mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-22 20:00:32 +01:00
Merge branch 'main' of git.sr.ht:~xqtc/nixos-config
This commit is contained in:
commit
c08acb7f33
24
flake.lock
24
flake.lock
|
@ -49,11 +49,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "pkgs/firefox-addons",
|
"dir": "pkgs/firefox-addons",
|
||||||
"lastModified": 1711500952,
|
"lastModified": 1711944236,
|
||||||
"narHash": "sha256-YEF6ycTwkcuZq1ocon+JahHgwuQLQtpH2js1j+gN8K8=",
|
"narHash": "sha256-ojbn/vd70A0q5exwbBwOLzTFODQls1BrkghShqqouUM=",
|
||||||
"owner": "rycee",
|
"owner": "rycee",
|
||||||
"repo": "nur-expressions",
|
"repo": "nur-expressions",
|
||||||
"rev": "d0df0c83bfe2e7ed6e26259a289d7056c4001ced",
|
"rev": "bf108287a1a055d42b769328e2e18333bb5f842e",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -245,11 +245,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711625603,
|
"lastModified": 1711915616,
|
||||||
"narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
|
"narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
|
"rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -335,11 +335,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-master": {
|
"nixpkgs-master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711832515,
|
"lastModified": 1711972950,
|
||||||
"narHash": "sha256-RtO7XBMlXQDr31B26zDmCp9vQF1oIdnuFStRnqYj6cc=",
|
"narHash": "sha256-WWtorZJ5wFhu5qRiVd1MkugwBSqLf+kktdCzwHAqgUQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9db82fb29eb1e7e07285580e61724601651ddbda",
|
"rev": "cb13a6d0ae81a8fecbc3eb198d6c2a08bd45d32f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -410,11 +410,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711809391,
|
"lastModified": 1711888895,
|
||||||
"narHash": "sha256-/nGV6P8nB/R/ysbl1KQIKIwp1mQPXxtnoEd+pf3X+nw=",
|
"narHash": "sha256-Hykv2DGC5EHzZ89+54w/zkit+CVGLRcdIgOWnB4zW5k=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "0c16f59202c5062d12ef9cd4560cc9fca9d99f9a",
|
"rev": "db6b61f117c83943f15289ced03674f81d08256a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -12,42 +12,61 @@ with lib; {
|
||||||
./jellyfin.nix
|
./jellyfin.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
services.nginx = {
|
# users.users.nginx.extraGroups = ["acme"];
|
||||||
|
|
||||||
|
# services.nginx = {
|
||||||
|
# enable = true;
|
||||||
|
# package = pkgs.nginxQuic;
|
||||||
|
#
|
||||||
|
# recommendedGzipSettings = true;
|
||||||
|
# recommendedOptimisation = true;
|
||||||
|
# recommendedProxySettings = true;
|
||||||
|
# recommendedTlsSettings = true;
|
||||||
|
#
|
||||||
|
# # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||||
|
# # sslProtocols = mkDefault "TLSv1.3";
|
||||||
|
#
|
||||||
|
# clientMaxBodySize = mkDefault "128M";
|
||||||
|
# commonHttpConfig = ''
|
||||||
|
# map $scheme $hsts_header {
|
||||||
|
# https "max-age=31536000; includeSubdomains; preload";
|
||||||
|
# }
|
||||||
|
# add_header Strict-Transport-Security $hsts_header;
|
||||||
|
# add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
# add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
# add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
# add_header Referrer-Policy "same-origin" always;
|
||||||
|
# '';
|
||||||
|
# };
|
||||||
|
#
|
||||||
|
# security.acme = {
|
||||||
|
# acceptTerms = true;
|
||||||
|
# defaults.email = "xqtc@tutanota.com";
|
||||||
|
# defaults.keyType = "ec256";
|
||||||
|
# # certs = {
|
||||||
|
# # # "heroin.trade" = {};
|
||||||
|
# # "jellyfin.heroin.trade" = {};
|
||||||
|
# # "grafana.heroin.trade" = {};
|
||||||
|
# # };
|
||||||
|
# };
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nginxQuic;
|
email = "xqtc@tutanota.com";
|
||||||
|
configFile = pkgs.writeText "Caddyfile" ''
|
||||||
recommendedGzipSettings = true;
|
heroin.trade {
|
||||||
recommendedOptimisation = true;
|
root * /var/www/website/build/
|
||||||
recommendedProxySettings = true;
|
file_server
|
||||||
recommendedTlsSettings = true;
|
}
|
||||||
|
jellyfin.heroin.trade {
|
||||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
reverse_proxy http://127.0.0.1:8096
|
||||||
sslProtocols = mkDefault "TLSv1.3";
|
}
|
||||||
# sslDhparam = config.security.dhparams.params.nginx.path;
|
grafana.heroin.trade {
|
||||||
|
reverse_proxy http://127.0.0.1:2342
|
||||||
clientMaxBodySize = mkDefault "128M";
|
|
||||||
commonHttpConfig = ''
|
|
||||||
map $scheme $hsts_header {
|
|
||||||
https "max-age=31536000; includeSubdomains; preload";
|
|
||||||
}
|
}
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
||||||
add_header Referrer-Policy "same-origin" always;
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
defaults.email = "xqtc@tutanota.com";
|
|
||||||
defaults.keyType = "ec256";
|
|
||||||
certs = {
|
|
||||||
"jellyfin.heroin.trade" = {};
|
|
||||||
"grafana.heroin.trade" = {};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
|
|
@ -38,36 +38,4 @@ in {
|
||||||
services.jellyfin.enable = true;
|
services.jellyfin.enable = true;
|
||||||
# services.jellyfin.openFirewall = true;
|
# services.jellyfin.openFirewall = true;
|
||||||
services.jellyfin.user = "xqtc";
|
services.jellyfin.user = "xqtc";
|
||||||
services.nginx.virtualHosts."jellyfin.heroin.trade" = {
|
|
||||||
# addSSL = true;
|
|
||||||
# kTLS = true;
|
|
||||||
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations = {
|
|
||||||
# "= /".return = "302 https://$host/web/";
|
|
||||||
"/" = {
|
|
||||||
# extraConfig = ''
|
|
||||||
# proxy_set_header Host $host;
|
|
||||||
# proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
# proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
# proxy_set_header X-Forwarded-Protocol $scheme;
|
|
||||||
# proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
# proxy_buffering on;
|
|
||||||
# '';
|
|
||||||
proxyPass = "http://127.0.0.1:8096";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
# "= /web/" = {
|
|
||||||
# proxyPass = "http://127.0.0.1:8096/web/index.html";
|
|
||||||
# extraConfig = proxyConfig;
|
|
||||||
# };
|
|
||||||
# "/socket" = {
|
|
||||||
# proxyPass = "http://127.0.0.1:8096";
|
|
||||||
# proxyWebsockets = true;
|
|
||||||
# extraConfig = proxyConfig;
|
|
||||||
# };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,10 +6,9 @@
|
||||||
networking.firewall.allowedTCPPorts = [80 443 9001];
|
networking.firewall.allowedTCPPorts = [80 443 9001];
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.server = {
|
port = 2342;
|
||||||
port = 2342;
|
addr = "127.0.0.1";
|
||||||
addr = "127.0.0.1";
|
domain = "grafan.heroin.trade";
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
|
@ -33,16 +32,4 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."grafana.heroin.trade" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
'';
|
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue