jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

migrated back to cloudflare...

Browse Source
This commit is contained in:
Danilo Reyes 2024-07-07 00:10:11 -06:00
parent 9419a12823
commit e2914cd0f0
7 changed files with 39 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/miniserver/configuration.nix
View File

@ -40,7 +40,7 @@
adguardhome.enable = false; adguardhome.enable = false;
audiobookshelf.enable = true; audiobookshelf.enable = true;
bazarr.enable = false; bazarr.enable = false;
collabora.enable = false; collabora.enable = true;
flame.enable = true; flame.enable = true;
flameSecret.enable = true; flameSecret.enable = true;
go-vod.enable = false; go-vod.enable = false;

3
modules/scripts/update-dns.nix
View File

@ -1,4 +1,3 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
imports = [ ./base.nix ]; imports = [ ./base.nix ];
config = { config = {
@ -16,7 +15,7 @@
ipv4 = true; ipv4 = true;
ipv6 = false; ipv6 = false;
proxied = false; proxied = false;
domains = [ config.my.domainSecret ]; domains = [ config.my.domain ];
apiTokenFile = config.sops.secrets.cloudflare-api.path; apiTokenFile = config.sops.secrets.cloudflare-api.path;
}; };
my.scripts.update-dns = { my.scripts.update-dns = {

5
modules/servers.nix
View File

@ -73,11 +73,6 @@ in {
default = "servidos.lat"; default = "servidos.lat";
description = "The domain name."; description = "The domain name.";
}; };
domainSecret = lib.mkOption {
type = lib.types.str;
default = "wedsgk5ac2qcaf9yb.click";
description = "The domain name.";
};
miniserver-ip = lib.mkOption { miniserver-ip = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "192.168.1.100"; default = "192.168.1.100";

2
modules/servers/flame.nix
View File

@ -41,7 +41,7 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."start.${config.my.domain}" = proxyReverse port // { }; virtualHosts."start.${config.my.domain}" = proxyReverse port // { };
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domainSecret}" = virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" =
proxyReverse portSecret // { }; proxyReverse portSecret // { };
}; };
}; };

64
modules/servers/nextcloud.nix
View File

@ -3,7 +3,6 @@ let
inherit (config.my) localhost; inherit (config.my) localhost;
collaboraPort = 9980; collaboraPort = 9980;
url = "cloud.${config.my.domain}"; url = "cloud.${config.my.domain}";
urlSecret = "collabora.${config.my.domainSecret}";
collaboraProxy = "http://${localhost}:${toString collaboraPort}"; collaboraProxy = "http://${localhost}:${toString collaboraPort}";
commonProxyConfig = '' commonProxyConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
@ -146,38 +145,39 @@ in {
{ }; { };
}; };
}; };
${urlSecret} = lib.mkIf config.my.servers.collabora.enable { "collabora.${config.my.domain}" =
forceSSL = true; lib.mkIf config.my.servers.collabora.enable {
enableACME = true; forceSSL = true;
http2 = true; enableACME = true;
locations = { http2 = true;
# static files locations = {
"^~ /loleaflet" = { # static files
proxyPass = collaboraProxy; "^~ /loleaflet" = {
extraConfig = commonProxyConfig; proxyPass = collaboraProxy;
}; extraConfig = commonProxyConfig;
# WOPI discovery URL };
"^~ /hosting/discovery" = { # WOPI discovery URL
proxyPass = collaboraProxy; "^~ /hosting/discovery" = {
extraConfig = commonProxyConfig; proxyPass = collaboraProxy;
}; extraConfig = commonProxyConfig;
# Capabilities };
"^~ /hosting/capabilities" = { # Capabilities
proxyPass = collaboraProxy; "^~ /hosting/capabilities" = {
extraConfig = commonProxyConfig; proxyPass = collaboraProxy;
}; extraConfig = commonProxyConfig;
# download, presentation, image upload and websocket };
"~ ^/lool" = { # download, presentation, image upload and websocket
proxyPass = collaboraProxy; "~ ^/lool" = {
extraConfig = commonWebsocketConfig; proxyPass = collaboraProxy;
}; extraConfig = commonWebsocketConfig;
# Admin Console websocket };
"^~ /lool/adminws" = { # Admin Console websocket
proxyPass = collaboraProxy; "^~ /lool/adminws" = {
extraConfig = commonWebsocketConfig; proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
}; };
}; };
};
}; };
}; };
}; };
@ -216,7 +216,7 @@ in {
--o:ssl.termination=true --o:ssl.termination=true
''; '';
}; };
extraOptions = [ "--cap-add" "MKNOD" ]; extraOptions = [ "--cap-add=MKNOD" ];
}; };
}; };
systemd = lib.mkIf config.my.servers.nextcloud.enableCron { systemd = lib.mkIf config.my.servers.nextcloud.enableCron {

