diff --git a/machines/pedro/configuration.nix b/machines/pedro/configuration.nix index 7f7c546..b3f56e9 100644 --- a/machines/pedro/configuration.nix +++ b/machines/pedro/configuration.nix @@ -66,7 +66,10 @@ 8384 22000 # syncthing 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference 53 8088 # pihole - 3000 # gitea + #3000 # gitea + #8081 # vaultwarden + #8000 # paperless + 80 443 # reverse proxy ]; allowedUDPPorts = [ 22000 21027 # syncthing @@ -119,6 +122,14 @@ security.rtkit.enable = true; # recommended for pipewire + # enable acme for certbot + security.acme = { + acceptTerms = true; + defaults = { + email = "jacob.hinkle@gmail.com"; + }; + }; + virtualisation.oci-containers.containers = let serverIP = "192.168.88.21"; in { @@ -138,6 +149,8 @@ stateDir = "/serverdata/gitea"; }; + nginx = import ./nginx.nix; + # Enable the OpenSSH daemon. openssh.enable = true; @@ -164,6 +177,14 @@ unifiPackage = pkgs.unifiStable; }; + vaultwarden = { + enable = true; + config = { + domain = "http://pedro:8081"; + signupsAllowed = true; + }; + }; + # Enable the X11 windowing system. xserver = { enable = true; diff --git a/machines/pedro/nginx.nix b/machines/pedro/nginx.nix new file mode 100644 index 0000000..82f1eb3 --- /dev/null +++ b/machines/pedro/nginx.nix @@ -0,0 +1,22 @@ +{ + enable = true; + recommendedProxySettings = true; + virtualHosts = let + simpleProxy ip { + forceSSL = true; + enableACME = true; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://[::1]:${ip}"; + proxyWebsockets = true; + }; + } + in { + "home.jhink.org" = simpleProxy 8123; + "git.jhink.org" = simpleProxy 3000; + "paperless.jhink.org" = simpleProxy 8000; + "vault.jhink.org" = simpleProxy 8081; + }; +}