jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

servers working perfectly, many adjustments

Browse Source
This commit is contained in:
Danilo Reyes 2023-08-30 11:47:23 -06:00
parent 88ae340840
commit 49dda93335
2 changed files with 113 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
configuration.org
View File

@ -266,6 +266,8 @@ users.users.nextcloud = {
extraGroups = [ "nextcloud" ]; extraGroups = [ "nextcloud" ];
packages = (with pkgs; [ packages = (with pkgs; [
nodejs_14 nodejs_14
perl
exiftool
### Currently incompatible with newer versions, and compiling ### Currently incompatible with newer versions, and compiling
### an older version takes 7 hours. ### an older version takes 7 hours.
# cudatoolkit # cudatoolkit
@ -908,65 +910,44 @@ programs = {
}; };
services = { services = {
jellyfin = { jellyfin.enable = true;
enable = true; # vaultwarden.enable = true;
openFirewall = true;
};
nextcloud = { nextcloud = {
enable = true;
# package = pkgs.nextcloud27;
maxUploadSize = "50G";
enableImagemagick = true;
appstoreEnable = true;
extraAppsEnable = true;
hostName = "cloud.servidos.lat";
https = true; https = true;
caching = { enable = true;
redis = true; package = pkgs.nextcloud26;
}; appstoreEnable = true;
configureRedis = true;
maxUploadSize = "512M";
extraAppsEnable = true;
enableImagemagick = true;
hostName = "cloud.servidos.lat";
config = { config = {
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https"; overwriteProtocol = "https";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "localhost:80" "cloud.danilo-reyes.com" "cloud.servidos.lat" ];
defaultPhoneRegion = "MX"; defaultPhoneRegion = "MX";
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}"; dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
dbtableprefix = "oc_"; dbtableprefix = "oc_";
dbname = "nextcloud"; dbname = "nextcloud";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "danilo-reyes.com" ];
}; };
extraOptions = { extraOptions = {
redis = {
host = "localhost";
port = 6379;
};
memcache = {
local = "\\OC\\Memcache\\Redis";
distributed = "\\OC\\Memcache\\Redis";
locking = "\\OC\\Memcache\\Redis";
};
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true; "installed" = true;
}; "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
phpOptions = { enabledPreviewProviders = [
display_errors = "stderr"; "OC\\Preview\\Image"
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; "OC\\Preview\\HEIC"
expose_php = "Off"; "OC\\Preview\\TIFF"
"opcache.enable_cli" = "1"; "OC\\Preview\\MKV"
"opcache.fast_shutdown" = "1"; "OC\\Preview\\MP4"
"opcache.interned_strings_buffer" = "10"; "OC\\Preview\\AVI"
"opcache.max_accelerated_files" = "10000"; "OC\\Preview\\Movie"
"opcache.memory_consumption" = "128"; ];
"opcache.revalidate_freq" = "1"; opcache.jit = 1255;
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; opcache.jit_buffer_size = "128M";
catch_workers_output = "yes";
short_open_tag = "Off";
# defaults end here
upload_max_filesize = "50G";
post_max_size = "50G";
memory_limit = "2G";
}; };
phpExtraExtensions = all: [ all.pdlib all.bz2 ]; phpExtraExtensions = all: [ all.pdlib all.bz2 ];
}; };
@ -1063,35 +1044,54 @@ systemd.services = {
# ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; # ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
# }; # };
# }; # };
"nextcloud_scrapsync" = { # "nextcloud_scrapsync" = {
description = "Sync scrapped files with nextcloud"; # description = "Sync scrapped files with nextcloud";
wantedBy = [ "default.target" ]; # wantedBy = [ "default.target" ];
path = [ # path = [
pkgs.bash # pkgs.bash
jawz_nextcloud_scrapsync # jawz_nextcloud_scrapsync
]; # ];
serviceConfig = { # serviceConfig = {
RestartSec = 30; # RestartSec = 30;
ExecStart = "${jawz_nextcloud_scrapsync}/bin/nextcloud_scrapsync"; # ExecStart = "${jawz_nextcloud_scrapsync}/bin/nextcloud_scrapsync";
}; # };
}; # };
# "nextcloud_previews" = {
# description = "Generate previews";
# wantedBy = [ "default.target" ];
# path = [
# pkgs.nextcloud26
# ];
# serviceConfig = {
# RestartSec = 30;
# ExecStart = "${pkgs.nextcloud26}/occ preview:pre-generate";
# };
# };
}; };
systemd.timers = { systemd.timers = {
"nextcloud_scrapsync" = { # "nextcloud_scrapsync" = {
enable = true; # enable = true;
description = "Sync scrapped files with nextcloud"; # description = "Sync scrapped files with nextcloud";
wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
timerConfig = { # timerConfig = {
OnCalendar= [ # OnCalendar= [
"*-*-* 01:32:00" # "*-*-* 01:32:00"
"*-*-* 08:32:00" # "*-*-* 08:32:00"
"*-*-* 14:32:00" # "*-*-* 14:32:00"
"*-*-* 20:32:00" # "*-*-* 20:32:00"
]; # ];
RandomizedDelaySec = 30; # RandomizedDelaySec = 30;
Persistent = true; # Persistent = true;
}; # };
}; # };
# "nextcloud_previews" = {
# enable = true;
# description = "Generate previews";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "*:0/10";
# };
# };
}; };
systemd.user.services = { systemd.user.services = {
"HentaiAtHome" = { "HentaiAtHome" = {
@ -1168,7 +1168,6 @@ networking = {
6969 # HentaiAtHome 6969 # HentaiAtHome
25152 # ssh 25152 # ssh
49494 # gerbera 49494 # gerbera
8086 8920 # jellyfin
]; ];
open_firewall_port_ranges = [ open_firewall_port_ranges = [
{ from = 1714; to = 1764; } # kdeconnect { from = 1714; to = 1764; } # kdeconnect

