Just do the nginx proxy_protocol listen in extraConfig and use stable packages

2023-09-03 17:43:41 +02:00 · 2023-09-03 17:43:41 +02:00 · 1d8697b70a
parent cc93674cc4
commit 1d8697b70a
4 changed files with 23 additions and 43 deletions
--- a/hosts.nix
+++ b/hosts.nix
@ -24,7 +24,6 @@ let
 in
  generateDefaults {
    hydra = {
-      hostNixpkgs = nixpkgs-unstable;
      site = "vs";
    };
    iperf = {
@ -47,11 +46,9 @@ in
      site = "vs";
    };
    nextcloud = {
-      hostNixpkgs = nixpkgs-unstable;
      site = "vs";
    };
    nitter = {
-      hostNixpkgs = nixpkgs-unstable;
      site = "vs";
    };
    coturn = {
--- a/hosts/hydra/nginx.nix
+++ b/hosts/hydra/nginx.nix
@ -3,41 +3,40 @@
  services.nginx = {
    enable = true;
    virtualHosts = {
-
      "hydra.nekover.se" = {
        forceSSL = true;
        enableACME = true;
        listen = [{
-          addr = "127.0.0.1";
-          port = 1234;
-        }{
          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
+          port = 80;
        }];
        locations."/" = {
          proxyPass = "http://localhost:3001";
        };
-      };
+        extraConfig = ''
+          listen 0.0.0.0:8443 http2 ssl proxy_protocol;

+          set_real_ip_from 10.202.41.100;
+          real_ip_header proxy_protocol;
+        '';
+      };
      "nix-cache.nekover.se" = {
        forceSSL = true;
        enableACME = true;
-        listen = [{
-          addr = "127.0.0.1";
-          port = 1234;
-        }{
+        listen = [        {
          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
+          port = 80;
        }];
        locations."/" = {
          proxyPass = "http://localhost:5005";
        };
-      };
+        extraConfig = ''
+          listen 0.0.0.0:8443 http2 ssl proxy_protocol;

+          set_real_ip_from 10.202.41.100;
+          real_ip_header proxy_protocol;
+        '';
+      };
    };
  };
 }
--- a/hosts/nextcloud/nextcloud.nix
+++ b/hosts/nextcloud/nextcloud.nix
@ -41,19 +41,9 @@
    virtualHosts.${config.services.nextcloud.hostName} = {
      forceSSL = true;
      enableACME = true;
-      listen = [
-        { 
-          addr = "localhost";
-          port = 1234;
-        } # workaround for enableACME check
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
      extraConfig = ''
+        listen 0.0.0.0:8443 http2 ssl proxy_protocol;
+
        set_real_ip_from 10.202.41.100;
        real_ip_header proxy_protocol;
      '';
--- a/hosts/nitter/nginx.nix
+++ b/hosts/nitter/nginx.nix
@ -5,18 +5,6 @@
    virtualHosts."birdsite.nekover.se" = {
      forceSSL = true;
      enableACME = true;
-      listen = [
-        { 
-          addr = "localhost";
-          port = 1234;
-        } # workaround for enableACME check
-        {
-          addr = "0.0.0.0";
-          port = 8443;
-          ssl = true;
-          proxyProtocol = true;
-        }
-      ];
      locations."/robots.txt" = {
        return = "200 \"User-agent: *\\nDisallow: /\\n\"";
      };
@ -24,6 +12,12 @@
        proxyPass = "http://${config.services.nitter.server.address}:${builtins.toString config.services.nitter.server.port}";
        proxyWebsockets = true;
      };
+      extraConfig = ''
+        listen 0.0.0.0:8443 http2 ssl proxy_protocol;
+
+        set_real_ip_from 10.202.41.100;
+        real_ip_header proxy_protocol;
+      '';
    };
  };
 }