modularization of all servers donion rings
This commit is contained in:
@@ -15,7 +15,7 @@ let
|
||||
"/".proxyPass = "http://${config.my.localhost}:${toString port}/";
|
||||
};
|
||||
proxyReverseArr = port:
|
||||
proxy port // {
|
||||
proxyReverse port // {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
@@ -23,32 +23,51 @@ let
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $http_connection;
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
'';
|
||||
};
|
||||
enableDocker = lib.any (opt: opt) [
|
||||
config.my.servers.collabora.enable
|
||||
config.my.servers.ryot.enable
|
||||
config.my.servers.lidarr.enable
|
||||
config.my.servers.prowlarr.enable
|
||||
config.my.servers.maloja.enable
|
||||
config.my.servers.multi-scrobbler.enable
|
||||
config.my.servers.flame.enable
|
||||
config.my.servers.metube.enable
|
||||
config.my.servers.go-vod.enable
|
||||
];
|
||||
in {
|
||||
imports = [
|
||||
./servers/adguardhome.nix
|
||||
./servers/paperless.nix
|
||||
./servers/postgres.nix
|
||||
(import ./servers/audiobookshelf.nix { inherit lib config proxy; })
|
||||
(import ./servers/bazarr.nix {
|
||||
inherit lib config serviceBase proxyReverse;
|
||||
})
|
||||
(import ./servers/flame.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/jellyfin.nix { inherit lib config pkgs serviceBase; })
|
||||
(import ./servers/nextcloud.nix { inherit lib config pkgs serviceBase; })
|
||||
(import ./servers/kavita.nix { inherit lib config pkgs proxyReverse; })
|
||||
(import ./servers/lidarr.nix { inherit lib config proxyReverseArr; })
|
||||
(import ./servers/maloja.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/mealie.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/metube.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/microbin.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/multi-scrobbler.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/nextcloud.nix { inherit lib config pkgs serviceBase; })
|
||||
(import ./servers/prowlarr.nix { inherit lib config proxyReverseArr; })
|
||||
(import ./servers/qbittorrent.nix { inherit lib config pkgs proxyReverse; })
|
||||
(import ./servers/radarr.nix {
|
||||
inherit lib config serviceBase proxyReverseArr;
|
||||
})
|
||||
(import ./servers/ryot.nix { inherit lib config proxyReverse; })
|
||||
(import ./servers/shiori.nix { inherit lib config pkgs proxyReverse; })
|
||||
(import ./servers/sonarr.nix {
|
||||
inherit lib config serviceBase proxyReverse;
|
||||
})
|
||||
(import ./servers/bazarr.nix {
|
||||
inherit lib config serviceBase proxyReverse;
|
||||
})
|
||||
(import ./servers/radarr.nix {
|
||||
inherit lib config serviceBase proxyReverseArr;
|
||||
})
|
||||
(import ./servers/prowlarr.nix { inherit lib config proxyReverseArr; })
|
||||
(import ./servers/lidarr.nix { inherit lib config proxyReverseArr; })
|
||||
(import ./servers/vaultwarden.nix { inherit lib config pkgs proxyReverse; })
|
||||
];
|
||||
options.my = {
|
||||
localhost = lib.mkOption {
|
||||
@@ -66,6 +85,16 @@ in {
|
||||
default = "/run/postgresql";
|
||||
description = "The PostgreSQL socket path.";
|
||||
};
|
||||
containerSocket = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/run/docker.sock";
|
||||
description = "The docker/podman socket path.";
|
||||
};
|
||||
containerData = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/docker-configs";
|
||||
description = "The docker/podman socket path.";
|
||||
};
|
||||
};
|
||||
config = {
|
||||
my.servers = {
|
||||
@@ -77,15 +106,29 @@ in {
|
||||
enable = lib.mkDefault false;
|
||||
enableCron = lib.mkDefault false;
|
||||
};
|
||||
adguardhome.enable = lib.mkDefault false;
|
||||
audiobookshelf.enable = lib.mkDefault false;
|
||||
bazarr.enable = lib.mkDefault false;
|
||||
collabora.enable = lib.mkDefault false;
|
||||
flame.enable = lib.mkDefault false;
|
||||
flameSecret.enable = lib.mkDefault false;
|
||||
go-vod.enable = lib.mkDefault false;
|
||||
kavita.enable = lib.mkDefault false;
|
||||
lidarr.enable = lib.mkDefault false;
|
||||
maloja.enable = lib.mkDefault false;
|
||||
mealie.enable = lib.mkDefault false;
|
||||
metube.enable = lib.mkDefault false;
|
||||
microbin.enable = lib.mkDefault false;
|
||||
multi-scrobbler.enable = lib.mkDefault false;
|
||||
paperless.enable = lib.mkDefault false;
|
||||
postgres.enable = lib.mkDefault false;
|
||||
prowlarr.enable = lib.mkDefault false;
|
||||
qbittorrent.enable = lib.mkDefault false;
|
||||
radarr.enable = lib.mkDefault false;
|
||||
ryot.enable = lib.mkDefault false;
|
||||
shiori.enable = lib.mkDefault false;
|
||||
sonarr.enable = lib.mkDefault false;
|
||||
bazarr.enable = lib.mkDefault false;
|
||||
radarr.enable = lib.mkDefault false;
|
||||
lidarr.enable = lib.mkDefault false;
|
||||
prowlarr.enable = lib.mkDefault false;
|
||||
vaultwarden.enable = lib.mkDefault false;
|
||||
};
|
||||
virtualisation.docker = lib.mkIf enableDocker {
|
||||
enable = true;
|
||||
@@ -96,5 +139,18 @@ in {
|
||||
dates = "weekly";
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
clientMaxBodySize = "4096m";
|
||||
# recommendedTlsSettings = true;
|
||||
# recommendedGzipSettings = true;
|
||||
# recommendedOptimisation = true;
|
||||
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||
};
|
||||
networking.firewall = let ports = [ 80 443 ];
|
||||
in {
|
||||
enable = true;
|
||||
allowedTCPPorts = ports;
|
||||
allowedUDPPorts = ports;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user