jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add reverse proxies with nginx for pedro

Browse Source
This commit is contained in:
Jacob Hinkle 2022-08-31 08:06:17 -04:00
parent a552dcd540
commit 9dc1167f9f
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
machines/pedro/configuration.nix
View File

@ -66,7 +66,10 @@
8384 22000 # syncthing
8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
53 8088 # pihole
3000 # gitea
#3000 # gitea
#8081 # vaultwarden
#8000 # paperless
80 443 # reverse proxy
];
allowedUDPPorts = [
22000 21027 # syncthing
@ -119,6 +122,14 @@
security.rtkit.enable = true; # recommended for pipewire
# enable acme for certbot
security.acme = {
acceptTerms = true;
defaults = {
email = "jacob.hinkle@gmail.com";
};
};
virtualisation.oci-containers.containers = let
serverIP = "192.168.88.21";
in {
@ -138,6 +149,8 @@
stateDir = "/serverdata/gitea";
};
nginx = import ./nginx.nix;
# Enable the OpenSSH daemon.
openssh.enable = true;
@ -164,6 +177,14 @@
unifiPackage = pkgs.unifiStable;
};
vaultwarden = {
enable = true;
config = {
domain = "http://pedro:8081";
signupsAllowed = true;
};
};
# Enable the X11 windowing system.
xserver = {
enable = true;

22
machines/pedro/nginx.nix Normal file
View File

@ -0,0 +1,22 @@
{
enable = true;
recommendedProxySettings = true;
virtualHosts = let
simpleProxy ip {
forceSSL = true;
enableACME = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://[::1]:${ip}";
proxyWebsockets = true;
};
}
in {
"home.jhink.org" = simpleProxy 8123;
"git.jhink.org" = simpleProxy 3000;
"paperless.jhink.org" = simpleProxy 8000;
"vault.jhink.org" = simpleProxy 8081;
};
}