From 1ef51c53b5c20641b0ef328059b6ed28c337ff3b Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Mon, 11 Nov 2024 01:08:40 -0800
Subject: Fix let syntax
---
hosts/arrakis/services.nix | 170 +++++++++++++++++++++++----------------------
1 file changed, 88 insertions(+), 82 deletions(-)
(limited to 'hosts/arrakis')
diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix
index f4a5a33..18282c6 100644
--- a/hosts/arrakis/services.nix
+++ b/hosts/arrakis/services.nix
@@ -84,7 +84,7 @@
};
};
- let
+ nginx = let
sys = inputs.nixos.lib.nixosSystem {
system = "x86_64-linux";
@@ -116,92 +116,98 @@
build = sys.config.system.build;
in {
+ appendHttpConfig = ''
+ geo $geo {
+ default 0;
+ 127.0.0.1 1;
+ ::1 1;
+ 192.168.1.0/24 1;
+ }
+ '';
+ enable = true;
- nginx = {
- appendHttpConfig = ''
- geo $geo {
- default 0;
- 127.0.0.1 1;
- ::1 1;
- 192.168.1.0/24 1;
- }
- '';
- enable = true;
-
- # Use recommended settings
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- #recommendedProxySettings = true;
- recommendedTlsSettings = true;
-
- # Only allow PFS-enabled ciphers with AES256
- sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
- virtualHosts = {
- "arrakis.bitgnome.net" = {
- addSSL = true;
- enableACME = true;
- extraConfig = ''
- if ($geo = 0) {
- return 301 https://$host$request_uri;
- }
- '';
- locations = {
- "= /boot/bzImage" = {
- alias = "${build.kernel}/bzImage";
- };
- "= /boot/initrd" = {
- alias = "${build.netbootRamdisk}/initrd";
- };
- "= /boot/netboot.ipxe" = {
- alias = "${build.netbootIpxeScript}/netboot.ipxe";
- };
- "/" = {
- tryFiles = "$uri $uri/ =404";
- };
- "/jellyfin" = {
- return = "302 $scheme://$host/jellyfin/";
- };
- "/jellyfin/" = {
- extraConfig = ''
- proxy_pass_request_headers on;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- proxy_buffering off;
-
- # CORS setup
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length';
-
- # Allow CORS preflight requests
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- '';
- proxyPass = "http://192.168.1.2:8096/jellyfin/";
-
- };
- "/nipsy" = {
- extraConfig = ''
- autoindex on;
- '';
- tryFiles = "$uri $uri/ =404";
- };
+ # Use recommended settings
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ #recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+
+ # Only allow PFS-enabled ciphers with AES256
+ sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+ virtualHosts = {
+ "arrakis.bitgnome.net" = {
+ addSSL = true;
+ enableACME = true;
+
+ extraConfig = ''
+ if ($geo = 0) {
+ return 301 https://$host$request_uri;
+ }
+ '';
+
+ locations = {
+ "= /boot/bzImage" = {
+ alias = "${build.kernel}/bzImage";
+ };
+
+ "= /boot/initrd" = {
+ alias = "${build.netbootRamdisk}/initrd";
+ };
+
+ "= /boot/netboot.ipxe" = {
+ alias = "${build.netbootIpxeScript}/netboot.ipxe";
+ };
+
+ "/" = {
+ tryFiles = "$uri $uri/ =404";
+ };
+
+ "/jellyfin" = {
+ return = "302 $scheme://$host/jellyfin/";
+ };
+
+ "/jellyfin/" = {
+ extraConfig = ''
+ proxy_pass_request_headers on;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $http_connection;
+ proxy_buffering off;
+
+ # CORS setup
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length';
+
+ # Allow CORS preflight requests
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain charset=UTF-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ '';
+ proxyPass = "http://192.168.1.2:8096/jellyfin/";
+
+ };
+
+ "/nipsy" = {
+ extraConfig = ''
+ autoindex on;
+ '';
+ tryFiles = "$uri $uri/ =404";
};
- root = "/var/www";
};
+
+ root = "/var/www";
};
};
- }
+ };
postfix = let my_email = "nipsy@bitgnome.net"; in {
enable = true;
--
cgit v1.2.3