tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

nginx: moved all reverse proxy configurations to nginx

Browse source
This commit is contained in:
Tigor Hutasuhut 2024-11-24 20:46:15 +07:00
parent 4539c5df73
commit 437fd67d9b
7 changed files with 80 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
system/services/jellyfin.nix
View file

@ -16,6 +16,20 @@ in
chmod -R 0777 /nas/mediaserver
'';
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"= /metrics" = {
return = "403";
};
"/" = {
proxyPass = "http://0.0.0.0:8096";
proxyWebsockets = true;
};
};
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
@public not remote_ip private_ranges
@ -44,6 +58,15 @@ in
reverse_proxy 0.0.0.0:5055
'';
};
services.nginx.virtualHosts.${domain-jellyseerr} = mkIf cfg.jellyseerr.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://0.0.0.0:5055";
proxyWebsockets = true;
};
};
services.jellyfin = {
enable = true;
inherit dataDir;

11
system/services/kavita.nix
View file

@ -23,6 +23,17 @@ in
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
'';
services.nginx.virtualHosts."kavita.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.kavita.settings.Port}";
proxyWebsockets = true;
};
};
};
services.kavita = {
enable = true;
tokenKeyFile = config.sops.secrets."kavita/token".path;

11
system/services/navidrome.nix
View file

@ -10,6 +10,17 @@ in
reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
'';
services.nginx.virtualHosts."navidrome.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.navidrome.settings.Port}";
proxyWebsockets = true;
};
};
};
users.groups.navidrome.members = [ user.name ];
users.groups.${user.name}.members = [ "navidrome" ];

1
system/services/nginx.nix
View file

@ -26,6 +26,7 @@ in
recommendedProxySettings = true;
recommendedZstdSettings = true;
recommendedBrotliSettings = true;
enableReload = true;
};
users.users.nginx.extraGroups = [ "acme" ];

11
system/services/ntfy-sh.nix
View file

@ -18,6 +18,17 @@ lib.mkMerge [
reverse_proxy ${listenAddress}
'';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:15150";
proxyWebsockets = true;
};
};
};
services.ntfy-sh = {
enable = true;
settings =

12
system/services/photoprism.nix
View file

@ -20,6 +20,18 @@ in
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
'';
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:${toString config.services.photoprism.port}";
proxyWebsockets = true;
};
};
};
sops.secrets."photoprism/admin_password" = {
sopsFile = ../../secrets/photoprism.yaml;
};

11
system/services/syncthing.nix
View file

@ -16,6 +16,17 @@ in
services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:8384
'';
services.nginx.virtualHosts."syncthing.tigor.web.id" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://0.0.0.0:8384";
proxyWebsockets = true;
};
};
};
sops.secrets =
let
opts = {