diff options
Diffstat (limited to 'hosts/arrakis/services.nix')
-rw-r--r-- | hosts/arrakis/services.nix | 169 |
1 files changed, 118 insertions, 51 deletions
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 2e0f7d8..25d4ddb 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -1,58 +1,124 @@ { - services.clamav.updater.enable = true; + security.acme = { + acceptTerms = true; + defaults.email = "nipsy@bitgnome.net"; + }; - services.jellyfin.enable = true; + services = { + clamav.updater.enable = true; - services.smartd = let my_email_addr = "nipsy@bitgnome.net"; in { - enable = true; - devices = [ - { - device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; - options = "-a -o on -S on -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; - options = "-a -o on -S on -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUEZNL"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUUSXL"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV0H5L"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; - options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - } - ]; - }; + iperf3.openFirewall = true; + + jellyfin.enable = true; + + nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + virtualHosts = { + "arrakis.bitgnome.net" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + extraConfig = '' + default_type text/html; + ''; + return = "200 '<html><body>Hot damn, it works!</body></html>'"; + }; + "/jellyfin" = { + return = "302 $scheme://$host/jellyfin/"; + }; + "/jellyfin/" = { + extraConfig = '' + proxy_pass_request_headers on; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_buffering off; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + ''; + proxyPass = "http://192.168.1.2:8096/jellyfin/"; + + }; + }; + }; + }; + }; + + smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + enable = true; + devices = [ + { + device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + options = "-a -o on -S on -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + options = "-a -o on -S on -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUEZNL"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUUSXL"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV0H5L"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + ]; + }; - services.samba = { - enable = true; - settings = - { + samba = { + enable = true; + settings = { global = { "invalid users" = [ "root" @@ -77,5 +143,6 @@ "wide links" = "yes"; }; }; + }; }; } |