diff --git a/config/Syncthing.nix b/config/Syncthing.nix
index b4b2fce..51715d6 100644
--- a/config/Syncthing.nix
+++ b/config/Syncthing.nix
@@ -102,7 +102,7 @@ in
};
"dasha" = {
path = "${cfg.dataDir}/dasha";
- devices = allDashaDevices;
+ devices = ["home"] ++ allDashaDevices;
};
};
};
diff --git a/host/x86_64-linux/home/Const.nix b/host/x86_64-linux/home/Const.nix
index 3281c6a..b16e331 100644
--- a/host/x86_64-linux/home/Const.nix
+++ b/host/x86_64-linux/home/Const.nix
@@ -1,7 +1,19 @@
{ ... }: {
config.const.host = {
- domain = "voronind.com";
- sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
- sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
+ nginx = {
+ domain = "voronind.com";
+ sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
+ sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
+ allowLocal = ''
+ allow 10.0.0.0/8;
+ allow fd09:8d46:b26::/48;
+ deny all;
+ '';
+ extraConfig = ''
+ listen 443 ssl;
+ include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+ ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+ '';
+ };
};
}
diff --git a/host/x86_64-linux/home/nginx/Camera.nix b/host/x86_64-linux/home/nginx/Camera.nix
index eead1a0..16bda92 100644
--- a/host/x86_64-linux/home/nginx/Camera.nix
+++ b/host/x86_64-linux/home/nginx/Camera.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "camera.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- return 301 rtsp://10.0.0.12:554/live/main;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "camera.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ extraConfig = cfg.allowLocal;
+ return = "301 rtsp://10.0.0.12:554/live/main";
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Change.nix b/host/x86_64-linux/home/nginx/Change.nix
index f819e3e..714a155 100644
--- a/host/x86_64-linux/home/nginx/Change.nix
+++ b/host/x86_64-linux/home/nginx/Change.nix
@@ -1,21 +1,15 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "change.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- proxy_pass http://127.0.0.1:5001$request_uri;
-
- add_header Referrer-Policy 'origin';
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "change.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:5001$request_uri";
+ extraConfig = cfg.allowLocal + ''
+ add_header Referrer-Policy 'origin';
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Cups.nix b/host/x86_64-linux/home/nginx/Cups.nix
index aba95f0..a147622 100644
--- a/host/x86_64-linux/home/nginx/Cups.nix
+++ b/host/x86_64-linux/home/nginx/Cups.nix
@@ -1,23 +1,18 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "print.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- proxy_pass http://[::1]:631$request_uri;
-
- proxy_set_header Host "127.0.0.1";
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "print.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:631$request_uri";
+ recommendedProxySettings = false;
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header Host "127.0.0.1";
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Davis.nix b/host/x86_64-linux/home/nginx/Davis.nix
index a32a617..5dce35a 100644
--- a/host/x86_64-linux/home/nginx/Davis.nix
+++ b/host/x86_64-linux/home/nginx/Davis.nix
@@ -1,16 +1,10 @@
{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "dav.${config.const.host.domain}" = {
- inherit (config.const.host) sslCertificate sslCertificateKey;
- locations."/".extraConfig = ''
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- '';
- extraConfig = ''
- listen 443 ssl;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "dav.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/".extraConfig = cfg.allowLocal;
};
}
diff --git a/host/x86_64-linux/home/nginx/Deluge.nix b/host/x86_64-linux/home/nginx/Deluge.nix
index ad5c154..9df0784 100644
--- a/host/x86_64-linux/home/nginx/Deluge.nix
+++ b/host/x86_64-linux/home/nginx/Deluge.nix
@@ -1,18 +1,13 @@
{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "download.${config.const.host.domain}".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://127.0.0.1:8112$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "download.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:8112$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Forgejo.nix b/host/x86_64-linux/home/nginx/Forgejo.nix
index a291360..a0702c8 100644
--- a/host/x86_64-linux/home/nginx/Forgejo.nix
+++ b/host/x86_64-linux/home/nginx/Forgejo.nix
@@ -1,22 +1,16 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "git.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location ~ ^/(admin|api|user) {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:3000$request_uri;
- }
-
- location / {
- proxy_pass http://[::1]:3000$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "git.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations = {
+ "~ ^/(admin|api|user)" = {
+ extraConfig = cfg.allowLocal;
+ proxyPass = "http://[::1]:3000$request_uri";
+ };
+ "/".proxyPass = "http://[::1]:3000$request_uri";
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Hass.nix b/host/x86_64-linux/home/nginx/Hass.nix
index 37c1aa7..fcbc399 100644
--- a/host/x86_64-linux/home/nginx/Hass.nix
+++ b/host/x86_64-linux/home/nginx/Hass.nix
@@ -1,25 +1,19 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "iot.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Host $host;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-
- proxy_pass http://[::1]:8123$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "iot.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:8123$request_uri";
+ recommendedProxySettings = false;