2
modules/servers/qbittorrent.nix
View File

@ -52,7 +52,7 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domainSecret}" = virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
proxyReverse port // { }; proxyReverse port // { };
}; };
networking.firewall = { networking.firewall = {

6
secrets/env.yaml
View File

@ -6,7 +6,7 @@ maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8b
multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str] multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str]
vaultwarden: ENC[AES256_GCM,data:BH+G8FmYylTbOhzZy6T+sW0q2myJC2zpd/SrtG5WC7N5fmV++X4h+6/tU5dFv4owIOLm/13oGrkT/KOWkF2wwQ7qeQQ8bsyloEigNBMW6d7/ihXZtdtYid1HQrvc6U+Sjl8CPjInHz5j9fy5ouMrmDCGVIYdNrDzFW8AYn7KFLIa3c7oCWMTBCOeGS5rD55GSwy5y4AvBx7Hj9xnZmGG2cnzt5CR9hr/fnZhBTcPxquUZw==,iv:CxDdtWC7zKJZ/Ikq5fV33AT6MYx+pbAGI0Cy6I1fcyo=,tag:q8w4maD3vXTdxCLZ7qbCjg==,type:str] vaultwarden: ENC[AES256_GCM,data:BH+G8FmYylTbOhzZy6T+sW0q2myJC2zpd/SrtG5WC7N5fmV++X4h+6/tU5dFv4owIOLm/13oGrkT/KOWkF2wwQ7qeQQ8bsyloEigNBMW6d7/ihXZtdtYid1HQrvc6U+Sjl8CPjInHz5j9fy5ouMrmDCGVIYdNrDzFW8AYn7KFLIa3c7oCWMTBCOeGS5rD55GSwy5y4AvBx7Hj9xnZmGG2cnzt5CR9hr/fnZhBTcPxquUZw==,iv:CxDdtWC7zKJZ/Ikq5fV33AT6MYx+pbAGI0Cy6I1fcyo=,tag:q8w4maD3vXTdxCLZ7qbCjg==,type:str]
dns: ENC[AES256_GCM,data:eQACe2GRS0ZHyszFkZDG1CeJJZDe/0eXNnurujdv5VR5QQJjYRAQuJVzC3XgelXoWeIQdtW4IfpXTv7xaGuhEzPgsPm4hAdEKosNs6h0ZGg8FG73NSdMWw==,iv:n3i4Ll24+a82aKiRIJgMWLko1B2Lk7bLnpmUevBoHGA=,tag:bnZzVfRUSpZFvF2T6pMtsQ==,type:str] dns: ENC[AES256_GCM,data:eQACe2GRS0ZHyszFkZDG1CeJJZDe/0eXNnurujdv5VR5QQJjYRAQuJVzC3XgelXoWeIQdtW4IfpXTv7xaGuhEzPgsPm4hAdEKosNs6h0ZGg8FG73NSdMWw==,iv:n3i4Ll24+a82aKiRIJgMWLko1B2Lk7bLnpmUevBoHGA=,tag:bnZzVfRUSpZFvF2T6pMtsQ==,type:str]
cloudflare-api: ENC[AES256_GCM,data:UJwdEI8a9kmXogCxyUzPK3fm0Vhbi+4AwLEoSE43Y91KXLBJnb+aZUOMEbGRw6wyr3I74MU5YGXm5OwxxhM=,iv:HzxWF0IAmgboIt3bp0Pk6cpZAJFvcWbQbRIcfBGspZI=,tag:Se+ZvuahWwC54xVTSYOhKg==,type:str] cloudflare-api: ENC[AES256_GCM,data:iNUMlY8rz5yHVitpK4HGaFSK7j+c8Pm7rOQMOQGmSJ3a8ASyrtouPgLbcnoPY/jalsJYAj991dSiui+Vwqs=,iv:qWONG/KLd9/F4tqrWF5T25Zxst3bk+kOYaOFBFSBAAY=,tag:gRFxar8KS8gnX8oaCD156Q==,type:str]
