fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Just do the nginx proxy_protocol listen in extraConfig and use stable packages

Browse source
This commit is contained in:
fi 2023-09-03 17:43:41 +02:00
parent cc93674cc4
commit 1d8697b70a
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
4 changed files with 23 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hosts.nix
View file

@ -24,7 +24,6 @@ let
in in
generateDefaults { generateDefaults {
hydra = { hydra = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
}; };
iperf = { iperf = {
@ -47,11 +46,9 @@ in
site = "vs"; site = "vs";
}; };
nextcloud = { nextcloud = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
}; };
nitter = { nitter = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
}; };
coturn = { coturn = {

31
hosts/hydra/nginx.nix
View file

@ -3,41 +3,40 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"hydra.nekover.se" = { "hydra.nekover.se" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [{ listen = [{
addr = "127.0.0.1";
port = 1234;
}{
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 8443; port = 80;
ssl = true;
proxyProtocol = true;
}]; }];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:3001"; proxyPass = "http://localhost:3001";
}; };
}; extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
};
"nix-cache.nekover.se" = { "nix-cache.nekover.se" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [{ listen = [ {
addr = "127.0.0.1";
port = 1234;
}{
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 8443; port = 80;
ssl = true;
proxyProtocol = true;
}]; }];
locations."/" = { locations."/" = {
proxyPass = "http://localhost:5005"; proxyPass = "http://localhost:5005";
}; };
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
}; };
}; };
}; };
} }

14
hosts/nextcloud/nextcloud.nix
View file

@ -41,19 +41,9 @@
virtualHosts.${config.services.nextcloud.hostName} = { virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [
{
addr = "localhost";
port = 1234;
} # workaround for enableACME check
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
extraConfig = '' extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100; set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol; real_ip_header proxy_protocol;
''; '';

18
hosts/nitter/nginx.nix
View file

@ -5,18 +5,6 @@
virtualHosts."birdsite.nekover.se" = { virtualHosts."birdsite.nekover.se" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
listen = [
{
addr = "localhost";
port = 1234;
} # workaround for enableACME check
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/robots.txt" = { locations."/robots.txt" = {
return = "200 \"User-agent: *\\nDisallow: /\\n\""; return = "200 \"User-agent: *\\nDisallow: /\\n\"";
}; };
@ -24,6 +12,12 @@
proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}"; proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100;
real_ip_header proxy_protocol;
'';
}; };
}; };
} }