diff --git a/hosts/tsuki/services/nginx/default.nix b/hosts/tsuki/services/nginx/default.nix
index 555d3a2..98abcba 100644
--- a/hosts/tsuki/services/nginx/default.nix
+++ b/hosts/tsuki/services/nginx/default.nix
@@ -1,10 +1,4 @@
-{ pkgs, config, secrets, inputs, ... }:
- let
- # TODO: fix lib
- lib = pkgs.lib;
-
- inherit (secrets) ips ports;
- in
+{ pkgs, lib, config, secrets, inputs, ... }:
{
sops.secrets."cloudflare/api-key" = {};
@@ -40,6 +34,25 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
+ upstreams = let inherit (secrets) ips ports; in {
+ "atuin".servers."localhost:${s config.services.atuin.port}" = { };
+ "dynmap".servers."localhost:${s ports.minecraft.dynmap}" = { };
+ "gitea".servers."unix:/run/gitea/gitea.sock" = { };
+ "grafana".servers."unix:/run/grafana/grafana.sock" = { };
+ "headscale".servers."localhost:${s config.services.headscale.port}" = { };
+ "hedgedoc".servers."unix:${config.services.hedgedoc.settings.path}" = { };
+ "hydra".servers."localhost:${s config.services.hydra.port}" = { };
+ "idrac".servers."${ips.idrac}" = { };
+ "invidious".servers."localhost:${s config.services.invidious.port}" = { };
+ "jupyter".servers."localhost:${s ports.jupyterhub}" = { };
+ "kanidm".servers."localhost:8300" = { };
+ "osuchan".servers."localhost:${s ports.osuchan}" = { };
+ "pgadmin".servers."unix:${config.services.uwsgi.instance.vassals.pgadmin.socket}" = { };
+ "plex".servers."localhost:${s ports.plex}" = { };
+ "proxmox".servers."${ips.px1}:${s ports.proxmox}" = { };
+ "vaultwarden".servers."localhost:${s config.services.vaultwarden.config.ROCKET_PORT}" = { };
+ };
+
virtualHosts = let
inherit (lib.attrsets) nameValuePair listToAttrs recursiveUpdate;
inherit (lib.lists) head drop;
@@ -69,6 +82,7 @@
subdomains: url: extraSettings:
host subdomains (recursiveUpdate { locations."/".proxyPass = url; } extraSettings);
+ enableWebsockets = { locations."/".proxyWebsockets = true; };
in (listToAttrs ([
{
name = "nani.wtf";
@@ -95,62 +109,18 @@
'';
};
}
- (proxy ["plex"] "http://localhost:${s ports.plex}" {})
# (host ["www"] { root = "${inputs.website.packages.${pkgs.system}.default}/"; })
(host ["www"] {
locations."/" = {
tryFiles = "$uri /index.html";
- root = pkgs.writeTextDir "index.html" ''
-
-
-
-
-
- Nani.wtf
-
-
-
-
- Nani.wtf
- Down for maintenance
- Will be back soon!