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header Host $host;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Homer.nix b/host/x86_64-linux/home/nginx/Homer.nix
index cca75c6..4e2fa50 100644
--- a/host/x86_64-linux/home/nginx/Homer.nix
+++ b/host/x86_64-linux/home/nginx/Homer.nix
@@ -1,18 +1,17 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "home.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- try_files $uri $uri/index.html;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "home.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ tryFiles = "$uri $uri/index.html";
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header Host "127.0.0.1";
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Invidious.nix b/host/x86_64-linux/home/nginx/Invidious.nix
index 9cafe67..f1023bc 100644
--- a/host/x86_64-linux/home/nginx/Invidious.nix
+++ b/host/x86_64-linux/home/nginx/Invidious.nix
@@ -1,28 +1,21 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "yt.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- proxy_pass http://[::1]:3001$request_uri;
-
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header Host $host;
- proxy_http_version 1.1;
- proxy_set_header Connection "";
-
- proxy_hide_header Content-Security-Policy;
- proxy_hide_header X-Frame-Options;
- proxy_hide_header X-Content-Type-Options;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "yt.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:3001$request_uri";
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ proxy_hide_header Content-Security-Policy;
+ proxy_hide_header X-Frame-Options;
+ proxy_hide_header X-Content-Type-Options;
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Jellyfin.nix b/host/x86_64-linux/home/nginx/Jellyfin.nix
index d80b085..0b228cd 100644
--- a/host/x86_64-linux/home/nginx/Jellyfin.nix
+++ b/host/x86_64-linux/home/nginx/Jellyfin.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "watch.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:8096$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "watch.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:8096$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Kavita.nix b/host/x86_64-linux/home/nginx/Kavita.nix
index 15c5a00..be04630 100644
--- a/host/x86_64-linux/home/nginx/Kavita.nix
+++ b/host/x86_64-linux/home/nginx/Kavita.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "read.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:5000$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "read.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:5000$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Mailserver.nix b/host/x86_64-linux/home/nginx/Mailserver.nix
index 3d0ed92..b559e39 100644
--- a/host/x86_64-linux/home/nginx/Mailserver.nix
+++ b/host/x86_64-linux/home/nginx/Mailserver.nix
@@ -1,25 +1,13 @@
{ config, lib, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "mail.voronind.com" = {
+ "mail.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey;
enableACME = false;
forceSSL = false;
- locations."~* \\.php(/|$)".extraConfig = lib.mkForce ''
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- include ${config.services.nginx.package}/conf/fastcgi.conf;
- '';
- extraConfig = lib.mkForce ''
- listen 443 ssl;
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ extraConfig = lib.mkForce cfg.extraConfig;
+ locations."~* \\.php(/|$)".extraConfig = cfg.allowLocal;
};
}
diff --git a/host/x86_64-linux/home/nginx/OnlyOffice.nix b/host/x86_64-linux/home/nginx/OnlyOffice.nix
deleted file mode 100644
index ff52861..0000000
--- a/host/x86_64-linux/home/nginx/OnlyOffice.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ lib, ... }:
-{
- "office.voronind.com" = {
- locations."/".extraConfig = lib.mkForce ''
- add_header X-Forwarded-Proto https;
- proxy_pass http://[::1]:8000$request_uri;
- '';
-
- extraConfig = ''
- listen 443 ssl;
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
- };
-}
diff --git a/host/x86_64-linux/home/nginx/Paperless.nix b/host/x86_64-linux/home/nginx/Paperless.nix
index 477ceab..5f0d843 100644
--- a/host/x86_64-linux/home/nginx/Paperless.nix
+++ b/host/x86_64-linux/home/nginx/Paperless.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "paper.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:28981$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "paper.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:28981$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Printer.nix b/host/x86_64-linux/home/nginx/Printer.nix
index 5658398..4446c53 100644
--- a/host/x86_64-linux/home/nginx/Printer.nix
+++ b/host/x86_64-linux/home/nginx/Printer.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "printer.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[fd09:8d46:b26:0:9e1c:37ff:fe62:3fd5]:80$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "printer.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[fd09:8d46:b26:0:9e1c:37ff:fe62:3fd5]:80$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Privatebin.nix b/host/x86_64-linux/home/nginx/Privatebin.nix
index d64ba49..93a10b2 100644
--- a/host/x86_64-linux/home/nginx/Privatebin.nix
+++ b/host/x86_64-linux/home/nginx/Privatebin.nix
@@ -1,12 +1,10 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "paste.voronind.com" = {
- extraConfig = ''
- listen 443 ssl;
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "paste.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/".extraConfig = cfg.allowLocal;
};
}
diff --git a/host/x86_64-linux/home/nginx/Resume.nix b/host/x86_64-linux/home/nginx/Resume.nix
