repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-07 20:27:53 +02:00
committed by Joakim Repomaa
parent e0d0c12a8e
commit 6a5789d45b
12 changed files with 27 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/apu/configuration.nix
View File

@@ -223,7 +223,7 @@
acme.dnsChallenge = true; acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = { vHosts."koti.repomaa.com" = {
proxyBuffering = false; proxyBuffering = false;
locations."/".proxy = "http://127.0.0.1:8123"; locations."/".proxyPort = 8123;
}; };
}; };

2
hosts/freun.dev/services/gotosocial.nix
View File

@@ -42,6 +42,6 @@ in
] ]
); );
"${fqdn}".locations."/".proxy = "http://127.0.0.1:${toString port}"; "${fqdn}".locations."/".proxyPort = port;
}; };
} }

2
hosts/freun.dev/services/grafana.nix
View File

@@ -43,7 +43,7 @@ in
]; ];
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
services.postgresql = { services.postgresql = {
ensureDatabases = [ "grafana" ]; ensureDatabases = [ "grafana" ];

2
hosts/freun.dev/services/gtrackmap.nix
View File

@@ -9,5 +9,5 @@ in
inherit port; inherit port;
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://localhost:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
} }

2
hosts/freun.dev/services/immich.nix
View File

@@ -167,7 +167,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
fileSystems."${immich_data_dir}" = { fileSystems."${immich_data_dir}" = {
device = "//u407959.your-storagebox.de/backup/immich"; device = "//u407959.your-storagebox.de/backup/immich";

2
hosts/freun.dev/services/invidious.nix
View File

@@ -19,5 +19,5 @@ in
}; };
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
} }

2
hosts/freun.dev/services/owncast.nix
View File

@@ -10,5 +10,5 @@ in
inherit port; inherit port;
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
} }

6
hosts/freun.dev/services/snips.nix
View File

@@ -15,9 +15,9 @@ in
enable = true; enable = true;
description = "Snips pastebin"; description = "Snips pastebin";
environment = { environment = {
SNIPS_HTTP_INTERNAL = "http://127.0.0.1:${toString port}"; SNIPS_HTTP_INTERNAL = "http://[::1]:${toString port}";
SNIPS_HTTP_EXTERNAL = "https://${fqdn}"; SNIPS_HTTP_EXTERNAL = "https://${fqdn}";
SNIPS_SSH_INTERNAL = "ssh://0.0.0.0:${toString sshPort}"; SNIPS_SSH_INTERNAL = "ssh://[::0]:${toString sshPort}";
SNIPS_SSH_EXTERNAL = "ssh://${fqdn}:${toString sshPort}"; SNIPS_SSH_EXTERNAL = "ssh://${fqdn}:${toString sshPort}";
SNIPS_HOST_KEY_PATH = "/var/lib/snips/keys/snips"; SNIPS_HOST_KEY_PATH = "/var/lib/snips/keys/snips";
SNIPS_DB_FILEPATH = "/var/lib/snips/snips.db"; SNIPS_DB_FILEPATH = "/var/lib/snips/snips.db";
@@ -38,7 +38,7 @@ in
}; };
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];
} }

2
hosts/freun.dev/services/syncthing.nix
View File

@@ -14,7 +14,7 @@ in
settings.gui.insecureSkipHostCheck = true; settings.gui.insecureSkipHostCheck = true;
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://localhost:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
fileSystems."${storage_dir}" = { fileSystems."${storage_dir}" = {
device = "//u407959.your-storagebox.de/backup/syncthing"; device = "//u407959.your-storagebox.de/backup/syncthing";

4
hosts/freun.dev/services/vaultwarden.nix
View File

@@ -1,6 +1,7 @@
{ lib, ... }: { lib, ... }:
let let
fqdn = "pw.freun.dev"; fqdn = "pw.freun.dev";
port = 8000;
in in
{ {
services.vaultwarden = { services.vaultwarden = {
@@ -21,10 +22,11 @@ in
SMTP_PORT = 587; SMTP_PORT = 587;
HELO_NAME = "freun.dev"; HELO_NAME = "freun.dev";
ROCKET_LIMITS = "{json=10485760}"; ROCKET_LIMITS = "{json=10485760}";
ROCKET_PORT = port;
}; };
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:8000"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
services.postgresql = { services.postgresql = {
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];

2
hosts/freun.dev/services/workout-tracker.nix
View File

@@ -31,5 +31,5 @@ in
}; };
}; };
modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
} }

32
modules/webserver.nix
View File

@@ -2,21 +2,11 @@
let let
cfg = config.modules.webserver; cfg = config.modules.webserver;
nginxVhost = options: {
forceSSL = true;
enableACME = true;
acmeRoot = lib.mkIf cfg.acme.dnsChallenge null;
} // options;
nginxProxy = options: {
proxyWebsockets = true;
} // options;
types = { types = {
location = lib.types.submodule { location = lib.types.submodule {
options = { options = {
proxy = lib.mkOption { proxyPort = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.int;
default = null; default = null;
}; };
extraConfig = lib.mkOption { extraConfig = lib.mkOption {
@@ -28,10 +18,6 @@ let
vhost = lib.types.submodule { vhost = lib.types.submodule {
options = { options = {
http2 = lib.mkOption {
type = lib.types.bool;
default = true;
};
proxyBuffering = lib.mkOption { proxyBuffering = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
@@ -74,15 +60,21 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts = lib.mapAttrs virtualHosts = lib.mapAttrs
(_: { proxyBuffering, locations, http2 }: nginxVhost { (_: { proxyBuffering, locations }: {
inherit http2; forceSSL = true;
enableACME = true;
http2 = true;
acmeRoot = lib.mkIf cfg.acme.dnsChallenge null;
extraConfig = lib.mkIf (!proxyBuffering) '' extraConfig = lib.mkIf (!proxyBuffering) ''
proxy_buffering off; proxy_buffering off;
''; '';
locations = lib.mapAttrs locations = lib.mapAttrs
(_: { proxy, extraConfig }: lib.mergeAttrsList [ (_: { proxyPort, extraConfig }: lib.mergeAttrsList [
{ inherit extraConfig; } { inherit extraConfig; }
(if (lib.isString proxy) then (nginxProxy { proxyPass = proxy; }) else { }) (if (lib.isInt proxyPort) then {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString proxyPort}";
} else { })
]) ])
locations; locations;
}) })