-
- git.nani.wtf
-
-
-
- '';
+ root = pkgs.writeTextDir "index.html" (lib.fileContents ./temp-website.html);
};
})
- (host ["matrix"] {
- enableACME = lib.mkForce false;
- locations."/_synapse".proxyPass = "http://$synapse_backend";
- })
- (host ["madmin"] { root = "${pkgs.synapse-admin}/"; })
- # (host ["cache"] { root = "/var/lib/nix-cache"; })
- (proxy ["git"] "http://localhost:${s ports.gitea}" {})
- (proxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {
- locations."/".proxyWebsockets = true;
- })
- (proxy ["idrac"] "https://${ips.idrac}" {})
- (proxy ["log"] "http://localhost:${s ports.grafana}" {
- locations."/".proxyWebsockets = true;
- })
(host ["pg"] {
locations."/" = {
extraConfig = ''
include ${pkgs.nginx}/conf/uwsgi_params;
- uwsgi_pass unix:${config.services.uwsgi.instance.vassals.pgadmin.socket};
+ uwsgi_pass pgadmin;
'';
};
})
@@ -159,24 +129,32 @@
# proxy_set_header X-CSRF-Token $http_x_pga_csrftoken;
# '';
# })
- (proxy ["py"] "http://localhost:${s ports.jupyterhub}" {
- locations."/".proxyWebsockets = true;
- })
- (proxy ["bw"] "http://localhost:${s config.services.vaultwarden.config.ROCKET_PORT}" {})
- (proxy ["docs"] "http://localhost:${s config.services.hedgedoc.settings.port}" {})
- (proxy ["map"] "http://localhost:${s ports.minecraft.dynmap}" {})
- (proxy ["yt"] "http://localhost:${s config.services.invidious.port}" {})
- (proxy ["osu"] "http://localhost:${s ports.osuchan}" {})
- (proxy ["auth"] "https://localhost:8300" {
- extraConfig = ''
- proxy_ssl_verify off;
- '';
- })
- (proxy ["hydra"] "http://localhost:${s config.services.hydra.port}" {})
- (proxy ["atuin"] "http://localhost:${s config.services.atuin.port}" {})
- (proxy ["vpn"] "http://localhost:${s config.services.headscale.port}" {
- locations."/".proxyWebsockets = true;
+ # (proxy ["matrix"] "http://localhost:${s ports.matrix.listener}" {})
+ (host ["matrix"] {
+ enableACME = lib.mkForce false;
+ locations."/_synapse".proxyPass = "http://$synapse_backend";
})
+ (host ["madmin"] { root = "${pkgs.synapse-admin}/"; })
+ # This one gets properly configured by the nextcloud module itself.
+ # It just needs the cloudflare and SSL settings.
+ (host ["cloud"] {})
+ # (host ["cache"] { root = "/var/lib/nix-cache"; })
+ # (proxy ["slack-bot"] "http://localhost:9898" {})
+ (proxy ["atuin"] "http://atuin" {})
+ (proxy ["auth"] "https://kanidm" { extraConfig = "proxy_ssl_verify off;"; })
+ (proxy ["bw"] "http://vaultwarden" {})
+ (proxy ["docs"] "http://hedgedoc" {})
+ (proxy ["git"] "http://gitea" {})
+ (proxy ["hydra"] "http://hydra" {})
+ (proxy ["idrac"] "https://idrac" {})
+ (proxy ["log"] "http://grafana" enableWebsockets)
+ (proxy ["map"] "http://dynmap" {})
+ (proxy ["osu"] "http://osuchan" {})
+ (proxy ["plex"] "http://plex" {})
+ (proxy ["px1"] "https://proxmox" enableWebsockets)
+ (proxy ["py"] "http://jupyter" enableWebsockets)
+ (proxy ["vpn"] "http://headscale" enableWebsockets)
+ (proxy ["yt"] "http://invidious" {})
] ++ (let
stickerpickers = pkgs.callPackage ../matrix/maunium-stickerpicker.nix {
inherit (inputs) maunium-stickerpicker secrets;
@@ -185,8 +163,20 @@
(host ["stickers-pingu"] { root = "${stickerpickers.stickers-pingu}/"; })
(host ["stickers-h7x4"] { root = "${stickerpickers.stickers-h7x4}/"; })
])));
+
+ streamConfig = ''
+ server {
+ listen 0.0.0.0:53589;
+ listen [::0]:53589;
+ proxy_pass localhost:${s config.services.taskserver.listenPort};
+ }
+ '';
};
+ # NOTE: This is needed for nginx to be able
+ # to connect to sockets in /run
+ systemd.services.nginx.serviceConfig.ProtectHome = false;
+
networking.firewall.allowedTCPPorts = [
80
443
diff --git a/hosts/tsuki/services/nginx/temp-website.html b/hosts/tsuki/services/nginx/temp-website.html
new file mode 100644
index 0000000..1360dca
--- /dev/null
+++ b/hosts/tsuki/services/nginx/temp-website.html
@@ -0,0 +1,28 @@
+
+
+
+
+
+ Nani.wtf
+
+
+
+
+ Nani.wtf
+ Down for maintenance
+ Will be back soon!
+
+ git.nani.wtf
+
+
+