martials.no / nixos-configuration
this repo has no description
fork atom

Compare changes

Choose any two refs to compare.

+58 -72
unified split
+55 -72
hosts/pi4/nginx.nix
··· 10 inherit (lib.my.webServices) localAddress; 11 inherit (common) domain; 12 13 - mkReverseProxy = webService: { 14 forceSSL = true; 15 acmeRoot = null; 16 useACMEHost = domain; 17 - locations."/".proxyPass = localAddress webService; 18 - }; 19 - mkWsReverseProxy = webService: { 20 - forceSSL = true; 21 - acmeRoot = null; 22 - useACMEHost = domain; 23 - locations."/" = { 24 - proxyPass = localAddress webService; 25 - proxyWebsockets = true; 26 - }; 27 }; 28 proxyTo = address: port: { 29 forceSSL = true; 30 acmeRoot = null; 31 useACMEHost = domain; 32 locations."/".proxyPass = "${address}:${toString port}"; 33 }; 34 - proxyWsTo = address: port: { 35 - forceSSL = true; 36 - acmeRoot = null; 37 - useACMEHost = domain; 38 - locations."/" = { 39 - proxyPass = "${address}:${toString port}"; 40 - proxyWebsockets = true; 41 - }; 42 - }; 43 proxyLocations = locations: { 44 forceSSL = true; 45 acmeRoot = null; ··· 48 }; 49 nidaros = "http://${systems.nidaros.address.private}"; 50 nidarosProxy = proxyTo nidaros; 51 - nidarosProxyWs = proxyWsTo nidaros; 52 redirect = subdomain: { 53 enableACME = true; 54 forceSSL = true; ··· 66 67 clientMaxBodySize = "16G"; 68 69 - virtualHosts = { 70 - # Beta is currently stable 71 - "www.${domain}" = redirect ""; 72 - "beta.${domain}" = redirect ""; 73 - "dev.${domain}" = mkReverseProxy webServices.homepage-dev; 74 - "rss.${domain}" = mkReverseProxy webServices.freshrss; 75 - "atuin.${domain}" = mkReverseProxy webServices.atuin; 76 - "grocery.${domain}" = mkWsReverseProxy webServices.kitchenowl; 77 - "git.${domain}" = redirect "code"; 78 - "kitchenowl.${domain}" = redirect "grocery"; 79 - # Forgejo 80 - "code.${domain}" = proxyLocations { 81 - "/" = { 82 - proxyPass = "${nidaros}:8002"; 83 extraConfig = '' 84 - # Redirect from old username to new one 85 - if ($request_uri ~ "^/martials(.*)$") { 86 - return 301 /martin$1; 87 - } 88 ''; 89 }; 90 - }; 91 - "beta.code.${domain}" = redirect "code"; 92 - # Home Assistant 93 - "home.${domain}" = { 94 - forceSSL = true; 95 - acmeRoot = null; 96 - useACMEHost = domain; 97 - extraConfig = '' 98 - proxy_buffering off; 99 - ''; 100 - locations."/" = { 101 - proxyPass = "${nidaros}:${toString webServices.homeAssistant.port}"; 102 - proxyWebsockets = true; 103 - }; 104 - }; 105 106 - # Nextcloud 107 - "nextcloud.${domain}" = proxyLocations { 108 - "/" = { 109 - proxyPass = "${nidaros}:80"; 110 - proxyWebsockets = true; 111 }; 112 - "/.well-known/carddav".return = "301 /remote.php/dav"; 113 - "/.well-known/caldav".return = "301 /remote.php/dav"; 114 }; 115 - # Actual budget 116 - "budget.${domain}" = nidarosProxy 5006; 117 - "vpn.${domain}" = nidarosProxyWs 8083; 118 - "secure.${domain}" = nidarosProxy 8083; 119 - # Homepage / portfolio 120 - "${domain}" = nidarosProxy 4321; 121 - "recurring-events-api.${domain}" = nidarosProxy 8095; 122 - "iam.${domain}" = nidarosProxy 8081; 123 - "monitor.${domain}" = nidarosProxyWs 8003; 124 - "link.${domain}" = nidarosProxy (webServices.linkwarden.port); 125 - }; 126 }; 127 128 security.acme = {
