voronind/nix
0
0
Fork 0
Code Issues8 Pull requests Packages Projects Releases Wiki Activity

Home: Rewrite nginx to use nixos options.

Browse source
This commit is contained in:
Dmitry Voronin 2025-01-09 15:38:56 +03:00
parent 0413a97ad9
commit 12c84cfe51
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
26 changed files with 303 additions and 426 deletions

2
config/Syncthing.nix
View file

@ -102,7 +102,7 @@ in
}; };
"dasha" = { "dasha" = {
path = "${cfg.dataDir}/dasha"; path = "${cfg.dataDir}/dasha";
devices = allDashaDevices; devices = ["home"] ++ allDashaDevices;
}; };
}; };
}; };

18
host/x86_64-linux/home/Const.nix
View file

@ -1,7 +1,19 @@
{ ... }: { { ... }: {
config.const.host = { config.const.host = {
domain = "voronind.com"; nginx = {
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem"; domain = "voronind.com";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem"; sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
allowLocal = ''
allow 10.0.0.0/8;
allow fd09:8d46:b26::/48;
deny all;
'';
extraConfig = ''
listen 443 ssl;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}; };
} }

27
host/x86_64-linux/home/nginx/Camera.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"camera.voronind.com".extraConfig = '' "camera.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { extraConfig = cfg.allowLocal;
allow 10.0.0.0/8; return = "301 rtsp://10.0.0.12:554/live/main";
allow fd09:8d46:b26::/48; };
deny all; };
return 301 rtsp://10.0.0.12:554/live/main;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

32
host/x86_64-linux/home/nginx/Change.nix
View file

@ -1,21 +1,15 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"change.voronind.com".extraConfig = '' "change.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://127.0.0.1:5001$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal + ''
allow fd09:8d46:b26::/48; add_header Referrer-Policy 'origin';
deny all; '';
};
proxy_pass http://127.0.0.1:5001$request_uri; };
add_header Referrer-Policy 'origin';
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

37
host/x86_64-linux/home/nginx/Cups.nix
View file

@ -1,23 +1,18 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"print.voronind.com".extraConfig = '' "print.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:631$request_uri";
allow 10.0.0.0/8; recommendedProxySettings = false;
allow fd09:8d46:b26::/48; extraConfig = cfg.allowLocal + ''
deny all; proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://[::1]:631$request_uri; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
'';
proxy_set_header Host "127.0.0.1"; };
proxy_set_header X-Real-IP $remote_addr; };
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

18
host/x86_64-linux/home/nginx/Davis.nix
View file

@ -1,16 +1,10 @@
{ config, ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"dav.${config.const.host.domain}" = { "dav.${cfg.domain}" = {
inherit (config.const.host) sslCertificate sslCertificateKey; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/".extraConfig = '' locations."/".extraConfig = cfg.allowLocal;
allow 10.0.0.0/8;
allow fd09:8d46:b26::/48;
deny all;
'';
extraConfig = ''
listen 443 ssl;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
}; };
} }

25
host/x86_64-linux/home/nginx/Deluge.nix
View file

@ -1,18 +1,13 @@
{ config, ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"download.${config.const.host.domain}".extraConfig = '' "download.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://127.0.0.1:8112$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://127.0.0.1:8112$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

34
host/x86_64-linux/home/nginx/Forgejo.nix
View file

@ -1,22 +1,16 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"git.voronind.com".extraConfig = '' "git.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations = {
location ~ ^/(admin|api|user) { "~ ^/(admin|api|user)" = {
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; proxyPass = "http://[::1]:3000$request_uri";
deny all; };
proxy_pass http://[::1]:3000$request_uri; "/".proxyPass = "http://[::1]:3000$request_uri";
} };
};
location / {
proxy_pass http://[::1]:3000$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

40
host/x86_64-linux/home/nginx/Hass.nix
View file

@ -1,25 +1,19 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"iot.voronind.com".extraConfig = '' "iot.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:8123$request_uri";
allow 10.0.0.0/8; recommendedProxySettings = false;
allow fd09:8d46:b26::/48; extraConfig = cfg.allowLocal + ''
deny all; proxy_set_header Host $host;
proxy_http_version 1.1;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host; proxy_set_header Connection "upgrade";
proxy_http_version 1.1; '';
proxy_set_header Upgrade $http_upgrade; };
proxy_set_header Connection "upgrade"; };
proxy_pass http://[::1]:8123$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

31
host/x86_64-linux/home/nginx/Homer.nix
View file

@ -1,18 +1,17 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"home.voronind.com".extraConfig = '' "home.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { tryFiles = "$uri $uri/index.html";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal + ''
allow fd09:8d46:b26::/48; proxy_set_header Host "127.0.0.1";
deny all; proxy_set_header X-Real-IP $remote_addr;
try_files $uri $uri/index.html; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
} '';
};
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem; };
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

45
host/x86_64-linux/home/nginx/Invidious.nix
View file

@ -1,28 +1,21 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"yt.voronind.com".extraConfig = '' "yt.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:3001$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal + ''
allow fd09:8d46:b26::/48; proxy_set_header X-Forwarded-For $remote_addr;
deny all; proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://[::1]:3001$request_uri; proxy_set_header Connection "";
proxy_hide_header Content-Security-Policy;
proxy_set_header X-Forwarded-For $remote_addr; proxy_hide_header X-Frame-Options;
proxy_set_header Host $host; proxy_hide_header X-Content-Type-Options;
proxy_http_version 1.1; '';
proxy_set_header Connection ""; };
};
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
proxy_hide_header X-Content-Type-Options;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/Jellyfin.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"watch.voronind.com".extraConfig = '' "watch.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:8096$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:8096$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/Kavita.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"read.voronind.com".extraConfig = '' "read.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:5000$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:5000$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

