fuuko: Configure to work on-demand
This is so I can only enable it when I don’t mind it generating tons of noise.nazuna
parent
aa279c8bea
commit
c0b743a65b
GPG Key ID:
8D3C82F9F309F8EC
|
|
@ -36,11 +36,6 @@
|
|||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."fuuko.home.sbruder.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
|
||||
|
|
|
|||
|
|
@ -76,4 +76,8 @@
|
|||
useDHCP = false;
|
||||
interfaces.enp8s0.useDHCP = true;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandlePowerKey=suspend
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,9 +4,6 @@
|
|||
sops.secrets.media-htpasswd.owner = "nginx";
|
||||
|
||||
services.nginx.virtualHosts."media.sbruder.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
||||
|
||||
root = "/data/media/";
|
||||
|
|
|
|||
|
|
@ -4,4 +4,9 @@
|
|||
downloadDir = "/data/torrent";
|
||||
fqdn = "torrent.sbruder.de";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."torrent.sbruder.de" = {
|
||||
enableACME = false;
|
||||
forceSSL = false;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ in
|
|||
rules = map mkAlert [
|
||||
{
|
||||
name = "InstanceDown";
|
||||
expr = ''up{instance!~"(nunotaba|sayuri|mayushii).vpn.sbruder.de:.*"} == 0'';
|
||||
expr = ''up{instance!~"(nunotaba|sayuri|mayushii|fuuko).vpn.sbruder.de:.*"} == 0'';
|
||||
description = "Instance {{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minutes.";
|
||||
}
|
||||
{
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
./hardware-configuration.nix
|
||||
../../modules
|
||||
|
||||
./services/fuuko-proxy.nix
|
||||
./services/media.nix
|
||||
./services/restic.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
{ lib, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = builtins.listToAttrs (map
|
||||
(fqdn: lib.nameValuePair fqdn {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://fuuko.vpn.sbruder.de/;
|
||||
proxy_set_header Host ${fqdn};
|
||||
'';
|
||||
})
|
||||
[
|
||||
"media.sbruder.de"
|
||||
"torrent.sbruder.de"
|
||||
]);
|
||||
}
|
||||
|
|
@ -3,7 +3,6 @@
|
|||
{
|
||||
sops.secrets = {
|
||||
media-htpasswd.owner = "nginx";
|
||||
media-proxy-auth.owner = "nginx";
|
||||
media-sb-proxy-auth = {
|
||||
owner = "nginx";
|
||||
sopsFile = ../secrets.yaml;
|
||||
|
|
@ -17,27 +16,12 @@
|
|||
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
||||
|
||||
locations = {
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
rewrite ^(.*/)$ /__regular$1 last;
|
||||
rewrite ^(.*\\.[^/]*)$ /__storagebox$1 last;
|
||||
'';
|
||||
};
|
||||
"/__nginx-interactive-index-assets__/".alias = "${builtins.filterSource
|
||||
(path: type: baseNameOf path != "default.nix")
|
||||
../../../modules/nginx-interactive-index}/";
|
||||
|
||||
"/__regular/" = {
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
internal;
|
||||
proxy_pass https://media.sbruder.de/;
|
||||
include ${config.sops.secrets.media-proxy-auth.path};
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
"/__storagebox/" = {
|
||||
extraConfig = ''
|
||||
internal;
|
||||
proxy_pass https://u313368-sub3.your-storagebox.de/;
|
||||
proxy_set_header Host u313368-sub3.your-storagebox.de;
|
||||
include ${config.sops.secrets.media-sb-proxy-auth.path};
|
||||
|
|
|
|||
|
|
@ -156,8 +156,8 @@ in
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."${cfg.fqdn}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
enableACME = lib.mkDefault true;
|
||||
forceSSL = lib.mkDefault true;
|
||||
|
||||
# treated as state
|
||||
basicAuthFile = "${cfg.homeDir}/htpasswd";
|
||||
|
|
|
|||
Loading…
Reference in New Issue