fi/nix-infra
1
2
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: fi:f73990a4278b861ffc5a0077f81b15c0b32f4c24
Branches Tags
fi:main
fi:ikiwiki
fi:mas
..
compare: fi:44215ecfc92054f69f230348071b01639eb050b8
Branches Tags
fi:main
fi:ikiwiki
fi:mas

No commits in common. "f73990a4278b861ffc5a0077f81b15c0b32f4c24" and "44215ecfc92054f69f230348071b01639eb050b8" have entirely different histories.
f73990a427 ... 44215ecfc9

6 changed files with 12 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

25
config/hosts/matrix/nginx.nix
View file

@ -11,17 +11,10 @@
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
proxyProtocol = true;
}
];
locations = {
@ -56,6 +49,8 @@
};
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
real_ip_header proxy_protocol;
@ -69,12 +64,6 @@
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations = {
"/" = {
@ -90,6 +79,8 @@
};
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
real_ip_header proxy_protocol;
@ -103,12 +94,6 @@
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."^~ /livekit/jwt/" = {
proxyPass = "http://localhost:8082/";
@ -118,6 +103,8 @@
proxyWebsockets = true;
};
extraConfig = ''
listen 0.0.0.0:8443 http2 ssl proxy_protocol;
set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
real_ip_header proxy_protocol;

2
config/hosts/valkyrie/configuration.nix
View file

@ -7,7 +7,7 @@
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 8448 ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 51820 51821 51822 51824 51827 51828 51829 51830 ];
};
wireguard = {

5
config/hosts/valkyrie/nginx.nix
View file

@ -58,11 +58,6 @@
ssl_preread on;
proxy_protocol on;
}
server {
listen [::]:8448;
proxy_pass 10.202.41.112:8448; # matrix federation port
proxy_protocol on;
}
'';
};
}

2
config/hosts/web-public-2/configuration.nix
View file

@ -21,7 +21,7 @@
hostName = "web-public-2";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 5000 8443 8448 ];
allowedTCPPorts = [ 80 443 5000 8448 ];
};
};

11
config/hosts/web-public-2/nginx.nix
View file

@ -17,8 +17,8 @@
stream {
map $ssl_preread_server_name $address {
cloud.nekover.se 10.202.41.122:8443;
element.nekover.se 10.202.41.100:8443;
element-admin.nekover.se 10.202.41.100:8443;
element.nekover.se 127.0.0.1:8443;
element-admin.nekover.se 127.0.0.1:8443;
fi.nekover.se 10.202.41.125:8443;
git.nekover.se 10.202.41.106:8443;
hydra.nekover.se 10.202.41.121:8443;
@ -26,7 +26,7 @@
mas.nekover.se 10.202.41.112:8443;
matrix.nekover.se 10.202.41.112:8443;
matrix-rtc.nekover.se 10.202.41.112:8443;
nekover.se 10.202.41.100:8443;
nekover.se 127.0.0.1:8443;
mesh.nekover.se 10.202.41.126:8443;
nix-cache.nekover.se 10.202.41.121:8443;
searx.nekover.se 10.202.41.105:8443;
@ -38,11 +38,6 @@
ssl_preread on;
proxy_protocol on;
}
server {
listen 0.0.0.0:8448;
proxy_pass 10.202.41.112:8448; # matrix federation port
proxy_protocol on;
}
}
'';

2
config/hosts/web-public-2/virtualHosts/nekover.se.nix
View file

@ -4,7 +4,7 @@
forceSSL = true;
enableACME = true;
listen = [{
addr = "0.0.0.0";
addr = "localhost";
port = 8443;
ssl = true;
extraParameters = ["proxy_protocol"];