alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-22 07:53:55 -05:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

mauville: code cleanup and reorg

Browse source
This commit is contained in:
Aly Raffauf 2024-06-07 13:14:34 -04:00
parent 147d5ec317
commit 4ab7829ab5
1 changed files with 66 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
hosts/mauville/default.nix
View file

@ -105,10 +105,10 @@ in {
# So we have to use this workaround. # So we have to use this workaround.
extraHosts = '' extraHosts = ''
127.0.0.1 music.${domain} 127.0.0.1 music.${domain}
127.0.0.1 news.${domain}
127.0.0.1 nixcache.${domain} 127.0.0.1 nixcache.${domain}
127.0.0.1 plex.${domain} 127.0.0.1 plex.${domain}
127.0.0.1 podcasts.${domain} 127.0.0.1 podcasts.${domain}
127.0.0.1 news.${domain}
''; '';
}; };
@ -121,74 +121,76 @@ in {
fail2ban.enable = true; fail2ban.enable = true;
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.${domain}" = { virtualHosts = {
enableACME = true; "music.${domain}" = {
forceSSL = true; enableACME = true;
locations."/" = { forceSSL = true;
proxyPass = "http://127.0.0.1:4533"; locations."/" = {
proxyWebsockets = true; # needed if you need to use WebSocket proxyPass = "http://127.0.0.1:4533";
extraConfig = '' proxyWebsockets = true;
proxy_buffering off; extraConfig = ''
''; proxy_buffering off;
'';
};
}; };
};
virtualHosts."news.${domain}" = { "news.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.freshRSS.port}"; proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.freshRSS.port}";
proxyWebsockets = true; # needed if you need to use WebSocket proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
proxy_redirect off; proxy_redirect off;
# Forward the Authorization header for the Google Reader API. # Forward the Authorization header for the Google Reader API.
proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization;
proxy_pass_header Authorization; proxy_set_header Authorization $http_authorization;
''; '';
};
}; };
};
virtualHosts."nixcache.${domain}" = { "nixcache.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${ locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port toString config.services.nix-serve.port
}"; }";
};
virtualHosts."plex.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
}; };
};
virtualHosts."podcasts.${domain}" = { "plex.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}"; proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}";
# proxyWebsockets = true; # This breaks audiobookshelf. proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off;
proxy_set_header X-Forwarded-Proto $scheme; '';
proxy_set_header Host $host; };
proxy_set_header Upgrade $http_upgrade; };
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://; "podcasts.${domain}" = {
proxy_buffering off; enableACME = true;
client_max_body_size 500M; forceSSL = true;
''; locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
client_max_body_size 500M;
proxy_buffering off;
proxy_redirect http:// https://;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
}; };
}; };
}; };
@ -198,22 +200,22 @@ in {
openFirewall = true; openFirewall = true;
shares = { shares = {
Media = { Media = {
browseable = "yes";
comment = "Media @ ${hostName}"; comment = "Media @ ${hostName}";
path = mediaDirectory; path = mediaDirectory;
browseable = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "yes"; "guest ok" = "yes";
"create mask" = "0755"; "create mask" = "0755";
"directory mask" = "0755"; "directory mask" = "0755";
}; };
Archive = { Archive = {
browseable = "yes";
comment = "Archive @ ${hostName}"; comment = "Archive @ ${hostName}";
path = archiveDirectory; path = archiveDirectory;
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755"; "create mask" = "0755";
"directory mask" = "0755"; "directory mask" = "0755";
"guest ok" = "yes";
"read only" = "no";
}; };
}; };
}; };