From 91c7a503d4b172b43331e4d1878d0dfaf3a8d475 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Sun, 10 Mar 2024 23:48:07 -0400 Subject: [PATCH] dded reverse proxy on mauville --- modules/homelab/default.nix | 105 +++++++++++++++++++++++++++++++----- 1 file changed, 93 insertions(+), 12 deletions(-) diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index 31f33a18..c24512e7 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -5,8 +5,11 @@ ../virtualization ]; + # services.ddclient.enable = true; + # services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; + # Open TCP ports for audiobookshelf, plex-server, and transmission-server. - networking.firewall.allowedTCPPorts = [ 51413 13378 32400 9091 ]; + networking.firewall.allowedTCPPorts = [ 80 443 51413 13378 32400 9091 ]; networking.firewall.allowedUDPPorts = [ 51413 ]; virtualisation = { @@ -47,17 +50,95 @@ "/mnt/Media:/Media" ]; }; - # nextcloud = { - # ports = ["0.0.0.0:80:80" ]; - # image = "nextcloud:latest"; - # environment = { - # TZ = "America/New_York"; - # }; - # volumes = [ - # "nextcloud:/var/www/html" - # "/mnt/Media/NextCloud:/var/www/html/data" - # ]; - # }; + }; + }; + + containers.navidrome = { + autoStart = true; + bindMounts = { + "/Music" = { hostPath = "/mnt/Media/Music"; + isReadOnly = true; + }; + }; + config = { config, pkgs, lib, ... }: { + services.navidrome = { + enable = true; + openFirewall = true; + settings = { + Address = "0.0.0.0"; + Port = 4533; + MusicFolder = "/Music"; + DefaultTheme = "Auto"; + SubsonicArtistParticipations = true; + DefaultDownsamplingFormat = "aac"; + }; + }; + system.stateVersion = "24.05"; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "alyraffauf@gmail.com"; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + # other Nginx options + virtualHosts."raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:12345"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + # required when the target is also TLS server with multiple hosts + proxy_ssl_server_name on; + # required when the server wants to use HTTP Authentication + proxy_pass_header Authorization; + ''; + }; + }; + virtualHosts."podcasts.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:13378"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect http:// https://; + proxy_buffering off; + ''; + }; + }; + virtualHosts."plex.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32400"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + virtualHosts."music.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4533"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; }; }; } \ No newline at end of file