Enable firewall and migrate Jellyfin to NixOS

2023-08-02 22:46:07 +02:00 · 2023-08-02 22:46:07 +02:00 · 5c63b5d1a3
commit 5c63b5d1a3
parent 693c6da88a
10 changed files with 78 additions and 5 deletions
--- a/hosts/web-nonpublic-linuxcrewd/configuration.nix
+++ b/hosts/web-nonpublic-linuxcrewd/configuration.nix
@ -0,0 +1,17 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "web-public-2";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
--- a/hosts/web-nonpublic-linuxcrewd/default.nix
+++ b/hosts/web-nonpublic-linuxcrewd/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./nginx.nix
+  ];
+}
--- a/hosts/web-nonpublic-linuxcrewd/nginx.nix
+++ b/hosts/web-nonpublic-linuxcrewd/nginx.nix
@ -0,0 +1,29 @@
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+
+    virtualHosts."_" = {
+      listen = [{
+          addr = "0.0.0.0";
+          port = 80;
+      }];
+      locations."/" = {
+        return = "301 https://$host$request_uri";
+      };
+    };
+
+    streamConfig = ''
+      map $ssl_preread_server_name $address {
+        jellyfin.grzb.de 10.202.46.101:8443;
+      }
+
+      server {
+        listen 0.0.0.0:443;
+        proxy_pass $address;
+        ssl_preread on;
+        proxy_protocol on;
+      }
+    '';
+  };
+}