157
nginx.nix
View File

@ -5,20 +5,29 @@
let let
localhost = "127.0.0.1"; localhost = "127.0.0.1";
jellyfinPort = 8086; jellyfinPort = "8096";
newflixPort = 8897;
shioriPort = 9001;
flamePort = 5005;
secretFlamePort = 5007;
lidarrPort = 8686;
bazarrPort = 6767;
sonarrPort = 8989;
radarrPort = 7878;
prowlarrPort = 9696;
vaultPort = 9666;
searxPort = 8080;
kavitaPort = 5000;
nextcloudPort = 80; nextcloudPort = 80;
# unstable_tarball =
# builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master";
# unstable = import unstable_tarball { config = config.nixpkgs.config; };
in { in {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; # recommendedProxySettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
commonHttpConfig = '' appendHttpConfig = ''
### GLOBAL ### GLOBAL
# Add HSTS header with preloading to HTTPS requests. # Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged # Adding this header to HTTP requests is discouraged
@ -34,7 +43,7 @@ in {
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame # Disable embedding as a frame
add_header X-Frame-Options DENY; # add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
@ -45,9 +54,9 @@ in {
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
### NEXTCLOUD # NEXTCLOUD
# upstream php-handler { # upstream php-handler {
# server 127.0.0.1:9000; # server ${localhost}:9000;
# #server unix:/var/run/php/php7.4-fpm.sock; # #server unix:/var/run/php/php7.4-fpm.sock;
# } # }
@ -56,7 +65,7 @@ in {
# "" ""; # "" "";
# default "immutable"; # default "immutable";
# } # }
### JELLYFIN # JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m; proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=90d max_size=35000m;
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off; proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=30d use_temp_path=off;
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
@ -70,8 +79,22 @@ in {
http2 = true; http2 = true;
}; };
proxy = port: proxy = port:
base { "/".proxyPass = "http://127.0.0.1:" + toString (port) + "/"; }; base {
"/".proxyPass = "http://${localhost}:" + toString (port) + "/";
};
in { in {
"newflix.servidos.lat" = proxy newflixPort // { };
"library.servidos.lat" = proxy kavitaPort // { };
"bookmarks.servidos.lat" = proxy shioriPort // { };
"start.servidos.lat" = proxy flamePort // { };
"qampqwn4wprhqny8h8zj.servidos.lat" = proxy secretFlamePort // { };
"music.servidos.lat" = proxy lidarrPort // { };
"subs.servidos.lat" = proxy bazarrPort // { };
"series.servidos.lat" = proxy sonarrPort // { };
"movies.servidos.lat" = proxy radarrPort // { };
"indexer.servidos.lat" = proxy prowlarrPort // { };
"vault.servidos.lat" = proxy vaultPort // { };
"searx.servidos.lat" = proxy searxPort // { };
"flix.servidos.lat" = { "flix.servidos.lat" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -80,9 +103,7 @@ in {
# use a variable to store the upstream proxy # use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS # in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
# e.g `set $jellyfin 127.0.0.1`) resolver ${localhost} valid=30;
set $jellyfin 127.0.0.1;
resolver 127.0.0.1 valid=30;
location = / { location = / {
return 302 http://$host/web/; return 302 http://$host/web/;
@ -90,7 +111,7 @@ in {
} }
location = /web/ { location = /web/ {
# Proxy main Jellyfin traffic # Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html; proxy_pass http://${localhost}:${jellyfinPort}/web/index.html;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -101,11 +122,11 @@ in {
''; '';
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://$jellyfin:8096"; proxyPass = "http://${localhost}:${jellyfinPort}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"/socket" = { "/socket" = {
proxyPass = "http://$jellyfin:8096"; proxyPass = "http://${localhost}:${jellyfinPort}";
extraConfig = '' extraConfig = ''
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@ -113,7 +134,7 @@ in {
''; '';
}; };
"~ /Items/(.*)/Images" = { "~ /Items/(.*)/Images" = {
proxyPass = "http://$jellyfin:8096"; proxyPass = "http://${localhost}:${jellyfinPort}";
extraConfig = '' extraConfig = ''
proxy_cache jellyfin; proxy_cache jellyfin;
proxy_cache_revalidate on; proxy_cache_revalidate on;