homepage: ENC[AES256_GCM,data:065NyZDDVPM8z50si7t9a+Yk6hgUGqcizGX/SRzWVdEA2bLk+lcBO+1OhnM2HXlpHTABG7yaiKGnGXZ5rB29PFdCgXkkw0P131Dfn8LATbtpBJSLdG+h3w28+UFcgrpcgJusWJsn83GKI+XmiNqPkajmLSvdKycN3CSom3pUQC1dErAl8h0UqWOMVP+/RJjffPHLY9NzuLniBZwWAonrcngceB3SRr0Bqpfv/HJGcfUUu4CoCmdSlL3qBOc0XV+WSTQWiBVAqefQKwQs6STUMP1C4RRX3TdkCMi+y1dgAK+xJbTY3EuiouhW87m8nRKraKBY7LKssilt1M18syO4bE72T230H7ETodYMQ6+z+4Q59eM5ZA==,iv:swoOBjVAMVN2+788eCSqoNSFjER30QjJhcPYXr2DS34=,tag:nVaKsKoE+umBPmxj1ojFpw==,type:str] homepage: ENC[AES256_GCM,data:065NyZDDVPM8z50si7t9a+Yk6hgUGqcizGX/SRzWVdEA2bLk+lcBO+1OhnM2HXlpHTABG7yaiKGnGXZ5rB29PFdCgXkkw0P131Dfn8LATbtpBJSLdG+h3w28+UFcgrpcgJusWJsn83GKI+XmiNqPkajmLSvdKycN3CSom3pUQC1dErAl8h0UqWOMVP+/RJjffPHLY9NzuLniBZwWAonrcngceB3SRr0Bqpfv/HJGcfUUu4CoCmdSlL3qBOc0XV+WSTQWiBVAqefQKwQs6STUMP1C4RRX3TdkCMi+y1dgAK+xJbTY3EuiouhW87m8nRKraKBY7LKssilt1M18syO4bE72T230H7ETodYMQ6+z+4Q59eM5ZA==,iv:swoOBjVAMVN2+788eCSqoNSFjER30QjJhcPYXr2DS34=,tag:nVaKsKoE+umBPmxj1ojFpw==,type:str]
sops: sops:
kms: [] kms: []
@ -50,8 +50,8 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-06T17:21:51Z" lastmodified: "2024-07-07T06:09:39Z"
mac: ENC[AES256_GCM,data:oD+Zl5hdTgg7m4o+s/StFralyExQNPndGAFDNgMH7+vdXD9HFLJC/OuUqGynHmynbaND9X78jo00JwvjTMVLP/0abzrZfQtWbxl5dqcGN7wqRJgRpy03rnByx5boUgecHgQP99+o6rSOwHlMUhSjkNV8TMiTjjE/0HiRLFO9uTc=,iv:5NtmC6sjWpqMIUMCbO6IA95gSMYx+3bZ6bkl2HMpqEY=,tag:E+3CLSWEMrk/PbAt3qv+Hw==,type:str] mac: ENC[AES256_GCM,data:jbPiHhafnCt6NrEowzW1CmYSRst2d2OM/g9QA8aNLZmGBXUu11Wi9mYyAds4FFtdyoECeQ5fRK5PFtjRE6uFWxmSzanG1Py45hBU0qXsEJ3jh3BVa+atPcZg18v86Cz59FlzZ+3eZJ21u93oIT42x6JB2X9TXtAWj+hZbu4Qc1Q=,iv:8HQ4QPow0vTtxik/5AIqdKTfGGGvCFhjGzbCxQVcqkQ=,tag:w3KxdSl0YGbV2ZQYNv576Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1