index ec605a4..585dc15 100644
--- a/host/x86_64-linux/home/nginx/Resume.nix
+++ b/host/x86_64-linux/home/nginx/Resume.nix
@@ -1,18 +1,15 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "resume.voronind.com".extraConfig = ''
- server_name resume.voronind.com;
- listen 443 ssl;
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
-
- if ($http_accept_language ~ ru) {
- return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindRu.pdf;
- }
-
- return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindEn.pdf;
- '';
+ "resume.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/".extraConfig = cfg.allowLocal + ''
+ if ($http_accept_language ~ ru) {
+ return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindRu.pdf;
+ }
+ return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindEn.pdf;
+ '';
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Router.nix b/host/x86_64-linux/home/nginx/Router.nix
index 76c2804..6dfbb25 100644
--- a/host/x86_64-linux/home/nginx/Router.nix
+++ b/host/x86_64-linux/home/nginx/Router.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "router.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[fd09:8d46:b26:0:9e9d:7eff:fe8e:3dc7]:80$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "router.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[fd09:8d46:b26:0:9e9d:7eff:fe8e:3dc7]:80$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/SearX.nix b/host/x86_64-linux/home/nginx/SearX.nix
index 0a6c325..4cb29a6 100644
--- a/host/x86_64-linux/home/nginx/SearX.nix
+++ b/host/x86_64-linux/home/nginx/SearX.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "search.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:34972$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "search.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:34972$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Share.nix b/host/x86_64-linux/home/nginx/Share.nix
index 6018948..a1d6624 100644
--- a/host/x86_64-linux/home/nginx/Share.nix
+++ b/host/x86_64-linux/home/nginx/Share.nix
@@ -1,25 +1,24 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+ root = "/storage/hot/share";
+in
{
- "share.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location ~* /$ {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- autoindex on;
- root /storage/hot/share;
- }
-
- location / {
- autoindex off;
- root /storage/hot/share;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "share.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations = {
+ "~* /$" = {
+ inherit root;
+ extraConfig = cfg.allowLocal + ''
+ autoindex on;
+ '';
+ };
+ "/" = {
+ inherit root;
+ extraConfig = ''
+ autoindex off;
+ '';
+ };
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Sync.nix b/host/x86_64-linux/home/nginx/Sync.nix
index fa5c54e..64e2f0d 100644
--- a/host/x86_64-linux/home/nginx/Sync.nix
+++ b/host/x86_64-linux/home/nginx/Sync.nix
@@ -1,22 +1,16 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "sync.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- proxy_set_header Host "localhost";
- proxy_set_header X-Forwarded-Host "localhost";
-
- proxy_pass http://[::1]:8384$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "sync.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:8384$request_uri";
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header Host "localhost";
+ proxy_set_header X-Forwarded-Host "localhost";
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Tandoor.nix b/host/x86_64-linux/home/nginx/Tandoor.nix
index 0b0f33e..8ebe542 100644
--- a/host/x86_64-linux/home/nginx/Tandoor.nix
+++ b/host/x86_64-linux/home/nginx/Tandoor.nix
@@ -1,23 +1,17 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "craft.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
-
- proxy_pass http://[::1]:33122$request_uri;
-
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Proto https;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "craft.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:33122$request_uri";
+ extraConfig = cfg.allowLocal + ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Proto https;
+ '';
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/UptimeKuma.nix b/host/x86_64-linux/home/nginx/UptimeKuma.nix
index 677838a..e813a24 100644
--- a/host/x86_64-linux/home/nginx/UptimeKuma.nix
+++ b/host/x86_64-linux/home/nginx/UptimeKuma.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "status.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:64901$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "status.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:64901$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}
diff --git a/host/x86_64-linux/home/nginx/Valutwarden.nix b/host/x86_64-linux/home/nginx/Valutwarden.nix
index 5feb246..0fbbad0 100644
--- a/host/x86_64-linux/home/nginx/Valutwarden.nix
+++ b/host/x86_64-linux/home/nginx/Valutwarden.nix
@@ -1,18 +1,13 @@
-{ ... }:
+{ config, ... }:
+let
+ cfg = config.const.host.nginx;
+in
{
- "pass.voronind.com".extraConfig = ''
- listen 443 ssl;
-
- location / {
- allow 10.0.0.0/8;
- allow fd09:8d46:b26::/48;
- deny all;
- proxy_pass http://[::1]:8001$request_uri;
- }
-
- ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
- include /etc/letsencrypt/conf/options-ssl-nginx.conf;
- ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
- '';
+ "pass.${cfg.domain}" = {
+ inherit (cfg) sslCertificate sslCertificateKey extraConfig;
+ locations."/" = {
+ proxyPass = "http://[::1]:8001$request_uri";
+ extraConfig = cfg.allowLocal;
+ };
+ };
}