fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable firewall and migrate Jellyfin to NixOS

Browse source
This commit is contained in:
fi 2023-08-02 22:46:07 +02:00
commit 5c63b5d1a3
Signed by: fi
SSH key fingerprint: SHA256:d+6fQoDPMbSFK95zRVflRKZLRKF4cPSQb7VIxYkhFsA
10 changed files with 78 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts.nix
View file

@ -35,6 +35,7 @@ in
site = "vs"; site = "vs";
}; };
jellyfin = { jellyfin = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
}; };
nitter = { nitter = {
@ -50,4 +51,8 @@ in
hostNixpkgs = nixpkgs-unstable; hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
}; };
web-nonpublic-linuxcrewd = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
};
} }

5
hosts/hydra/configuration.nix
View file

@ -15,7 +15,10 @@
networking = { networking = {
hostName = "hydra"; hostName = "hydra";
firewall.enable = false; firewall = {
enable = true;
allowedTCPPorts = [ 8443 ];
};
}; };
nix = { nix = {

2
hosts/iperf/configuration.nix
View file

@ -7,7 +7,7 @@
networking = { networking = {
hostName = "iperf"; hostName = "iperf";
firewall.enable = false; firewall.enable = true;
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

2
hosts/jellyfin/configuration.nix
View file

@ -9,7 +9,7 @@
hostName = "jellyfin"; hostName = "jellyfin";
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 8443 ];
}; };
}; };

6
hosts/jellyfin/nginx.nix
View file

@ -15,6 +15,12 @@
port = 443; port = 443;
ssl = true; ssl = true;
} }
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
]; ];
locations."= /" = { locations."= /" = {
return = "302 https://$host/web/"; return = "302 https://$host/web/";

5
hosts/tor-relay/configuration.nix
View file

@ -19,7 +19,10 @@
}; };
hostName = "tor-relay"; hostName = "tor-relay";
firewall.enable = false; firewall = {
enable = true;
allowedTCPPorts = [ 9001 9030 ];
};
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

17
hosts/web-nonpublic-linuxcrewd/configuration.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "web-public-2";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
system.stateVersion = "23.05";
}

7
hosts/web-nonpublic-linuxcrewd/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./configuration.nix
./nginx.nix
];
}

29
hosts/web-nonpublic-linuxcrewd/nginx.nix Normal file
View file

@ -0,0 +1,29 @@
{ ... }:
{
services.nginx = {
enable = true;
virtualHosts."_" = {
listen = [{
addr = "0.0.0.0";
port = 80;
}];
locations."/" = {
return = "301 https://$host$request_uri";
};
};
streamConfig = ''
map $ssl_preread_server_name $address {
jellyfin.grzb.de 10.202.46.101:8443;
}
server {
listen 0.0.0.0:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
'';
};
}

5
hosts/web-public-2/configuration.nix
View file

@ -19,7 +19,10 @@
}; };
hostName = "web-public-2"; hostName = "web-public-2";
firewall.enable = false; firewall = {
enable = true;
allowedTCPPorts = [ 80 443 5000 8448 ];
};
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";