pederbs/config
2
2
Fork 0
Code Issues Pull Requests Releases Activity

lkjdsalkjdsalkjdsalkj

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2025-03-20 20:48:59 +01:00
parent 17ee5aada8
commit 5e2e5d1ddb
9 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
profiles/http/default.nix
View File

@@ -17,6 +17,16 @@ in
(lib.sort (x: y: x<y))
];
};
options.pbsds.nginx.allowList.extraConfig = lib.mkOption {
visible = false; internal = true; readOnly = true;
default = ''
# home https://ipinfo.io/ips/193.71.0.0/16
allow 193.71.0.0/16;
# ntnu https://ipinfo.io/ips/129.241.0.0/16
allow 129.241.0.0/16;
deny all;
'';
};
config = {

4
profiles/http/services/cryptpad.nix
View File

@@ -12,7 +12,7 @@ in
services.cryptpad = {
#enable = true; # current node version used is marked insecure
# reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
configFile = toFile "cryptpad-config.js" ''
configFile = builtins.toFile "cryptpad-config.js" ''
module.exports = {
httpUnsafeOrigin: 'http://localhost:3457',
httpSafeOrigin: 'https://${mkDomain "cryptpad"}',
@@ -32,7 +32,7 @@ in
filePath: './datastore/',
archivePath: './data/archive', // recovery in the event of accidental deletion
pinPath: './data/pins', // content stored indefinetly
pinPath: './data/pins', // content stored indefinitely
taskPath: './data/tasks', // scheduled tasks
blockPath: './block', // users' authenticated blocks
blobPath: './blob', // uploaded encrypted blobs

1
profiles/http/services/invidious.nix
View File

@@ -42,6 +42,7 @@ in
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}";
proxyWebsockets = true;
inherit (config.pbsds.nginx.allowList) extraConfig;
};
};

1
profiles/http/services/plex.nix
View File

@@ -48,6 +48,7 @@ lib.mkIf (!config.virtualisation.isVmVariant)
locations."/" = {
proxyPass = "http://127.0.0.1:32400"; # TODO: make configurable
proxyWebsockets = true;
# TODO: inherit (config.pbsds.nginx.allowList) extraConfig;
};
# from https://wiki.nixos.org/wiki/Plex
extraConfig = ''

1
profiles/http/services/redlib.nix
View File

@@ -23,6 +23,7 @@ in
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.redlib.port}";
proxyWebsockets = true;
inherit (config.pbsds.nginx.allowList) extraConfig;
};
};
services.nginx.virtualHosts.${mkDomain "libreddit"} = lib.mkIf config.services.redlib.enable {

1
profiles/http/services/thelounge.nix
View File

@@ -30,6 +30,7 @@ in
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.thelounge.port}";
proxyWebsockets = true;
inherit (config.pbsds.nginx.allowList) extraConfig;
};
};
}

2
profiles/http/services/webdav-zotero.nix
View File

@@ -69,6 +69,8 @@ in
proxy_request_buffering off;
client_max_body_size 2G;
${config.pbsds.nginx.allowList.extraConfig}
'';
};
};