hosts/suwako: move filehost from marisa to suwako

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
2025-09-04 15:32:26 +05:30
parent 6d431bdf9d
commit c2a1654be8
5 changed files with 50 additions and 28 deletions
--- a/hosts/marisa/services/default.nix
+++ b/hosts/marisa/services/default.nix
@@ -3,7 +3,6 @@
  imports = [
    # ./hashicorp.nix
    ./filehost.nix
    ./gitea.nix
  ];
--- a/hosts/suwako/networking.nix
+++ b/hosts/suwako/networking.nix
@@ -13,8 +13,7 @@
            22
            443
            80
-            8080
+            25565 # minecraft
            25565
          ];
        };
      };
--- a/hosts/suwako/services/default.nix
+++ b/hosts/suwako/services/default.nix
@@ -3,6 +3,7 @@
  imports = [
    ./nginx.nix
    ./pufferpanel.nix
    ./filehost.nix
  ];
  virtualisation.docker = {
--- a/hosts/suwako/services/filehost.nix
+++ b/hosts/suwako/services/filehost.nix
--- a/hosts/suwako/services/nginx.nix
+++ b/hosts/suwako/services/nginx.nix
@@ -5,32 +5,55 @@ in
 {
  services.nginx = {
    enable = true;
-    virtualHosts = with conf.network.addresses.wireguard.ips; {
+    appendHttpConfig = ''
-      "moj.${domain}" = {
+      map $uri $expires {
-        enableACME = true;
+        default off;
-        forceSSL = true;
+        ~\.(jpg|jpeg|png|gif|ico)$ 30d;
-        locations."/" = {
+      }
-          proxyPass = "https://${suwako}:25565";
+    '';
    virtualHosts =
      let
        genericHttpRProxy =
          {
            addr,
            ssl ? true,
            conf ? "",
          }:
          {
            enableACME = ssl;
            # addSSL = ssl;
            forceSSL = ssl;
            locations."/" = {
              proxyPass = toString addr;
              extraConfig = ''
                expires $expires;
                proxy_set_header Host $host;
              ''
              + conf;
            };
          };
      in
      with conf.network.addresses.wireguard.ips;
      {
        "moj.${domain}" = genericHttpRProxy { addr = "https://${suwako}:25565"; };
        "puffer.${domain}" = genericHttpRProxy {
          addr = "http://${suwako}:8080";
          conf = ''
            proxy_set_header X-Real-IP $remote_addr;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header X-Nginx-Proxy true;
            proxy_set_header X-Forwarded-Proto $scheme;
            client_max_body_size 100M;
          '';
        };
        # Personal filehost
        "f.${domain}" = genericHttpRProxy { addr = "http://${suwako}:8000"; };
      };
      "puffer.${domain}" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://${suwako}:8080";
        };
        extraConfig = ''
          proxy_set_header X-Real-IP $remote_addr;
          proxy_http_version 1.1;
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header X-Nginx-Proxy true;
          proxy_set_header X-Forwarded-Proto $scheme;
          client_max_body_size 100M;
        '';
      };
    };
  };
 }