@ -121,7 +142,7 @@ in {
''; '';
}; };
"~* ^/Videos/(.*)/(?!live)" = { "~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://$jellyfin:8096"; proxyPass = "http://${localhost}:${jellyfinPort}";
extraConfig = '' extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx) # Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead # Higher value means more latency, lower more overhead
@ -151,107 +172,11 @@ in {
}; };
}; };
}; };
"library.servidos.lat" = proxy 5000 // { };
${config.services.nextcloud.hostName} = { ${config.services.nextcloud.hostName} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
# extraConfig = '' serverAliases = [ "danilo-reyes.com" "cloud.servidos.lat" ];
# server_tokens off;
# # set max upload size and increase upload timeout:
# client_body_timeout 300s;
# # fastcgi_buffers 64 4K;
# # The settings allows you to optimize the HTTP2 bandwitdth.
# # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# # for tunning hints
# client_body_buffer_size 512k;
# # HTTP response headers borrowed from Nextcloud `.htaccess`
# add_header Referrer-Policy "no-referrer" always;
# add_header X-Download-Options "noopen" always;
# add_header X-Permitted-Cross-Domain-Policies "none" always;
# add_header X-Robots-Tag "noindex, nofollow" always;
# # Remove X-Powered-By, which is an information leak
# fastcgi_hide_header X-Powered-By;
# # Specify how to handle directories -- specifying `/index.php$request_uri`
# # here as the fallback means that Nginx always exhibits the desired behaviour
# # when a client requests a path that corresponds to a directory that exists
# # on the server. In particular, if that directory contains an index.php file,
# # that file is correctly served; if it doesn't, then the request is passed to
# # the front-end controller. This consistent behaviour means that we don't need
# # to specify custom rules for certain paths (e.g. images and other assets,
# # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# # `try_files $uri $uri/ /index.php$request_uri`
# # always provides the desired behaviour.
# index index.php index.html /index.php$request_uri;
# '';
# locations = {
# "/".extraConfig = ''
# try_files $uri $uri/ /index.php$request_uri;
# '';
# "= /".extraConfig = ''
# # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
# if ( $http_user_agent ~ ^DavClnt ) {
# return 302 /remote.php/webdav/$is_args$args;
# }
# '';
# "^~ /.well-known".extraConfig = ''
# # The rules in this block are an adaptation of the rules
# # in `.htaccess` that concern `/.well-known`.
# location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
# location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# # Let Nextcloud's API for `/.well-known` URIs handle all other
# # requests by passing them to the front-end controller.
# return 301 /index.php$request_uri;
# '';
# "~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)".extraConfig =
# "return 404;";
# "~ ^/(?:.|autotest|occ|issue|indie|db_|console)".extraConfig =
# "return 404;";
# "~ .php(?:$|/)".extraConfig = ''
# # Required for legacy support
# rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
# fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# set $path_info $fastcgi_path_info;
# try_files $fastcgi_script_name =404;
# # include fastcgi_params;
# include "${pkgs.nginx}/conf/fastcgi_params";
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $path_info;
# fastcgi_param HTTPS on;
# fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
# fastcgi_param front_controller_active true; # Enable pretty urls
# fastcgi_intercept_errors on;
# fastcgi_request_buffering off;
# fastcgi_max_temp_file_size 0;
# '';
# "~ .(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$" = {
# extraConfig = ''
# try_files $uri /index.php$request_uri;
# access_log off; # Optional: Don't log access to assets
# location ~ \.wasm$ {
# default_type application/wasm;
# }
# '';
# };
# "~ .woff2?$".extraConfig = ''
# try_files $uri /index.php$request_uri;
# expires 7d; # Cache-Control policy borrowed from `.htaccess`
# access_log off; # Optional: Don't log access to assets '';
# "/remote".extraConfig = "return 301 /remote.php$request_uri;";
# };
}; };
}; };
}; };