fuuko: Configure to work on-demand
This is so I can only enable it when I don’t mind it generating tons of noise.
This commit is contained in:
parent
aa279c8bea
commit
c0b743a65b
GPG key ID:
8D3C82F9F309F8EC
|
|
@ -36,11 +36,6 @@
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts."fuuko.home.sbruder.de" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
|
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
|
||||||
|
|
|
||||||
|
|
@ -76,4 +76,8 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.enp8s0.useDHCP = true;
|
interfaces.enp8s0.useDHCP = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.logind.extraConfig = ''
|
||||||
|
HandlePowerKey=suspend
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,6 @@
|
||||||
sops.secrets.media-htpasswd.owner = "nginx";
|
sops.secrets.media-htpasswd.owner = "nginx";
|
||||||
|
|
||||||
services.nginx.virtualHosts."media.sbruder.de" = {
|
services.nginx.virtualHosts."media.sbruder.de" = {
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
|
|
||||||
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
||||||
|
|
||||||
root = "/data/media/";
|
root = "/data/media/";
|
||||||
|
|
|
||||||
|
|
@ -4,4 +4,9 @@
|
||||||
downloadDir = "/data/torrent";
|
downloadDir = "/data/torrent";
|
||||||
fqdn = "torrent.sbruder.de";
|
fqdn = "torrent.sbruder.de";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."torrent.sbruder.de" = {
|
||||||
|
enableACME = false;
|
||||||
|
forceSSL = false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,7 @@ in
|
||||||
rules = map mkAlert [
|
rules = map mkAlert [
|
||||||
{
|
{
|
||||||
name = "InstanceDown";
|
name = "InstanceDown";
|
||||||
expr = ''up{instance!~"(nunotaba|sayuri|mayushii).vpn.sbruder.de:.*"} == 0'';
|
expr = ''up{instance!~"(nunotaba|sayuri|mayushii|fuuko).vpn.sbruder.de:.*"} == 0'';
|
||||||
description = "Instance {{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minutes.";
|
description = "Instance {{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minutes.";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../modules
|
../../modules
|
||||||
|
|
||||||
|
./services/fuuko-proxy.nix
|
||||||
./services/media.nix
|
./services/media.nix
|
||||||
./services/restic.nix
|
./services/restic.nix
|
||||||
];
|
];
|
||||||
|
|
|
||||||
18
machines/vueko/services/fuuko-proxy.nix
Normal file
18
machines/vueko/services/fuuko-proxy.nix
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts = builtins.listToAttrs (map
|
||||||
|
(fqdn: lib.nameValuePair fqdn {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://fuuko.vpn.sbruder.de/;
|
||||||
|
proxy_set_header Host ${fqdn};
|
||||||
|
'';
|
||||||
|
})
|
||||||
|
[
|
||||||
|
"media.sbruder.de"
|
||||||
|
"torrent.sbruder.de"
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
{
|
{
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
media-htpasswd.owner = "nginx";
|
media-htpasswd.owner = "nginx";
|
||||||
media-proxy-auth.owner = "nginx";
|
|
||||||
media-sb-proxy-auth = {
|
media-sb-proxy-auth = {
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
sopsFile = ../secrets.yaml;
|
sopsFile = ../secrets.yaml;
|
||||||
|
|
@ -17,27 +16,12 @@
|
||||||
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
||||||
|
|
||||||
locations = {
|
locations = {
|
||||||
"/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
rewrite ^(.*/)$ /__regular$1 last;
|
|
||||||
rewrite ^(.*\\.[^/]*)$ /__storagebox$1 last;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"/__nginx-interactive-index-assets__/".alias = "${builtins.filterSource
|
"/__nginx-interactive-index-assets__/".alias = "${builtins.filterSource
|
||||||
(path: type: baseNameOf path != "default.nix")
|
(path: type: baseNameOf path != "default.nix")
|
||||||
../../../modules/nginx-interactive-index}/";
|
../../../modules/nginx-interactive-index}/";
|
||||||
|
|
||||||
"/__regular/" = {
|
"/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
internal;
|
|
||||||
proxy_pass https://media.sbruder.de/;
|
|
||||||
include ${config.sops.secrets.media-proxy-auth.path};
|
|
||||||
proxy_buffering off;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"/__storagebox/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
internal;
|
|
||||||
proxy_pass https://u313368-sub3.your-storagebox.de/;
|
proxy_pass https://u313368-sub3.your-storagebox.de/;
|
||||||
proxy_set_header Host u313368-sub3.your-storagebox.de;
|
proxy_set_header Host u313368-sub3.your-storagebox.de;
|
||||||
include ${config.sops.secrets.media-sb-proxy-auth.path};
|
include ${config.sops.secrets.media-sb-proxy-auth.path};
|
||||||
|
|
|
||||||
|
|
@ -156,8 +156,8 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${cfg.fqdn}" = {
|
services.nginx.virtualHosts."${cfg.fqdn}" = {
|
||||||
enableACME = true;
|
enableACME = lib.mkDefault true;
|
||||||
forceSSL = true;
|
forceSSL = lib.mkDefault true;
|
||||||
|
|
||||||
# treated as state
|
# treated as state
|
||||||
basicAuthFile = "${cfg.homeDir}/htpasswd";
|
basicAuthFile = "${cfg.homeDir}/htpasswd";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue