From f1e37c8c3d2706a20a0087708721baab2aaef5ae Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Sun, 23 Jun 2024 16:21:40 +0300 Subject: [PATCH] Status : Fix proxy access. --- container/Status.nix | 1 + container/default.nix | 13 +++++++------ container/proxy/host/Camera.nix | 1 + container/proxy/host/Change.nix | 1 + container/proxy/host/Cloud.nix | 1 + container/proxy/host/Download.nix | 1 + container/proxy/host/Git.nix | 1 + container/proxy/host/Hdd.nix | 1 + container/proxy/host/Home.nix | 1 + container/proxy/host/Iot.nix | 1 + container/proxy/host/Mail.nix | 1 + container/proxy/host/Office.nix | 1 + container/proxy/host/Paper.nix | 1 + container/proxy/host/Pass.nix | 1 + container/proxy/host/Print.nix | 1 + container/proxy/host/Printer.nix | 1 + container/proxy/host/Read.nix | 1 + container/proxy/host/Router.nix | 1 + container/proxy/host/Search.nix | 1 + container/proxy/host/Stock.nix | 1 + container/proxy/host/Watch.nix | 1 + container/proxy/host/Yt.nix | 1 + 22 files changed, 28 insertions(+), 6 deletions(-) diff --git a/container/Status.nix b/container/Status.nix index 0406e280..542726d8 100644 --- a/container/Status.nix +++ b/container/Status.nix @@ -19,6 +19,7 @@ in { container.config.dns.address ]; }; + services.uptime-kuma = { enable = true; settings = { diff --git a/container/default.nix b/container/default.nix index e6fc77b6..f4efc09a 100644 --- a/container/default.nix +++ b/container/default.nix @@ -8,14 +8,14 @@ , ... }: { inherit host; - mkContainer = config: cfg: lib.recursiveUpdate cfg { + mkContainer = config: cfg: lib.recursiveUpdate { autoStart = true; hostAddress = host; localAddress = config.address; privateNetwork = true; - }; + } cfg; - mkContainerConfig = config: cfg: lib.recursiveUpdate cfg { + mkContainerConfig = config: cfg: lib.recursiveUpdate { nixpkgs.pkgs = lib.mkForce pkgs; system.stateVersion = const.stateVersion; @@ -29,13 +29,13 @@ useHostResolvConf = lib.mkForce false; firewall.enable = false; }; - }; + } cfg; mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs; - mkServer = cfg: lib.recursiveUpdate cfg { + mkServer = cfg: lib.recursiveUpdate { forceSSL = false; - }; + } cfg; attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path: { @@ -69,6 +69,7 @@ }; ddns = { address = "10.1.0.31"; + port = 53; storage = "${storage}/ddns"; }; dns = { diff --git a/container/proxy/host/Camera.nix b/container/proxy/host/Camera.nix index 62f37874..fd0c58ce 100644 --- a/container/proxy/host/Camera.nix +++ b/container/proxy/host/Camera.nix @@ -7,6 +7,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; return 301 rtsp://${cfg.address}:${cfg.port}/live/main; diff --git a/container/proxy/host/Change.nix b/container/proxy/host/Change.nix index 27d3ac2f..224b238b 100644 --- a/container/proxy/host/Change.nix +++ b/container/proxy/host/Change.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; diff --git a/container/proxy/host/Cloud.nix b/container/proxy/host/Cloud.nix index e8cee455..8e062840 100644 --- a/container/proxy/host/Cloud.nix +++ b/container/proxy/host/Cloud.nix @@ -9,6 +9,7 @@ in { location ~ ^/(settings/admin|settings/users|settings/apps|login|api) { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Download.nix b/container/proxy/host/Download.nix index f7b75908..96926925 100644 --- a/container/proxy/host/Download.nix +++ b/container/proxy/host/Download.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Git.nix b/container/proxy/host/Git.nix index d02fe1f0..0a87e25a 100644 --- a/container/proxy/host/Git.nix +++ b/container/proxy/host/Git.nix @@ -30,6 +30,7 @@ in { location / { # allow ${container.localAccess}; + # allow ${container.config.status.address}; # allow ${container.config.vpn.address}; # deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Hdd.nix b/container/proxy/host/Hdd.nix index 30b84cac..8c4d8374 100644 --- a/container/proxy/host/Hdd.nix +++ b/container/proxy/host/Hdd.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Home.nix b/container/proxy/host/Home.nix index e8a46c2d..46576dee 100644 --- a/container/proxy/host/Home.nix +++ b/container/proxy/host/Home.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Iot.nix b/container/proxy/host/Iot.nix index 0072b4e8..4d9ca5f8 100644 --- a/container/proxy/host/Iot.nix +++ b/container/proxy/host/Iot.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; diff --git a/container/proxy/host/Mail.nix b/container/proxy/host/Mail.nix index b9e9e633..84e1d802 100644 --- a/container/proxy/host/Mail.nix +++ b/container/proxy/host/Mail.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Office.nix b/container/proxy/host/Office.nix index 290c70a6..0d152d37 100644 --- a/container/proxy/host/Office.nix +++ b/container/proxy/host/Office.nix @@ -9,6 +9,7 @@ in { location / { # allow ${container.localAccess}; + # allow ${container.config.status.address}; # allow ${container.config.vpn.address}; # deny all; add_header X-Forwarded-Proto https; diff --git a/container/proxy/host/Paper.nix b/container/proxy/host/Paper.nix index e245592f..874b90d9 100644 --- a/container/proxy/host/Paper.nix +++ b/container/proxy/host/Paper.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Pass.nix b/container/proxy/host/Pass.nix index 11df583d..d71c4038 100644 --- a/container/proxy/host/Pass.nix +++ b/container/proxy/host/Pass.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Print.nix b/container/proxy/host/Print.nix index b502edbb..b112b353 100644 --- a/container/proxy/host/Print.nix +++ b/container/proxy/host/Print.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; diff --git a/container/proxy/host/Printer.nix b/container/proxy/host/Printer.nix index 819d17f9..3d09bf01 100644 --- a/container/proxy/host/Printer.nix +++ b/container/proxy/host/Printer.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Read.nix b/container/proxy/host/Read.nix index d22f694d..52e46ba4 100644 --- a/container/proxy/host/Read.nix +++ b/container/proxy/host/Read.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Router.nix b/container/proxy/host/Router.nix index b093c725..20948888 100644 --- a/container/proxy/host/Router.nix +++ b/container/proxy/host/Router.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Search.nix b/container/proxy/host/Search.nix index b16debfa..78f2f4f0 100644 --- a/container/proxy/host/Search.nix +++ b/container/proxy/host/Search.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Stock.nix b/container/proxy/host/Stock.nix index 3d7149cb..fc761f53 100644 --- a/container/proxy/host/Stock.nix +++ b/container/proxy/host/Stock.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Watch.nix b/container/proxy/host/Watch.nix index 4118fb98..b99e6444 100644 --- a/container/proxy/host/Watch.nix +++ b/container/proxy/host/Watch.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all; proxy_pass http://''$${name}$request_uri; diff --git a/container/proxy/host/Yt.nix b/container/proxy/host/Yt.nix index ec17dc61..29543850 100644 --- a/container/proxy/host/Yt.nix +++ b/container/proxy/host/Yt.nix @@ -9,6 +9,7 @@ in { location / { allow ${container.localAccess}; + allow ${container.config.status.address}; allow ${container.config.vpn.address}; deny all;