Move most Nginx proxies to the individual services
This commit is contained in:
parent
f1d2652c53
commit
1f8156e868
|
@ -50,13 +50,13 @@
|
|||
|
||||
# NixOS configuration entrypoint, use 'nixos-rebuild --flake .#your-hostname'
|
||||
nixosConfigurations = {
|
||||
JimNixDesktop = nixpkgs.lib.nixosSystem {
|
||||
JimDesktop = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
./nixos/desktop.nix
|
||||
];
|
||||
};
|
||||
JimNixServer = nixpkgs.lib.nixosSystem {
|
||||
JimServer = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
./nixos/server.nix
|
||||
|
@ -68,7 +68,7 @@
|
|||
# Standalone home-manager configuration entrypoint
|
||||
# Available through 'home-manager --flake .#your-username@your-hostname'
|
||||
homeConfigurations = {
|
||||
"jimbo@JimNixDesktop" = home-manager.lib.homeManagerConfiguration {
|
||||
"jimbo@JimDesktop" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
|
@ -76,7 +76,7 @@
|
|||
nur.nixosModules.nur
|
||||
];
|
||||
};
|
||||
"jimbo@JimNixServer" = home-manager.lib.homeManagerConfiguration {
|
||||
"jimbo@JimServer" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
|
|
|
@ -44,8 +44,8 @@
|
|||
auth = import ./common/auth.nix;
|
||||
in {
|
||||
nixdate = ''
|
||||
${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimNixDesktop;
|
||||
home-manager switch --flake /etc/nixos/.#jimbo@JimNixDesktop;
|
||||
${auth.method} nixos-rebuild switch --flake /etc/nixos/.#JimDesktop;
|
||||
home-manager switch --flake /etc/nixos/.#jimbo@JimDesktop;
|
||||
notify-send "NixOS switch finished."
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -78,7 +78,7 @@
|
|||
command = ''wine "$1"'';
|
||||
}
|
||||
{
|
||||
condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip, has 7z'';
|
||||
condition = ''ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz|iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip|zst, has 7z'';
|
||||
command = ''7z x -- "$@"'';
|
||||
}
|
||||
{
|
||||
|
|
|
@ -31,5 +31,5 @@
|
|||
./services/mpd.nix
|
||||
];
|
||||
|
||||
networking.hostName = "JimNixDesktop";
|
||||
networking.hostName = "JimDesktop";
|
||||
}
|
||||
|
|
|
@ -40,5 +40,5 @@
|
|||
];
|
||||
|
||||
services.openssh.ports = [ 2222 ];
|
||||
networking.hostName = "JimNixServer";
|
||||
networking.hostName = "JimServer";
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
# Configure the Element web server
|
||||
nixpkgs.config.element-web.conf = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
nixpkgs.config.element-web.conf {
|
||||
default_server_config = {
|
||||
"m.homeserver" = {
|
||||
base_url = "https://matrix.${secrets.jimDomain}";
|
||||
|
@ -20,4 +20,11 @@
|
|||
disable_guests = true;
|
||||
default_theme = "dark";
|
||||
};
|
||||
|
||||
# Serve the Element page over Nginx
|
||||
services.nginx.virtualHosts."chat.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "${pkgs.element-web}";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,25 +1,35 @@
|
|||
{
|
||||
services.gitea = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.${secrets.jimDomain}";
|
||||
ROOT_URL = "https://git.${secrets.jimDomain}:443";
|
||||
HTTP_PORT = 3110;
|
||||
SSH_PORT = 2299;
|
||||
START_SSH_SERVER = true;
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
gitea = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.${secrets.jimDomain}";
|
||||
ROOT_URL = "https://git.${secrets.jimDomain}:443";
|
||||
HTTP_PORT = 3110;
|
||||
SSH_PORT = 2299;
|
||||
START_SSH_SERVER = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
SMTP_ADDR = "mx.${secrets.jimDomain}";
|
||||
FROM = "Jimbo's Git <noreply@${secrets.jimDomain}>";
|
||||
USER = "noreply@${secrets.jimDomain}";
|
||||
PASSWD = secrets.noreplyPassword;
|
||||
PROTOCOL = "smtps";
|
||||
};
|
||||
service.REGISTER_EMAIL_CONFIRM = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
SMTP_ADDR = "mx.${secrets.jimDomain}";
|
||||
FROM = "Jimbo's Git <noreply@${secrets.jimDomain}>";
