nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-05-31 13:48:40 +02:00
parent c4052ec34d 88e73a3ea8
commit 272ae1cd55
77 changed files with 1144 additions and 882 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
system-modules/nx2site/proxy.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, domain, ... }:
{ config, hyper, pkgs, ... }:
{
sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
@@ -8,13 +8,13 @@
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@${domain}";
email = "acme@${hyper.domain}";
webroot = "/var/nginx/webroot";
group = "nginx";
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" ];
"${hyper.domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" ];
};
};
};
@@ -76,7 +76,7 @@
enableACME = true;
};
in {
"${domain}" = vh // {
"${hyper.domain}" = vh // {
root = "/var/nginx/webroot";
default = true;
listen = dl;
@@ -95,11 +95,11 @@
"/.well-known/matrix/server" = { return = "502"; };
};
};
"matrix.${domain}" = {
"matrix.${hyper.domain}" = {
listen = dl;
locations = { "~.*" = { return = "502"; }; };
};
# "pw.${domain}" = vh // {
# "pw.${hyper.domain}" = vh // {
# listen = dl;
# locations = let d = "pw.docker:80"; in {
# "/" = { proxyPass = "http://${d}"; };
@@ -108,7 +108,7 @@
# "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
# };
# };
"pw.${domain}" = vh // {
"pw.${hyper.domain}" = vh // {
listen = dl;
locations = let
d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}";
@@ -119,49 +119,48 @@
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"sync.${domain}" = vh // {
"sync.${hyper.domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; };
};
# "git.${domain}" = vh // {
# "git.${hyper.domain}" = vh // {
# listen = dl;
# locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
# };
"git.${domain}" = vh // {
"git.${hyper.domain}" = vh // {
http2 = false;
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; };
};
"doc.${domain}" = vh // {
"doc.${hyper.domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; };
};
"dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
"dav.${hyper.domain}" = pkgs.lib.mkIf config.services.radicale.enable (vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
});
# "nc.${domain}" = vh // {
# "nc.${hyper.domain}" = vh // {
# # directly to nc
# };
"abs.${domain}" = vh // {
"abs.${hyper.domain}" = vh // {
listen = dl;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
};
};
"pnx.${domain}" = vh // {
"pnx.${hyper.domain}" = vh // {
listen = dl;
locations."/" = {
proxyPass = "http://127.0.0.1:8040";
proxyWebsockets = true;
};
};
"wip.${domain}" = vh // {
"wip.${hyper.domain}" = vh // {
listen = dl;
root = "/var/lib/hugo/nx2site/public";
};
"dev.${domain}" = vh // {
"dev.${hyper.domain}" = vh // {
listen = dl;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
@@ -169,17 +168,17 @@
};
};
# is done atomatically
# "cal.${domain}" = vh // {
# "cal.${hyper.domain}" = vh // {
# listen = dl;
# locations = { "/" = {
# proxyPass = "http://unix:///run/open-web-calendar/socket";
# proxyWebsockets = true;
# }; };
# };
"~^(.*).${domain}$" = {
"~^(.*).${hyper.domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; };
};
};
};