Compare commits
7 Commits
9036134313
...
6a5552b56e
| Author | SHA1 | Date | |
|---|---|---|---|
|
6a5552b56e | ||
|
|
c5cf59c32c | ||
|
|
b64b8ae792 | ||
|
|
735f1c2bae | ||
|
|
449813fb5f | ||
|
|
82ea0222f3 | ||
|
|
7a8bacb5df |
@ -37,6 +37,8 @@ in {
|
||||
../../cachix.nix
|
||||
./docker.nix
|
||||
./keycloak.nix
|
||||
./lezzo.nix
|
||||
./runas.nix
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Rome";
|
||||
|
||||
@ -19,7 +19,7 @@ in
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = auth_block { access_role = "jellyfin"; } +
|
||||
extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = [ network.giuliopc-wg ]; } +
|
||||
''
|
||||
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
|
||||
#add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
|
||||
|
||||
45
hosts/architect/lezzo.nix
Normal file
45
hosts/architect/lezzo.nix
Normal file
@ -0,0 +1,45 @@
|
||||
{ services, pkgs, lib, makeBinPath, ... }:
|
||||
let
|
||||
domain = "lezzo.org";
|
||||
lezzo_root = "/var/lib/lezzo.org";
|
||||
service_name = "lezzo-pull";
|
||||
network = import ./network.nix;
|
||||
mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
|
||||
set -euo pipefail
|
||||
cd ${lezzo_root}
|
||||
git pull origin master --rebase
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = lezzo_root;
|
||||
|
||||
locations."/.git" = { return = "404"; };
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.${service_name} = {
|
||||
path = [ pkgs.git ];
|
||||
enable = true;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = mkStartScript "${service_name}";
|
||||
};
|
||||
};
|
||||
timers.${service_name} = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Unit = "${service_name}.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
'';
|
||||
}
|
||||
@ -97,9 +97,9 @@ in
|
||||
return 200 '${builtins.toJSON client}';
|
||||
'';
|
||||
|
||||
locations."/".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
# locations."/".extraConfig = ''
|
||||
# return 404;
|
||||
# '';
|
||||
|
||||
# forward all Matrix API calls to the synapse Matrix homeserver
|
||||
locations."/_matrix" = {
|
||||
|
||||
@ -1,24 +1,6 @@
|
||||
{ services, pkgs, lib, ... }:
|
||||
let
|
||||
serviceSkeleton = { default ? false }: {
|
||||
inherit default;
|
||||
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/lib/nginx/error_pages";
|
||||
extraConfig = "error_page 404 /index.htm;";
|
||||
|
||||
locations = {
|
||||
"/" = { return = "404"; };
|
||||
|
||||
"/index.htm" = { };
|
||||
|
||||
"/style.css" = { };
|
||||
|
||||
"/wat.jpg" = { };
|
||||
};
|
||||
};
|
||||
in {
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = pkgs.openresty;
|
||||
@ -27,8 +9,23 @@ in {
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."architect.devs.giugl.io" = serviceSkeleton { default = true; };
|
||||
virtualHosts."runas.rocks" = serviceSkeleton {};
|
||||
virtualHosts."architect.devs.giugl.io" = {
|
||||
default = true;
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/lib/nginx/error_pages";
|
||||
extraConfig = "error_page 404 /index.htm;";
|
||||
|
||||
locations = {
|
||||
"/" = { return = "404"; };
|
||||
|
||||
"/index.htm" = { };
|
||||
|
||||
"/style.css" = { };
|
||||
|
||||
"/wat.jpg" = { };
|
||||
};
|
||||
};
|
||||
|
||||
appendHttpConfig =
|
||||
let
|
||||
|
||||
45
hosts/architect/runas.nix
Normal file
45
hosts/architect/runas.nix
Normal file
@ -0,0 +1,45 @@
|
||||
{ services, pkgs, lib, makeBinPath, ... }:
|
||||
let
|
||||
domain = "runas.rocks";
|
||||
runas_root = "/var/lib/runas.rocks/dist";
|
||||
service_name = "runas.rocks-pull";
|
||||
network = import ./network.nix;
|
||||
mkStartScript = name: pkgs.writeShellScript "${name}.sh" ''
|
||||
set -euo pipefail
|
||||
cd ${runas_root}
|
||||
git pull origin master --rebase
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/".root = runas_root;
|
||||
|
||||
locations."/.git" = { return = "404"; };
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.${service_name} = {
|
||||
path = [ pkgs.git ];
|
||||
enable = true;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = mkStartScript "${service_name}";
|
||||
};
|
||||
};
|
||||
timers.${service_name} = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Unit = "${service_name}.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
'';
|
||||
}
|
||||
@ -153,7 +153,7 @@ with import ./network.nix; {
|
||||
{
|
||||
# germano
|
||||
allowedIPs = [ germano-wg ];
|
||||
publicKey = "gi4o+pZWKItzVs7vY8fvXh98jX6CNeCwc1YDzhc3mA4=";
|
||||
publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
|
||||
}
|
||||
|
||||
{
|
||||
|
||||
@ -33,7 +33,9 @@
|
||||
rnix-lsp
|
||||
python310Packages.python-lsp-server
|
||||
texlab
|
||||
nodePackages.vscode-langservers-extracted
|
||||
nodePackages.typescript
|
||||
nodePackages.svelte-language-server
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user