|
||||
USER = "noreply@${secrets.jimDomain}";
|
||||
PASSWD = secrets.noreplyPassword;
|
||||
PROTOCOL = "smtps";
|
||||
};
|
||||
nginx.virtualHosts."git.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3110";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
service.REGISTER_EMAIL_CONFIRM = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,19 +1,27 @@
|
|||
{
|
||||
services.lemmy = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
enable = true;
|
||||
nginx.enable = true;
|
||||
database.createLocally = true;
|
||||
settings = {
|
||||
hostname = "lemmy.${secrets.jimDomain}";
|
||||
email = {
|
||||
smtp_server = "mx.${secrets.jimDomain}:587";
|
||||
smtp_login = "noreply@${secrets.jimDomain}";
|
||||
smtp_from_address = "Jimbo's Lemmy <noreply@${secrets.jimDomain}>";
|
||||
smtp_password = secrets.noreplyPassword;
|
||||
tls_type = "starttls";
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
lemmy {
|
||||
enable = true;
|
||||
nginx.enable = true;
|
||||
database.createLocally = true;
|
||||
settings = {
|
||||
hostname = "lemmy.${secrets.jimDomain}";
|
||||
email = {
|
||||
smtp_server = "mx.${secrets.jimDomain}:587";
|
||||
smtp_login = "noreply@${secrets.jimDomain}";
|
||||
smtp_from_address = "Jimbo's Lemmy <noreply@${secrets.jimDomain}>";
|
||||
smtp_password = secrets.noreplyPassword;
|
||||
tls_type = "starttls";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Add SSL to webpage
|
||||
nginx.virtualHosts."lemmy.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -50,5 +50,15 @@ in rec {
|
|||
|
||||
# Force the mailserver to use a different redis port
|
||||
redis.servers.rspamd.port = 1515;
|
||||
|
||||
# The hostname mail ports use
|
||||
nginx.virtualHosts."mx.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:1390";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,30 +1,47 @@
|
|||
{pkgs, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "cloud.${secrets.jimDomain}";
|
||||
datadir = "/mnt/nextcloud";
|
||||
https = true;
|
||||
config = {
|
||||
adminuser = "jimbo";
|
||||
adminpassFile = "/mnt/nextcloud/password.txt";
|
||||
};
|
||||
settings = {
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
trusted_domains = [ "cloud.${secrets.jimDomain}" ];
|
||||
overwriteprotocol = "https";
|
||||
services = {
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "cloud.${secrets.jimDomain}";
|
||||
datadir = "/mnt/nextcloud";
|
||||
https = true;
|
||||
config = {
|
||||
adminuser = "jimbo";
|
||||
adminpassFile = "/mnt/nextcloud/password.txt";
|
||||
};
|
||||
settings = {
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
trusted_domains = [ "cloud.${secrets.jimDomain}" ];
|
||||
overwriteprotocol = "https";
|
||||
|
||||
# Mailserver settings
|
||||
mail_smtphost = "mx.${secrets.jimDomain}";
|
||||
mail_domain = "${secrets.jimDomain}";
|
||||
mail_from_address = "noreply";
|
||||
mail_smtpauth = "true";
|
||||
mail_smtpname = "noreply@${secrets.jimDomain}";
|
||||
mail_smtppassword = secrets.noreplyPassword;
|
||||
mail_smtpmode = "smtp";
|
||||
mail_smtpport = 587;
|
||||
# Mailserver settings
|
||||
mail_smtphost = "mx.${secrets.jimDomain}";
|
||||
mail_domain = "${secrets.jimDomain}";
|
||||
mail_from_address = "noreply";
|
||||
mail_smtpauth = "true";
|
||||
mail_smtpname = "noreply@${secrets.jimDomain}";
|
||||
mail_smtppassword = secrets.noreplyPassword;
|
||||
mail_smtpmode = "smtp";
|
||||
mail_smtpport = 587;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."cloud.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "
|
||||
location /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,68 +15,31 @@
|
|||
"${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "/var/www/jimweb";
|
||||
root = "/var/www/jimweb";
|
||||
locations = {
|
||||
"/.well-known/matrix/client" = {
|
||||
extraConfig = ''
|
||||
