diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-11-11 01:08:40 -0800 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-11-11 01:08:40 -0800 |
commit | 1ef51c53b5c20641b0ef328059b6ed28c337ff3b (patch) | |
tree | 223c893fd59a327c79b1c2c660cb97b5fd633a6c /hosts | |
parent | 1df80e29d2110ef344a7af3499930d7ec12c615d (diff) | |
download | nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar.gz nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar.bz2 nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar.lz nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar.xz nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.tar.zst nix-1ef51c53b5c20641b0ef328059b6ed28c337ff3b.zip |
Fix let syntax
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/arrakis/services.nix | 170 |
1 files changed, 88 insertions, 82 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index f4a5a33..18282c6 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -84,7 +84,7 @@ }; }; - let + nginx = let sys = inputs.nixos.lib.nixosSystem { system = "x86_64-linux"; @@ -116,92 +116,98 @@ build = sys.config.system.build; in { + appendHttpConfig = '' + geo $geo { + default 0; + 127.0.0.1 1; + ::1 1; + 192.168.1.0/24 1; + } + ''; + enable = true; - nginx = { - appendHttpConfig = '' - geo $geo { - default 0; - 127.0.0.1 1; - ::1 1; - 192.168.1.0/24 1; - } - ''; - enable = true; - - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - #recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - virtualHosts = { - "arrakis.bitgnome.net" = { - addSSL = true; - enableACME = true; - extraConfig = '' - if ($geo = 0) { - return 301 https://$host$request_uri; - } - ''; - locations = { - "= /boot/bzImage" = { - alias = "${build.kernel}/bzImage"; - }; - "= /boot/initrd" = { - alias = "${build.netbootRamdisk}/initrd"; - }; - "= /boot/netboot.ipxe" = { - alias = "${build.netbootIpxeScript}/netboot.ipxe"; - }; - "/" = { - tryFiles = "$uri $uri/ =404"; - }; - "/jellyfin" = { - return = "302 $scheme://$host/jellyfin/"; - }; - "/jellyfin/" = { - extraConfig = '' - proxy_pass_request_headers on; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_buffering off; - - # CORS setup - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Expose-Headers' 'Content-Length'; - - # Allow CORS preflight requests - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Max-Age' 1728000; - add_header 'Content-Type' 'text/plain charset=UTF-8'; - add_header 'Content-Length' 0; - return 204; - } - ''; - proxyPass = "http://192.168.1.2:8096/jellyfin/"; - - }; - "/nipsy" = { - extraConfig = '' - autoindex on; - ''; - tryFiles = "$uri $uri/ =404"; - }; + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + #recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + virtualHosts = { + "arrakis.bitgnome.net" = { + addSSL = true; + enableACME = true; + + extraConfig = '' + if ($geo = 0) { + return 301 https://$host$request_uri; + } + ''; + + locations = { + "= /boot/bzImage" = { + alias = "${build.kernel}/bzImage"; + }; + + "= /boot/initrd" = { + alias = "${build.netbootRamdisk}/initrd"; + }; + + "= /boot/netboot.ipxe" = { + alias = "${build.netbootIpxeScript}/netboot.ipxe"; + }; + + "/" = { + tryFiles = "$uri $uri/ =404"; + }; + + "/jellyfin" = { + return = "302 $scheme://$host/jellyfin/"; + }; + + "/jellyfin/" = { + extraConfig = '' + proxy_pass_request_headers on; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_buffering off; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + ''; + proxyPass = "http://192.168.1.2:8096/jellyfin/"; + + }; + + "/nipsy" = { + extraConfig = '' + autoindex on; + ''; + tryFiles = "$uri $uri/ =404"; }; - root = "/var/www"; }; + + root = "/var/www"; }; }; - } + }; postfix = let my_email = "nipsy@bitgnome.net"; in { enable = true; |