··· 10 inherit (lib.my.webServices) localAddress; 11 inherit (common) domain; 12 13 + sslConfig = { 14 forceSSL = true; 15 acmeRoot = null; 16 useACMEHost = domain; 17 }; 18 + mkReverseProxy = 19 + webService: 20 + { 21 + locations."/" = { 22 + proxyPass = localAddress webService; 23 + proxyWebsockets = webService.webSockets; 24 + }; 25 + } 26 + // sslConfig; 27 proxyTo = address: port: { 28 forceSSL = true; 29 acmeRoot = null; 30 useACMEHost = domain; 31 locations."/".proxyPass = "${address}:${toString port}"; 32 }; 33 proxyLocations = locations: { 34 forceSSL = true; 35 acmeRoot = null; ··· 38 }; 39 nidaros = "http://${systems.nidaros.address.private}"; 40 nidarosProxy = proxyTo nidaros; 41 redirect = subdomain: { 42 enableACME = true; 43 forceSSL = true; ··· 55 56 clientMaxBodySize = "16G"; 57 58 + virtualHosts = 59 + (lib.attrsets.mapAttrs' ( 60 + _key: service: lib.nameValuePair service.domain (mkReverseProxy service) 61 + ) webServices) 62 + // { 63 + # Beta is currently stable 64 + "www.${domain}" = redirect ""; 65 + "beta.${domain}" = redirect ""; 66 + "git.${domain}" = redirect "code"; 67 + "kitchenowl.${domain}" = redirect "grocery"; 68 + # Forgejo 69 + "code.${domain}" = proxyLocations { 70 + "/" = { 71 + proxyPass = "${nidaros}:8002"; 72 + extraConfig = '' 73 + # Redirect from old username to new one 74 + if ($request_uri ~ "^/martials(.*)$") { 75 + return 301 /martin$1; 76 + } 77 + ''; 78 + }; 79 + }; 80 + "beta.code.${domain}" = redirect "code"; 81 + # Home Assistant 82 + "home.${domain}" = { 83 + forceSSL = true; 84 + acmeRoot = null; 85 + useACMEHost = domain; 86 extraConfig = '' 87 + proxy_buffering off; 88 ''; 89 + locations."/" = { 90 + proxyPass = "${nidaros}:${toString webServices.homeAssistant.port}"; 91 + proxyWebsockets = true; 92 + }; 93 }; 94 95 + # Nextcloud 96 + "nextcloud.${domain}" = proxyLocations { 97 + "/" = { 98 + proxyPass = "${nidaros}:80"; 99 + proxyWebsockets = true; 100 + }; 101 + "/.well-known/carddav".return = "301 /remote.php/dav"; 102 + "/.well-known/caldav".return = "301 /remote.php/dav"; 103 }; 104 + "secure.${domain}" = nidarosProxy 8083; 105 + # Homepage / portfolio 106 + "${domain}" = nidarosProxy 4321; 107 + "iam.${domain}" = nidarosProxy 8081; 108 }; 109 }; 110 111 security.acme = {
+3
web-services.nix
··· 7 service 8 // { 9 inherit host; 10 } 11 ) services; 12 in ··· 35 grafana = { 36 domain = "monitor.martials.no"; 37 port = 8002; 38 }; 39 headscale = { 40 domain = "vpn.martials.no"; ··· 69 kitchenowl = { 70 domain = "grocery.martials.no"; 71 port = 8088; 72 }; 73 }
··· 7 service 8 // { 9 inherit host; 10 + webSockets = service.webSockets or false; 11 } 12 ) services; 13 in ··· 36 grafana = { 37 domain = "monitor.martials.no"; 38 port = 8002; 39 + webSockets = true; 40 }; 41 headscale = { 42 domain = "vpn.martials.no"; ··· 71 kitchenowl = { 72 domain = "grocery.martials.no"; 73 port = 8088; 74 + webSockets = true; 75 }; 76 }