Merge branch 'main' of git.sr.ht:~xqtc/nixos-config

This commit is contained in:
xqtc161 2024-04-02 19:15:48 +02:00
commit c08acb7f33
4 changed files with 65 additions and 91 deletions

View file

@ -49,11 +49,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1711500952,
"narHash": "sha256-YEF6ycTwkcuZq1ocon+JahHgwuQLQtpH2js1j+gN8K8=",
"lastModified": 1711944236,
"narHash": "sha256-ojbn/vd70A0q5exwbBwOLzTFODQls1BrkghShqqouUM=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "d0df0c83bfe2e7ed6e26259a289d7056c4001ced",
"rev": "bf108287a1a055d42b769328e2e18333bb5f842e",
"type": "gitlab"
},
"original": {
@ -245,11 +245,11 @@
]
},
"locked": {
"lastModified": 1711625603,
"narHash": "sha256-W+9dfqA9bqUIBV5u7jaIARAzMe3kTq/Hp2SpSVXKRQw=",
"lastModified": 1711915616,
"narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c0ef0dab55611c676ad7539bf4e41b3ec6fa87d2",
"rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6",
"type": "github"
},
"original": {
@ -335,11 +335,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1711832515,
"narHash": "sha256-RtO7XBMlXQDr31B26zDmCp9vQF1oIdnuFStRnqYj6cc=",
"lastModified": 1711972950,
"narHash": "sha256-WWtorZJ5wFhu5qRiVd1MkugwBSqLf+kktdCzwHAqgUQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9db82fb29eb1e7e07285580e61724601651ddbda",
"rev": "cb13a6d0ae81a8fecbc3eb198d6c2a08bd45d32f",
"type": "github"
},
"original": {
@ -410,11 +410,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1711809391,
"narHash": "sha256-/nGV6P8nB/R/ysbl1KQIKIwp1mQPXxtnoEd+pf3X+nw=",
"lastModified": 1711888895,
"narHash": "sha256-Hykv2DGC5EHzZ89+54w/zkit+CVGLRcdIgOWnB4zW5k=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "0c16f59202c5062d12ef9cd4560cc9fca9d99f9a",
"rev": "db6b61f117c83943f15289ced03674f81d08256a",
"type": "github"
},
"original": {

View file

@ -12,42 +12,61 @@ with lib; {
./jellyfin.nix
];
services.nginx = {
# users.users.nginx.extraGroups = ["acme"];
# services.nginx = {
# enable = true;
# package = pkgs.nginxQuic;
#
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# recommendedTlsSettings = true;
#
# # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# # sslProtocols = mkDefault "TLSv1.3";
#
# clientMaxBodySize = mkDefault "128M";
# commonHttpConfig = ''
# map $scheme $hsts_header {
# https "max-age=31536000; includeSubdomains; preload";
# }
# add_header Strict-Transport-Security $hsts_header;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header Referrer-Policy "same-origin" always;
# '';
# };
#
# security.acme = {
# acceptTerms = true;
# defaults.email = "xqtc@tutanota.com";
# defaults.keyType = "ec256";
# # certs = {
# # # "heroin.trade" = {};
# # "jellyfin.heroin.trade" = {};
# # "grafana.heroin.trade" = {};
# # };
# };
services.caddy = {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
sslProtocols = mkDefault "TLSv1.3";
# sslDhparam = config.security.dhparams.params.nginx.path;
clientMaxBodySize = mkDefault "128M";
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
email = "xqtc@tutanota.com";
configFile = pkgs.writeText "Caddyfile" ''
heroin.trade {
root * /var/www/website/build/
file_server
}
jellyfin.heroin.trade {
reverse_proxy http://127.0.0.1:8096
}
grafana.heroin.trade {
reverse_proxy http://127.0.0.1:2342
}
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "xqtc@tutanota.com";
defaults.keyType = "ec256";
certs = {
"jellyfin.heroin.trade" = {};
"grafana.heroin.trade" = {};
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings = {

View file

@ -38,36 +38,4 @@ in {
services.jellyfin.enable = true;
# services.jellyfin.openFirewall = true;
services.jellyfin.user = "xqtc";
services.nginx.virtualHosts."jellyfin.heroin.trade" = {
# addSSL = true;
# kTLS = true;
forceSSL = true;
enableACME = true;
locations = {
# "= /".return = "302 https://$host/web/";
"/" = {
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Protocol $scheme;
# proxy_set_header X-Forwarded-Host $http_host;
# proxy_buffering on;
# '';
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
# "= /web/" = {
# proxyPass = "http://127.0.0.1:8096/web/index.html";
# extraConfig = proxyConfig;
# };
# "/socket" = {
# proxyPass = "http://127.0.0.1:8096";
# proxyWebsockets = true;
# extraConfig = proxyConfig;
# };
};
};
}

View file

@ -6,10 +6,9 @@
networking.firewall.allowedTCPPorts = [80 443 9001];
services.grafana = {
enable = true;
settings.server = {
port = 2342;
addr = "127.0.0.1";
};
port = 2342;
addr = "127.0.0.1";
domain = "grafan.heroin.trade";
};
services.prometheus = {
@ -33,16 +32,4 @@
}
];
};
services.nginx.virtualHosts."grafana.heroin.trade" = {
forceSSL = true;
enableACME = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host $host;
'';
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
}