26
host/x86_64-linux/home/nginx/Mailserver.nix
View file

@ -1,25 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"mail.voronind.com" = { "mail.${cfg.domain}" = {
inherit (cfg) sslCertificate sslCertificateKey;
enableACME = false; enableACME = false;
forceSSL = false; forceSSL = false;
locations."~* \\.php(/|$)".extraConfig = lib.mkForce '' extraConfig = lib.mkForce cfg.extraConfig;
allow 10.0.0.0/8; locations."~* \\.php(/|$)".extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48;
deny all;
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
extraConfig = lib.mkForce ''
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
}; };
} }

18
host/x86_64-linux/home/nginx/OnlyOffice.nix
View file

@ -1,18 +0,0 @@
{ lib, ... }:
{
"office.voronind.com" = {
locations."/".extraConfig = lib.mkForce ''
add_header X-Forwarded-Proto https;
proxy_pass http://[::1]:8000$request_uri;
'';
extraConfig = ''
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
};
}

27
host/x86_64-linux/home/nginx/Paperless.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"paper.voronind.com".extraConfig = '' "paper.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:28981$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:28981$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/Printer.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"printer.voronind.com".extraConfig = '' "printer.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[fd09:8d46:b26:0:9e1c:37ff:fe62:3fd5]:80$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[fd09:8d46:b26:0:9e1c:37ff:fe62:3fd5]:80$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

16
host/x86_64-linux/home/nginx/Privatebin.nix
View file

@ -1,12 +1,10 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"paste.voronind.com" = { "paste.${cfg.domain}" = {
extraConfig = '' inherit (cfg) sslCertificate sslCertificateKey extraConfig;
listen 443 ssl; locations."/".extraConfig = cfg.allowLocal;
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
}; };
} }

29
host/x86_64-linux/home/nginx/Resume.nix
View file

@ -1,18 +1,15 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"resume.voronind.com".extraConfig = '' "resume.${cfg.domain}" = {
server_name resume.voronind.com; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
listen 443 ssl; locations."/".extraConfig = cfg.allowLocal + ''
if ($http_accept_language ~ ru) {
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem; return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindRu.pdf;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem; }
include /etc/letsencrypt/conf/options-ssl-nginx.conf; return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindEn.pdf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; '';
};
if ($http_accept_language ~ ru) {
return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindRu.pdf;
}
return 301 https://git.voronind.com/voronind/resume/releases/download/latest/VoronindEn.pdf;
'';
} }

27
host/x86_64-linux/home/nginx/Router.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"router.voronind.com".extraConfig = '' "router.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[fd09:8d46:b26:0:9e9d:7eff:fe8e:3dc7]:80$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[fd09:8d46:b26:0:9e9d:7eff:fe8e:3dc7]:80$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/SearX.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"search.voronind.com".extraConfig = '' "search.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:34972$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:34972$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

45
host/x86_64-linux/home/nginx/Share.nix
View file

@ -1,25 +1,24 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
root = "/storage/hot/share";
in
{ {
"share.voronind.com".extraConfig = '' "share.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations = {
location ~* /$ { "~* /$" = {
allow 10.0.0.0/8; inherit root;
allow fd09:8d46:b26::/48; extraConfig = cfg.allowLocal + ''
deny all; autoindex on;
'';
autoindex on; };
root /storage/hot/share; "/" = {
} inherit root;
extraConfig = ''
location / { autoindex off;
autoindex off; '';
root /storage/hot/share; };
} };
};
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

34
host/x86_64-linux/home/nginx/Sync.nix
View file

@ -1,22 +1,16 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"sync.voronind.com".extraConfig = '' "sync.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:8384$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal + ''
allow fd09:8d46:b26::/48; proxy_set_header Host "localhost";
deny all; proxy_set_header X-Forwarded-Host "localhost";
'';
proxy_set_header Host "localhost"; };
proxy_set_header X-Forwarded-Host "localhost"; };
proxy_pass http://[::1]:8384$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

36
host/x86_64-linux/home/nginx/Tandoor.nix
View file

@ -1,23 +1,17 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"craft.voronind.com".extraConfig = '' "craft.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:33122$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal + ''
allow fd09:8d46:b26::/48; proxy_set_header Host $host;
deny all; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://[::1]:33122$request_uri; '';
};
proxy_set_header Host $host; };
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/UptimeKuma.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"status.voronind.com".extraConfig = '' "status.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:64901$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:64901$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }

27
host/x86_64-linux/home/nginx/Valutwarden.nix
View file

@ -1,18 +1,13 @@
{ ... }: { config, ... }:
let
cfg = config.const.host.nginx;
in
{ {
"pass.voronind.com".extraConfig = '' "pass.${cfg.domain}" = {
listen 443 ssl; inherit (cfg) sslCertificate sslCertificateKey extraConfig;
locations."/" = {
location / { proxyPass = "http://[::1]:8001$request_uri";
allow 10.0.0.0/8; extraConfig = cfg.allowLocal;
allow fd09:8d46:b26::/48; };
deny all; };
proxy_pass http://[::1]:8001$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
} }