comparing main and refactor/nginx on martials.no/nixos-configuration

martials.no / nixos-configuration

this repo has no description

fork atom

Compare changes

Choose any two refs to compare.

+58 -72

2 changed files

expand all

unified split

hosts

pi4

nginx.nix

web-services.nix

+55 -72

hosts/pi4/nginx.nix

··· 10 10 inherit (lib.my.webServices) localAddress; 11 11 inherit (common) domain; 12 12 13 - mkReverseProxy = webService: { 13 + sslConfig = { 14 14 forceSSL = true; 15 15 acmeRoot = null; 16 16 useACMEHost = domain; 17 - locations."/".proxyPass = localAddress webService; 18 - }; 19 - mkWsReverseProxy = webService: { 20 - forceSSL = true; 21 - acmeRoot = null; 22 - useACMEHost = domain; 23 - locations."/" = { 24 - proxyPass = localAddress webService; 25 - proxyWebsockets = true; 26 - }; 27 17 }; 18 + mkReverseProxy = 19 + webService: 20 + { 21 + locations."/" = { 22 + proxyPass = localAddress webService; 23 + proxyWebsockets = webService.webSockets; 24 + }; 25 + } 26 + // sslConfig; 28 27 proxyTo = address: port: { 29 28 forceSSL = true; 30 29 acmeRoot = null; 31 30 useACMEHost = domain; 32 31 locations."/".proxyPass = "${address}:${toString port}"; 33 32 }; 34 - proxyWsTo = address: port: { 35 - forceSSL = true; 36 - acmeRoot = null; 37 - useACMEHost = domain; 38 - locations."/" = { 39 - proxyPass = "${address}:${toString port}"; 40 - proxyWebsockets = true; 41 - }; 42 - }; 43 33 proxyLocations = locations: { 44 34 forceSSL = true; 45 35 acmeRoot = null; ··· 48 38 }; 49 39 nidaros = "http://${systems.nidaros.address.private}"; 50 40 nidarosProxy = proxyTo nidaros; 51 - nidarosProxyWs = proxyWsTo nidaros; 52 41 redirect = subdomain: { 53 42 enableACME = true; 54 43 forceSSL = true; ··· 66 55 67 56 clientMaxBodySize = "16G"; 68 57 69 - virtualHosts = { 70 - # Beta is currently stable 71 - "www.${domain}" = redirect ""; 72 - "beta.${domain}" = redirect ""; 73 - "dev.${domain}" = mkReverseProxy webServices.homepage-dev; 74 - "rss.${domain}" = mkReverseProxy webServices.freshrss; 75 - "atuin.${domain}" = mkReverseProxy webServices.atuin; 76 - "grocery.${domain}" = mkWsReverseProxy webServices.kitchenowl; 77 - "git.${domain}" = redirect "code"; 78 - "kitchenowl.${domain}" = redirect "grocery"; 79 - # Forgejo 80 - "code.${domain}" = proxyLocations { 81 - "/" = { 82 - proxyPass = "${nidaros}:8002"; 58 + virtualHosts = 59 + (lib.attrsets.mapAttrs' ( 60 + _key: service: lib.nameValuePair service.domain (mkReverseProxy service) 61 + ) webServices) 62 + // { 63 + # Beta is currently stable 64 + "www.${domain}" = redirect ""; 65 + "beta.${domain}" = redirect ""; 66 + "git.${domain}" = redirect "code"; 67 + "kitchenowl.${domain}" = redirect "grocery"; 68 + # Forgejo 69 + "code.${domain}" = proxyLocations { 70 + "/" = { 71 + proxyPass = "${nidaros}:8002"; 72 + extraConfig = '' 73 + # Redirect from old username to new one 74 + if ($request_uri ~ "^/martials(.*)$") { 75 + return 301 /martin$1; 76 + } 77 + ''; 78 + }; 79 + }; 80 + "beta.code.${domain}" = redirect "code"; 81 + # Home Assistant 82 + "home.${domain}" = { 83 + forceSSL = true; 84 + acmeRoot = null; 85 + useACMEHost = domain; 83 86 extraConfig = '' 84 - # Redirect from old username to new one 85 - if ($request_uri ~ "^/martials(.*)$") { 86 - return 301 /martin$1; 87 - } 87 + proxy_buffering off; 88 88 ''; 89 + locations."/" = { 90 + proxyPass = "${nidaros}:${toString webServices.homeAssistant.port}"; 91 + proxyWebsockets = true; 92 + }; 89 93 }; 90 - }; 91 - "beta.code.${domain}" = redirect "code"; 92 - # Home Assistant 93 - "home.${domain}" = { 94 - forceSSL = true; 95 - acmeRoot = null; 96 - useACMEHost = domain; 97 - extraConfig = '' 98 - proxy_buffering off; 99 - ''; 100 - locations."/" = { 101 - proxyPass = "${nidaros}:${toString webServices.homeAssistant.port}"; 102 - proxyWebsockets = true; 103 - }; 104 - }; 105 94 106 - # Nextcloud 107 - "nextcloud.${domain}" = proxyLocations { 108 - "/" = { 109 - proxyPass = "${nidaros}:80"; 110 - proxyWebsockets = true; 95 + # Nextcloud 96 + "nextcloud.${domain}" = proxyLocations { 97 + "/" = { 98 + proxyPass = "${nidaros}:80"; 99 + proxyWebsockets = true; 100 + }; 101 + "/.well-known/carddav".return = "301 /remote.php/dav"; 102 + "/.well-known/caldav".return = "301 /remote.php/dav"; 111 103 }; 112 - "/.well-known/carddav".return = "301 /remote.php/dav"; 113 - "/.well-known/caldav".return = "301 /remote.php/dav"; 104 + "secure.${domain}" = nidarosProxy 8083; 105 + # Homepage / portfolio 106 + "${domain}" = nidarosProxy 4321; 107 + "iam.${domain}" = nidarosProxy 8081; 114 108 }; 115 - # Actual budget 116 - "budget.${domain}" = nidarosProxy 5006; 117 - "vpn.${domain}" = nidarosProxyWs 8083; 118 - "secure.${domain}" = nidarosProxy 8083; 119 - # Homepage / portfolio 120 - "${domain}" = nidarosProxy 4321; 121 - "recurring-events-api.${domain}" = nidarosProxy 8095; 122 - "iam.${domain}" = nidarosProxy 8081; 123 - "monitor.${domain}" = nidarosProxyWs 8003; 124 - "link.${domain}" = nidarosProxy (webServices.linkwarden.port); 125 - }; 126 109 }; 127 110 128 111 security.acme = {

web-services.nix

··· 7 7 service 8 8 // { 9 9 inherit host; 10 + webSockets = service.webSockets or false; 10 11 } 11 12 ) services; 12 13 in ··· 35 36 grafana = { 36 37 domain = "monitor.martials.no"; 37 38 port = 8002; 39 + webSockets = true; 38 40 }; 39 41 headscale = { 40 42 domain = "vpn.martials.no"; ··· 69 71 kitchenowl = { 70 72 domain = "grocery.martials.no"; 71 73 port = 8088; 74 + webSockets = true; 72 75 }; 73 76 }