"/.well-known/matrix/client" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${secrets.jimDomain}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${secrets.jimDomain}"
|
||||
}
|
||||
}';
|
||||
'';
|
||||
};
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${secrets.jimDomain}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${secrets.jimDomain}"
|
||||
}
|
||||
}';
|
||||
'';
|
||||
};
|
||||
"/.well-known/matrix/server" = {
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Nextcloud Proxy
|
||||
"cloud.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "
|
||||
location /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
";
|
||||
};
|
||||
};
|
||||
|
||||
# Vaultwarden Proxy
|
||||
"warden.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Recipes Proxy
|
||||
"recipes.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5030";
|
||||
proxyWebsockets = true;
|
||||
return 200 '{"m.server": "matrix.${secrets.jimDomain}:443"}';
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -90,56 +53,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Gitea Proxy
|
||||
"git.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3110";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Pufferpanel Proxy
|
||||
"panel.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5010";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Matrix Proxy
|
||||
"matrix.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".extraConfig = ''return 403;'';
|
||||
"/client".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_matrix".proxyPass = "http://127.0.0.1:8008";
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
};
|
||||
|
||||
# Element Proxy
|
||||
"chat.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "${pkgs.element-web}";
|
||||
};
|
||||
|
||||
# Coturn Proxy
|
||||
"turn.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = 80; ssl = false; }
|
||||
];
|
||||
locations."/".proxyPass = "http://127.0.0.1:1380";
|
||||
};
|
||||
|
||||
# Radio Proxy
|
||||
"radio.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
|
@ -147,34 +60,8 @@
|
|||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:255";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Streaming proxy
|
||||
"live.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8060";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Mail certificate proxy
|
||||
"mx.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:1390";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Add SSL to Lemmy
|
||||
"lemmy.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
appendConfig = ''
|
||||
rtmp {
|
||||
|
@ -197,10 +84,8 @@
|
|||
'';
|
||||
};
|
||||
|
||||
# Force Nginx to work and be able to read+write the hls path
|
||||
security.pam.services.nginx.setEnvironment = false;
|
||||
# Allow Nginx to read and write to paths
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
SupplementaryGroups = [ "shadow" ];
|
||||
ReadWritePaths = [ "/var/www/jimweb/streams/hls/" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,20 @@
|
|||
{
|
||||
services.owncast = {
|
||||
enable = true;
|
||||
port = 8060;
|
||||
rtmp-port = 1945;
|
||||
listen = "0.0.0.0";
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
owncast = {
|
||||
enable = true;
|
||||
port = 8060;
|
||||
rtmp-port = 1945;
|
||||
listen = "0.0.0.0";
|
||||
};
|
||||
nginx.virtualHosts."live.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8060";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,23 +1,33 @@
|
|||
{pkgs, lib, ...}: {
|
||||
services.pufferpanel = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
enable = true;
|
||||
environment = {
|
||||
PUFFER_WEB_HOST = ":5010";
|
||||
PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
|
||||
PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587";
|
||||
PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
|
||||
{pkgs, lib, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
pufferpanel = {
|
||||
enable = true;
|
||||
environment = {
