alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-22 13:03:56 -05:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

mauville: code cleanup and reorg

Browse source
This commit is contained in:
Aly Raffauf 2024-06-07 13:14:34 -04:00
parent 147d5ec317
commit 4ab7829ab5
1 changed files with 66 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
hosts/mauville/default.nix
View file

@ -105,10 +105,10 @@ in {
# So we have to use this workaround. # So we have to use this workaround.
extraHosts = '' extraHosts = ''
127.0.0.1 music.${domain} 127.0.0.1 music.${domain}
127.0.0.1 news.${domain}
127.0.0.1 nixcache.${domain} 127.0.0.1 nixcache.${domain}
127.0.0.1 plex.${domain} 127.0.0.1 plex.${domain}
127.0.0.1 podcasts.${domain} 127.0.0.1 podcasts.${domain}
127.0.0.1 news.${domain}
''; '';
}; };
@ -121,23 +121,24 @@ in {
fail2ban.enable = true; fail2ban.enable = true;
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.${domain}" = { virtualHosts = {
"music.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:4533"; proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
}; };
virtualHosts."news.${domain}" = { "news.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
@ -147,13 +148,13 @@ in {
proxy_buffering off; proxy_buffering off;
proxy_redirect off; proxy_redirect off;
# Forward the Authorization header for the Google Reader API. # Forward the Authorization header for the Google Reader API.
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization; proxy_pass_header Authorization;
proxy_set_header Authorization $http_authorization;
''; '';
}; };
}; };
virtualHosts."nixcache.${domain}" = { "nixcache.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${ locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
@ -161,59 +162,60 @@ in {
}"; }";
}; };
virtualHosts."plex.${domain}" = { "plex.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}"; proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}";
proxyWebsockets = true; # needed if you need to use WebSocket proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
}; };
}; };
virtualHosts."podcasts.${domain}" = { "podcasts.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}"; proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}";
# proxyWebsockets = true; # This breaks audiobookshelf. # proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M; client_max_body_size 500M;
proxy_buffering off;
proxy_redirect http:// https://;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
''; '';
}; };
}; };
}; };
};
samba = { samba = {
enable = true; enable = true;
securityType = "user"; securityType = "user";
openFirewall = true; openFirewall = true;
shares = { shares = {
Media = { Media = {
browseable = "yes";
comment = "Media @ ${hostName}"; comment = "Media @ ${hostName}";
path = mediaDirectory; path = mediaDirectory;
browseable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "yes"; "guest ok" = "yes";
"create mask" = "0755"; "create mask" = "0755";
"directory mask" = "0755"; "directory mask" = "0755";
}; };
Archive = { Archive = {
browseable = "yes";
comment = "Archive @ ${hostName}"; comment = "Archive @ ${hostName}";
path = archiveDirectory; path = archiveDirectory;
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755"; "create mask" = "0755";
"directory mask" = "0755"; "directory mask" = "0755";
"guest ok" = "yes";
"read only" = "no";
}; };
}; };
}; };