marisa}:5000";
conf = "client_max_body_size 64M;"; conf = "client_max_body_size 64M;";
@@ -66,13 +81,6 @@ in
proxy_read_timeout 310s; proxy_read_timeout 310s;
''; '';
}; };
"alo.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:4004";
conf = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
}; };
}; };
}; };