diff --git a/hosts.nix b/hosts.nix index 4cac023..6118252 100644 --- a/hosts.nix +++ b/hosts.nix @@ -35,6 +35,7 @@ in site = "vs"; }; jellyfin = { + hostNixpkgs = nixpkgs-unstable; site = "vs"; }; nitter = { @@ -50,4 +51,8 @@ in hostNixpkgs = nixpkgs-unstable; site = "vs"; }; + web-nonpublic-linuxcrewd = { + hostNixpkgs = nixpkgs-unstable; + site = "vs"; + }; } diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix index 5596bb5..53a26b0 100644 --- a/hosts/hydra/configuration.nix +++ b/hosts/hydra/configuration.nix @@ -15,7 +15,10 @@ networking = { hostName = "hydra"; - firewall.enable = false; + firewall = { + enable = true; + allowedTCPPorts = [ 8443 ]; + }; }; nix = { diff --git a/hosts/iperf/configuration.nix b/hosts/iperf/configuration.nix index 243344b..b46a7ce 100644 --- a/hosts/iperf/configuration.nix +++ b/hosts/iperf/configuration.nix @@ -7,7 +7,7 @@ networking = { hostName = "iperf"; - firewall.enable = false; + firewall.enable = true; }; system.stateVersion = "23.05"; diff --git a/hosts/jellyfin/configuration.nix b/hosts/jellyfin/configuration.nix index 7d058cd..98624e0 100644 --- a/hosts/jellyfin/configuration.nix +++ b/hosts/jellyfin/configuration.nix @@ -9,7 +9,7 @@ hostName = "jellyfin"; firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ 80 443 8443 ]; }; }; diff --git a/hosts/jellyfin/nginx.nix b/hosts/jellyfin/nginx.nix index 7d70066..04431d5 100644 --- a/hosts/jellyfin/nginx.nix +++ b/hosts/jellyfin/nginx.nix @@ -15,6 +15,12 @@ port = 443; ssl = true; } + { + addr = "0.0.0.0"; + port = 8443; + ssl = true; + proxyProtocol = true; + } ]; locations."= /" = { return = "302 https://$host/web/"; diff --git a/hosts/tor-relay/configuration.nix b/hosts/tor-relay/configuration.nix index 90dbc71..7c2eb84 100644 --- a/hosts/tor-relay/configuration.nix +++ b/hosts/tor-relay/configuration.nix @@ -19,7 +19,10 @@ }; hostName = "tor-relay"; - firewall.enable = false; + firewall = { + enable = true; + allowedTCPPorts = [ 9001 9030 ]; + }; }; system.stateVersion = "23.05"; diff --git a/hosts/web-nonpublic-linuxcrewd/configuration.nix b/hosts/web-nonpublic-linuxcrewd/configuration.nix new file mode 100644 index 0000000..56a3254 --- /dev/null +++ b/hosts/web-nonpublic-linuxcrewd/configuration.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "web-public-2"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + system.stateVersion = "23.05"; +} diff --git a/hosts/web-nonpublic-linuxcrewd/default.nix b/hosts/web-nonpublic-linuxcrewd/default.nix new file mode 100644 index 0000000..3db73ca --- /dev/null +++ b/hosts/web-nonpublic-linuxcrewd/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./nginx.nix + ]; +} diff --git a/hosts/web-nonpublic-linuxcrewd/nginx.nix b/hosts/web-nonpublic-linuxcrewd/nginx.nix new file mode 100644 index 0000000..7d1a420 --- /dev/null +++ b/hosts/web-nonpublic-linuxcrewd/nginx.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + services.nginx = { + enable = true; + + virtualHosts."_" = { + listen = [{ + addr = "0.0.0.0"; + port = 80; + }]; + locations."/" = { + return = "301 https://$host$request_uri"; + }; + }; + + streamConfig = '' + map $ssl_preread_server_name $address { + jellyfin.grzb.de 10.202.46.101:8443; + } + + server { + listen 0.0.0.0:443; + proxy_pass $address; + ssl_preread on; + proxy_protocol on; + } + ''; + }; +} diff --git a/hosts/web-public-2/configuration.nix b/hosts/web-public-2/configuration.nix index 081ca9a..94e74b6 100644 --- a/hosts/web-public-2/configuration.nix +++ b/hosts/web-public-2/configuration.nix @@ -19,7 +19,10 @@ }; hostName = "web-public-2"; - firewall.enable = false; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 5000 8448 ]; + }; }; system.stateVersion = "23.05";