mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-25 13:51:54 -05:00
Aly Raffauf
c457e042f6
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
nix-build / default-build (push) Waiting to run
nix-build / fallarbor-build (push) Waiting to run
nix-build / lavaridge-build (push) Waiting to run
nix-build / mauville-build (push) Waiting to run
nix-build / petalburg-build (push) Waiting to run
nix-build / rustboro-build (push) Waiting to run
nix-build / slateport-build (push) Waiting to run
nix-check / fmt-check (push) Waiting to run
nix-check / eval-check (push) Waiting to run
134 lines
3.1 KiB
Nix
134 lines
3.1 KiB
Nix
{config, ...}: let
|
|
ip = "192.168.0.103";
|
|
domain = "raffauflabs.com";
|
|
in {
|
|
networking = {
|
|
firewall.allowedTCPPorts = [80 443 2379 2380 6443];
|
|
firewall.allowedUDPPorts = [8472];
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "alyraffauf@gmail.com";
|
|
};
|
|
|
|
services = {
|
|
ddclient = {
|
|
enable = true;
|
|
|
|
domains = [
|
|
"bt.${domain}"
|
|
"git.${domain}"
|
|
"music.${domain}"
|
|
"plex.${domain}"
|
|
"podcasts.${domain}"
|
|
domain
|
|
];
|
|
|
|
interval = "10min";
|
|
passwordFile = config.age.secrets.cloudflare.path;
|
|
protocol = "cloudflare";
|
|
ssl = true;
|
|
use = "web, web=dynamicdns.park-your-domain.com/getip, web-skip='Current IP Address: '";
|
|
username = "token";
|
|
zone = domain;
|
|
};
|
|
|
|
fail2ban = {
|
|
enable = true;
|
|
bantime = "1h";
|
|
};
|
|
|
|
k3s = {
|
|
enable = true;
|
|
clusterInit = true;
|
|
role = "server";
|
|
tokenFile = config.age.secrets.k3s.path;
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = {
|
|
# "bt.${domain}" = {
|
|
# enableACME = true;
|
|
# forceSSL = true;
|
|
|
|
# locations."/" = {
|
|
# proxyPass = "http://${ip}:${toString 9091}";
|
|
# proxyWebsockets = true;
|
|
|
|
# extraConfig = ''
|
|
# proxy_buffering off;
|
|
# '';
|
|
# };
|
|
# };
|
|
|
|
"git.${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${ip}:${toString 3000}";
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 512M;
|
|
'';
|
|
};
|
|
};
|
|
|
|
"music.${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${ip}:${toString 4533}";
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
"plex.${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${ip}:${toString 32400}";
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig = ''
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
"podcasts.${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${ip}:${toString 13378}";
|
|
|
|
extraConfig = ''
|
|
client_max_body_size 500M;
|
|
proxy_buffering off;
|
|
proxy_redirect http:// https://;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|