mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-22 10:20:33 +01:00
Merge branch 'main' of git.sr.ht:~xqtc/nixos-config
This commit is contained in:
commit
c08acb7f33
24
flake.lock
24
flake.lock
|
@ -49,11 +49,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "pkgs/firefox-addons",
|
||||
"lastModified": 1711500952,
|
||||
"narHash": "sha256-YEF6ycTwkcuZq1ocon+JahHgwuQLQtpH2js1j+gN8K8=",
|
||||
"lastModified": 1711944236,
|
||||
"narHash": "sha256-ojbn/vd70A0q5exwbBwOLzTFODQls1BrkghShqqouUM=",
|
||||
"owner": "rycee",
|
||||
"repo": "nur-expressions",
|
||||
"rev": "d0df0c83bfe2e7ed6e26259a289d7056c4001ced",
|
||||
"rev": "bf108287a1a055d42b769328e2e18333bb5f842e",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
|
@ -245,11 +245,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711625603,
|
||||
"narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
|
||||
"lastModified": 1711915616,
|
||||
"narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
|
||||
"rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -335,11 +335,11 @@
|
|||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1711832515,
|
||||
"narHash": "sha256-RtO7XBMlXQDr31B26zDmCp9vQF1oIdnuFStRnqYj6cc=",
|
||||
"lastModified": 1711972950,
|
||||
"narHash": "sha256-WWtorZJ5wFhu5qRiVd1MkugwBSqLf+kktdCzwHAqgUQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9db82fb29eb1e7e07285580e61724601651ddbda",
|
||||
"rev": "cb13a6d0ae81a8fecbc3eb198d6c2a08bd45d32f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -410,11 +410,11 @@
|
|||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711809391,
|
||||
"narHash": "sha256-/nGV6P8nB/R/ysbl1KQIKIwp1mQPXxtnoEd+pf3X+nw=",
|
||||
"lastModified": 1711888895,
|
||||
"narHash": "sha256-Hykv2DGC5EHzZ89+54w/zkit+CVGLRcdIgOWnB4zW5k=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "0c16f59202c5062d12ef9cd4560cc9fca9d99f9a",
|
||||
"rev": "db6b61f117c83943f15289ced03674f81d08256a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -12,42 +12,61 @@ with lib; {
|
|||
./jellyfin.nix
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
# users.users.nginx.extraGroups = ["acme"];
|
||||
|
||||
# services.nginx = {
|
||||
# enable = true;
|
||||
# package = pkgs.nginxQuic;
|
||||
#
|
||||
# recommendedGzipSettings = true;
|
||||
# recommendedOptimisation = true;
|
||||
# recommendedProxySettings = true;
|
||||
# recommendedTlsSettings = true;
|
||||
#
|
||||
# # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||
# # sslProtocols = mkDefault "TLSv1.3";
|
||||
#
|
||||
# clientMaxBodySize = mkDefault "128M";
|
||||
# commonHttpConfig = ''
|
||||
# map $scheme $hsts_header {
|
||||
# https "max-age=31536000; includeSubdomains; preload";
|
||||
# }
|
||||
# add_header Strict-Transport-Security $hsts_header;
|
||||
# add_header X-Content-Type-Options "nosniff" always;
|
||||
# add_header X-XSS-Protection "1; mode=block" always;
|
||||
# add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
# add_header Referrer-Policy "same-origin" always;
|
||||
# '';
|
||||
# };
|
||||
#
|
||||
# security.acme = {
|
||||
# acceptTerms = true;
|
||||
# defaults.email = "xqtc@tutanota.com";
|
||||
# defaults.keyType = "ec256";
|
||||
# # certs = {
|
||||
# # # "heroin.trade" = {};
|
||||
# # "jellyfin.heroin.trade" = {};
|
||||
# # "grafana.heroin.trade" = {};
|
||||
# # };
|
||||
# };
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = pkgs.nginxQuic;
|
||||
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||
sslProtocols = mkDefault "TLSv1.3";
|
||||
# sslDhparam = config.security.dhparams.params.nginx.path;
|
||||
|
||||
clientMaxBodySize = mkDefault "128M";
|
||||
commonHttpConfig = ''
|
||||
map $scheme $hsts_header {
|
||||
https "max-age=31536000; includeSubdomains; preload";
|
||||
email = "xqtc@tutanota.com";
|
||||
configFile = pkgs.writeText "Caddyfile" ''
|
||||
heroin.trade {
|
||||
root * /var/www/website/build/
|
||||
file_server
|
||||
}
|
||||
jellyfin.heroin.trade {
|
||||
reverse_proxy http://127.0.0.1:8096
|
||||
}
|
||||
grafana.heroin.trade {
|
||||
reverse_proxy http://127.0.0.1:2342
|
||||
}
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "xqtc@tutanota.com";
|
||||
defaults.keyType = "ec256";
|
||||
certs = {
|
||||
"jellyfin.heroin.trade" = {};
|
||||
"grafana.heroin.trade" = {};
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||
|
||||
nix.settings = {
|
||||
|
|
|
@ -38,36 +38,4 @@ in {
|
|||
services.jellyfin.enable = true;
|
||||
# services.jellyfin.openFirewall = true;
|
||||
services.jellyfin.user = "xqtc";
|
||||
services.nginx.virtualHosts."jellyfin.heroin.trade" = {
|
||||
# addSSL = true;
|
||||
# kTLS = true;
|
||||
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
# "= /".return = "302 https://$host/web/";
|
||||
"/" = {
|
||||
# extraConfig = ''
|
||||
# proxy_set_header Host $host;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
||||
# proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
# proxy_set_header X-Forwarded-Host $http_host;
|
||||
# proxy_buffering on;
|
||||
# '';
|
||||
proxyPass = "http://127.0.0.1:8096";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
# "= /web/" = {
|
||||
# proxyPass = "http://127.0.0.1:8096/web/index.html";
|
||||
# extraConfig = proxyConfig;
|
||||
# };
|
||||
# "/socket" = {
|
||||
# proxyPass = "http://127.0.0.1:8096";
|
||||
# proxyWebsockets = true;
|
||||
# extraConfig = proxyConfig;
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,10 +6,9 @@
|
|||
networking.firewall.allowedTCPPorts = [80 443 9001];
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
port = 2342;
|
||||
addr = "127.0.0.1";
|
||||
};
|
||||
port = 2342;
|
||||
addr = "127.0.0.1";
|
||||
domain = "grafan.heroin.trade";
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
|
@ -33,16 +32,4 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."grafana.heroin.trade" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue