diff --git a/modules/homelab/binary_cache.nix b/modules/homelab/binary_cache.nix new file mode 100644 index 00000000..a75cb93c --- /dev/null +++ b/modules/homelab/binary_cache.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; +} + diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index 3aef3fe8..e2ef3eb8 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -2,11 +2,12 @@ { imports = [ + ./binary_cache.nix ./nginx_proxy.nix + ./nix_containers.nix ./oci_containers.nix ./samba.nix ./virtualization.nix - ./nix_containers.nix ]; # services.ddclient.enable = true; diff --git a/modules/homelab/nginx_proxy.nix b/modules/homelab/nginx_proxy.nix index 616ba1bd..708f6a67 100644 --- a/modules/homelab/nginx_proxy.nix +++ b/modules/homelab/nginx_proxy.nix @@ -14,8 +14,9 @@ # So we have to use this workaround. extraHosts = '' 127.0.0.1 music.raffauflabs.com - 127.0.0.1 podcasts.raffauflabs.com + 127.0.0.1 nixcache.raffauflabs.com 127.0.0.1 plex.raffauflabs.com + 127.0.0.1 podcasts.raffauflabs.com ''; }; @@ -28,21 +29,37 @@ recommendedProxySettings = true; recommendedTlsSettings = true; recommendedGzipSettings = true; - # other Nginx options - # virtualHosts."raffauflabs.com" = { - # enableACME = true; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://127.0.0.1:12345"; - # proxyWebsockets = true; # needed if you need to use WebSocket - # extraConfig = '' - # # required when the target is also TLS server with multiple hosts - # proxy_ssl_server_name on; - # # required when the server wants to use HTTP Authentication - # proxy_pass_header Authorization; - # ''; - # }; - # }; + + virtualHosts."music.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4533"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + + virtualHosts."nixcache.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + + virtualHosts."plex.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32400"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + virtualHosts."podcasts.raffauflabs.com" = { enableACME = true; forceSSL = true; @@ -61,27 +78,5 @@ ''; }; }; - virtualHosts."plex.raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:32400"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_buffering off; - ''; - }; - }; - virtualHosts."music.raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4533"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_buffering off; - ''; - }; - }; }; } \ No newline at end of file