From c2a1654be84b3e466da89e32a7bd2ec50189f1fd Mon Sep 17 00:00:00 2001 From: Amneesh Singh Date: Thu, 4 Sep 2025 15:32:26 +0530 Subject: [PATCH] hosts/suwako: move filehost from marisa to suwako Signed-off-by: Amneesh Singh --- hosts/marisa/services/default.nix | 1 - hosts/suwako/networking.nix | 3 +- hosts/suwako/services/default.nix | 1 + .../{marisa => suwako}/services/filehost.nix | 0 hosts/suwako/services/nginx.nix | 73 ++++++++++++------- 5 files changed, 50 insertions(+), 28 deletions(-) rename hosts/{marisa => suwako}/services/filehost.nix (100%) diff --git a/hosts/marisa/services/default.nix b/hosts/marisa/services/default.nix index c9e20cd..8aec345 100644 --- a/hosts/marisa/services/default.nix +++ b/hosts/marisa/services/default.nix @@ -3,7 +3,6 @@ imports = [ # ./hashicorp.nix - ./filehost.nix ./gitea.nix ]; diff --git a/hosts/suwako/networking.nix b/hosts/suwako/networking.nix index 515f1e0..079b18d 100644 --- a/hosts/suwako/networking.nix +++ b/hosts/suwako/networking.nix @@ -13,8 +13,7 @@ 22 443 80 - 8080 - 25565 + 25565 # minecraft ]; }; }; diff --git a/hosts/suwako/services/default.nix b/hosts/suwako/services/default.nix index 91ec852..ef5c008 100644 --- a/hosts/suwako/services/default.nix +++ b/hosts/suwako/services/default.nix @@ -3,6 +3,7 @@ imports = [ ./nginx.nix ./pufferpanel.nix + ./filehost.nix ]; virtualisation.docker = { diff --git a/hosts/marisa/services/filehost.nix b/hosts/suwako/services/filehost.nix similarity index 100% rename from hosts/marisa/services/filehost.nix rename to hosts/suwako/services/filehost.nix diff --git a/hosts/suwako/services/nginx.nix b/hosts/suwako/services/nginx.nix index 9512679..ac635e1 100644 --- a/hosts/suwako/services/nginx.nix +++ b/hosts/suwako/services/nginx.nix @@ -5,32 +5,55 @@ in { services.nginx = { enable = true; - virtualHosts = with conf.network.addresses.wireguard.ips; { - "moj.${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "https://${suwako}:25565"; + appendHttpConfig = '' + map $uri $expires { + default off; + ~\.(jpg|jpeg|png|gif|ico)$ 30d; + } + ''; + virtualHosts = + let + genericHttpRProxy = + { + addr, + ssl ? true, + conf ? "", + }: + { + enableACME = ssl; + # addSSL = ssl; + forceSSL = ssl; + locations."/" = { + proxyPass = toString addr; + extraConfig = '' + expires $expires; + proxy_set_header Host $host; + '' + + conf; + }; + }; + in + with conf.network.addresses.wireguard.ips; + { + "moj.${domain}" = genericHttpRProxy { addr = "https://${suwako}:25565"; }; + + "puffer.${domain}" = genericHttpRProxy { + addr = "http://${suwako}:8080"; + + conf = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Connection "Upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Nginx-Proxy true; + proxy_set_header X-Forwarded-Proto $scheme; + client_max_body_size 100M; + ''; }; + + # Personal filehost + "f.${domain}" = genericHttpRProxy { addr = "http://${suwako}:8000"; }; }; - "puffer.${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://${suwako}:8080"; - }; - extraConfig = '' - proxy_set_header X-Real-IP $remote_addr; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Connection "Upgrade"; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Nginx-Proxy true; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 100M; - ''; - }; - }; }; }