208 lines
5.9 KiB
Nix
208 lines
5.9 KiB
Nix
{
|
|
inputs,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
# striped-front = inputs.striped-front;
|
|
|
|
sin-address = "192.168.1.14";
|
|
authelia-snippets = pkgs.callPackage ./lib/autheliaSnippets.nix { inherit pkgs; };
|
|
in
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
8448
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
typesHashMaxSize = 512;
|
|
mapHashMaxSize = 512;
|
|
|
|
virtualHosts =
|
|
let
|
|
mkVHost = host: port: {
|
|
"${host}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:${port}";
|
|
};
|
|
};
|
|
};
|
|
mkStarr = host: port: {
|
|
"${host}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
extraConfig = ''
|
|
include ${authelia-snippets.authelia-location};
|
|
'';
|
|
|
|
locations."/api" = {
|
|
proxyPass = "http://${sin-address}:${port}";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_ssl_server_name on;
|
|
'';
|
|
};
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:${port}";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
include ${authelia-snippets.proxy};
|
|
include ${authelia-snippets.authelia-authrequest};
|
|
|
|
proxy_ssl_server_name on;
|
|
proxy_read_timeout 4800s;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
withAuthelia =
|
|
vhost: location:
|
|
(builtins.mapAttrs (
|
|
name: value:
|
|
(lib.recursiveUpdate value {
|
|
extraConfig = (if value ? extraConfig then value.extraConfig else "") + ''
|
|
include ${authelia-snippets.authelia-location};
|
|
'';
|
|
locations."${location}".extraConfig =
|
|
(
|
|
if value.locations."${location}" ? extraConfig then
|
|
value.locations."${location}".extraConfig
|
|
else
|
|
""
|
|
)
|
|
+ ''
|
|
include ${authelia-snippets.proxy};
|
|
include ${authelia-snippets.authelia-authrequest};
|
|
'';
|
|
})
|
|
) vhost);
|
|
withWebsockets =
|
|
vhost: location:
|
|
(builtins.mapAttrs (
|
|
name: value:
|
|
(lib.recursiveUpdate value {
|
|
locations."${location}".proxyWebsockets = true;
|
|
})
|
|
) vhost);
|
|
in
|
|
(
|
|
(withWebsockets (mkVHost "jellyfin.shobu.fr" "8096") "/")
|
|
// mkStarr "radarr.shobu.fr" "7878"
|
|
// mkStarr "sonarr.shobu.fr" "8989"
|
|
// mkStarr "prowlarr.shobu.fr" "9696"
|
|
// mkStarr "bazarr.shobu.fr" "6767"
|
|
// mkStarr "lidarr.shobu.fr" "8686"
|
|
// mkStarr "whisparr.shobu.fr" "6969"
|
|
// mkVHost "jellyseerr.shobu.fr" "5055"
|
|
// mkVHost "transmission.shobu.fr" "9091"
|
|
// mkVHost "zimablade-admin.shobu.fr" "61208"
|
|
// (withWebsockets (withAuthelia (mkVHost "trilium.shobu.fr" "12783") "/") "/")
|
|
// {
|
|
"shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
|
|
};
|
|
"data.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
root = "/mnt/shares/data";
|
|
};
|
|
"bddtrans.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:8001";
|
|
extraConfig = ''
|
|
proxy_ssl_server_name on;
|
|
'';
|
|
};
|
|
};
|
|
"bddtrans-api.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:8000";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_ssl_server_name on;
|
|
'';
|
|
};
|
|
};
|
|
# "striped.shobu.fr" = {
|
|
# enableACME = true;
|
|
# forceSSL = true;
|
|
|
|
# root = "${striped-front.packages.x86_64-linux.default}/dist";
|
|
# };
|
|
"dashboard.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:8082";
|
|
};
|
|
};
|
|
"git.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:3000";
|
|
};
|
|
};
|
|
"files.shobu.fr" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
extraConfig = ''
|
|
# include ${authelia-snippets.authelia-location};
|
|
# error_log /var/log/nginx/debug_files.log debug;
|
|
'';
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${sin-address}:8086";
|
|
extraConfig = ''
|
|
# include ${authelia-snippets.proxy};
|
|
# include ${authelia-snippets.authelia-authrequest};
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
client_max_body_size 100M;
|
|
'';
|
|
};
|
|
};
|
|
# "matrix.shobu.fr" = {
|
|
# forceSSL = true;
|
|
# enableACME = true;
|
|
# locations."/".extraConfig = ''
|
|
# return 404;
|
|
# '';
|
|
# locations."/_matrix".proxyPass = "http://${sin-address}:8008";
|
|
# locations."/_synapse/client".proxyPass = "http://${sin-address}:8008";
|
|
# locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server";
|
|
# };
|
|
}
|
|
);
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "shobu_serhao@proton.me";
|
|
};
|
|
}
|