|
||||
PUFFER_WEB_HOST = ":5010";
|
||||
PUFFER_PANEL_SETTINGS_MASTERURL = "https://panel.${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
|
||||
PUFFER_PANEL_EMAIL_HOST = "mx.${secrets.jimDomain}:587";
|
||||
PUFFER_PANEL_EMAIL_FROM = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
PUFFER_PANEL_EMAIL_PASSWORD = secrets.noreplyPassword;
|
||||
};
|
||||
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
|
||||
package = pkgs.buildFHSEnv {
|
||||
name = "pufferpanel-fhs";
|
||||
meta.mainProgram = "pufferpanel-fhs";
|
||||
runScript = lib.getExe pkgs.pufferpanel;
|
||||
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
|
||||
};
|
||||
};
|
||||
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
|
||||
package = pkgs.buildFHSEnv {
|
||||
name = "pufferpanel-fhs";
|
||||
meta.mainProgram = "pufferpanel-fhs";
|
||||
runScript = lib.getExe pkgs.pufferpanel;
|
||||
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
|
||||
nginx.virtualHosts."panel.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5010";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{pkgs, config, ...}: {
|
||||
services = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
{pkgs, config, ...}: let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
# Synapse Matrix server
|
||||
matrix-synapse = with config.services.coturn; {
|
||||
enable = true;
|
||||
|
@ -92,5 +92,28 @@
|
|||
cert = "/var/lib/acme/turn.${secrets.jimDomain}.com/fullchain.pem";
|
||||
pkey = "/var/lib/acme/turn.${secrets.jimDomain}.com/key.pem";
|
||||
};
|
||||
|
||||
# Nginx
|
||||
nginx.virtualHosts = {
|
||||
"matrix.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/".extraConfig = ''return 403;'';
|
||||
"/client".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_matrix".proxyPass = "http://127.0.0.1:8008";
|
||||
"/_matrix/client/unstable/org.matrix.msc3575/sync".proxyPass = "http://127.0.0.1:8009";
|
||||
"/_synapse/client".proxyPass = "http://127.0.0.1:8008";
|
||||
};
|
||||
};
|
||||
"turn.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = 80; ssl = false; }
|
||||
];
|
||||
locations."/".proxyPass = "http://127.0.0.1:1380";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,18 @@
|
|||
{
|
||||
services.tandoor-recipes = {
|
||||
enable = true;
|
||||
port = 5030;
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
tandoor-recipes = {
|
||||
enable = true;
|
||||
port = 5030;
|
||||
};
|
||||
nginx.virtualHosts."recipes.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5030";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,24 +1,34 @@
|
|||
{
|
||||
services.vaultwarden = let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = "https://warden.${secrets.jimDomain}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_LOG = "critical";
|
||||
let
|
||||
secrets = import ../modules/secrets.nix;
|
||||
in {
|
||||
services = {
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
DOMAIN = "https://warden.${secrets.jimDomain}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_LOG = "critical";
|
||||
|
||||
# Smtp email
|
||||
SMTP_HOST = "mx.${secrets.jimDomain}";
|
||||
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${secrets.jimDomain}>";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
SMTP_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
SMTP_PASSWORD = secrets.noreplyPassword;
|
||||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
SMTP_TIMEOUT = 15;
|
||||
# Smtp email
|
||||
SMTP_HOST = "mx.${secrets.jimDomain}";
|
||||
SMTP_FROM = "Jimbo's Vaultwarden <noreply@${secrets.jimDomain}>";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
SMTP_USERNAME = "noreply@${secrets.jimDomain}";
|
||||
SMTP_PASSWORD = secrets.noreplyPassword;
|
||||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
SMTP_TIMEOUT = 15;
|
||||
};
|
||||
};
|
||||
nginx.virtualHosts."warden.${secrets.jimDomain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue