diff --git a/hosts/sin/configuration.nix b/hosts/sin/configuration.nix index d784c7f..1a72f7c 100644 --- a/hosts/sin/configuration.nix +++ b/hosts/sin/configuration.nix @@ -17,7 +17,6 @@ ./secrets.nix ./coredns ./copyparty.nix - ./ollama.nix ]; boot.initrd.kernelModules = [ "usb_storage" ]; @@ -115,11 +114,5 @@ powerOnBoot = true; }; - hardware.graphics.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia.open = false; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_390; - nixpkgs.config.nvidia.acceptLicense = true; - system.stateVersion = "24.11"; } diff --git a/hosts/sin/copyparty.nix b/hosts/sin/copyparty.nix index f74118d..35acb56 100644 --- a/hosts/sin/copyparty.nix +++ b/hosts/sin/copyparty.nix @@ -1,4 +1,5 @@ -{inputs, pkgs, ...}: { +{ inputs, pkgs, ... }: +{ imports = [ inputs.copyparty.nixosModules.default ]; nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; environment.systemPackages = [ pkgs.copyparty ]; @@ -11,7 +12,8 @@ e2ts = true; z = true; qr = true; - xff-src = "lan"; + xff-hdr = "X-Real-IP"; + rproxy = 1; http-only = true; og = true; shr = "/shares"; diff --git a/hosts/thea/nginx.nix b/hosts/thea/nginx.nix index 8c8016a..f15d64b 100644 --- a/hosts/thea/nginx.nix +++ b/hosts/thea/nginx.nix @@ -1,124 +1,132 @@ -{inputs, ...}: +{ inputs, ... }: let # striped-front = inputs.striped-front; sin-address = "192.168.1.14"; -in { +in +{ - networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + ]; services.nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - mkStarr = host: port: { - "${host}" = { - enableACME = true; - forceSSL = true; + virtualHosts = + let + mkStarr = host: port: { + "${host}" = { + enableACME = true; + forceSSL = true; - locations."/" = { - proxyPass = "http://${sin-address}:${port}"; - proxyWebsockets = true; - extraConfig = '' - proxy_ssl_server_name on; - proxy_read_timeout 4800s; - ''; - }; - }; - }; - in - ( - mkStarr "jellyfin.shobu.fr" "8096" - // mkStarr "radarr.shobu.fr" "7878" - // mkStarr "sonarr.shobu.fr" "8989" - // mkStarr "prowlarr.shobu.fr" "9696" - // mkStarr "bazarr.shobu.fr" "6767" - // mkStarr "jellyseerr.shobu.fr" "5055" - // mkStarr "fileshelter.shobu.fr" "5091" - // mkStarr "lidarr.shobu.fr" "8686" - // mkStarr "transmission.shobu.fr" "9091" - // mkStarr "zimablade-admin.shobu.fr" "61208" - // { - "shobu.fr" = { - enableACME = true; - forceSSL = true; - - root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist"; - }; - "data.shobu.fr" = { - enableACME = true; - forceSSL = true; - - root = "/mnt/shares/data"; - }; - "bddtrans.shobu.fr" = { - enableACME = true; - forceSSL = true; - - locations."/" = { - proxyPass = "http://${sin-address}:8001"; - extraConfig = '' - proxy_ssl_server_name on; - ''; + locations."/" = { + proxyPass = "http://${sin-address}:${port}"; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_server_name on; + proxy_read_timeout 4800s; + ''; + }; }; }; - "bddtrans-api.shobu.fr" = { - enableACME = true; - forceSSL = true; + in + ( + mkStarr "jellyfin.shobu.fr" "8096" + // mkStarr "radarr.shobu.fr" "7878" + // mkStarr "sonarr.shobu.fr" "8989" + // mkStarr "prowlarr.shobu.fr" "9696" + // mkStarr "bazarr.shobu.fr" "6767" + // mkStarr "jellyseerr.shobu.fr" "5055" + // mkStarr "fileshelter.shobu.fr" "5091" + // mkStarr "lidarr.shobu.fr" "8686" + // mkStarr "transmission.shobu.fr" "9091" + // mkStarr "zimablade-admin.shobu.fr" "61208" + // { + "shobu.fr" = { + enableACME = true; + forceSSL = true; - locations."/" = { + root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist"; + }; + "data.shobu.fr" = { + enableACME = true; + forceSSL = true; + + root = "/mnt/shares/data"; + }; + "bddtrans.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://${sin-address}:8001"; + extraConfig = '' + proxy_ssl_server_name on; + ''; + }; + }; + "bddtrans-api.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { proxyPass = "http://${sin-address}:8000"; - proxyWebsockets = true; - extraConfig = '' - proxy_ssl_server_name on; - ''; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_server_name on; + ''; + }; }; - }; - # "striped.shobu.fr" = { - # enableACME = true; - # forceSSL = true; + # "striped.shobu.fr" = { + # enableACME = true; + # forceSSL = true; - # root = "${striped-front.packages.x86_64-linux.default}/dist"; - # }; - "dashboard.shobu.fr" = { - enableACME = true; - forceSSL = true; + # root = "${striped-front.packages.x86_64-linux.default}/dist"; + # }; + "dashboard.shobu.fr" = { + enableACME = true; + forceSSL = true; - locations."/" = { - proxyPass = "http://${sin-address}:8082"; + locations."/" = { + proxyPass = "http://${sin-address}:8082"; + }; }; - }; - "git.shobu.fr" = { - enableACME = true; - forceSSL = true; + "git.shobu.fr" = { + enableACME = true; + forceSSL = true; - locations."/" = { - proxyPass = "http://${sin-address}:3000"; + locations."/" = { + proxyPass = "http://${sin-address}:3000"; + }; }; - }; - "files.shobu.fr" = { - enableACME = true; - forceSSL = true; + "files.shobu.fr" = { + enableACME = true; + forceSSL = true; - locations."/" = { - proxyPass = "http://${sin-address}:8086"; + locations."/" = { + proxyPass = "http://${sin-address}:8086"; + extraConfig = '' + proxy_set_header X-Real-IP $remote_addr; + ''; + }; }; - }; - # "matrix.shobu.fr" = { - # forceSSL = true; - # enableACME = true; - # locations."/".extraConfig = '' - # return 404; - # ''; - # locations."/_matrix".proxyPass = "http://${sin-address}:8008"; - # locations."/_synapse/client".proxyPass = "http://${sin-address}:8008"; - # locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server"; - # }; - } - ); + # "matrix.shobu.fr" = { + # forceSSL = true; + # enableACME = true; + # locations."/".extraConfig = '' + # return 404; + # ''; + # locations."/_matrix".proxyPass = "http://${sin-address}:8008"; + # locations."/_synapse/client".proxyPass = "http://${sin-address}:8008"; + # locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server"; + # }; + } + ); }; security.acme = {