From b633e0d50f22467c190eb075ff7c9b0117250955 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Sat, 8 Apr 2023 18:17:14 +0300 Subject: [PATCH] fix nginx and add some containers --- machines/Home-Hypervisor/default.nix | 2 + profiles/servers/homepage.nix | 18 +++++++ profiles/servers/it-tools.nix | 8 +++ profiles/servers/nginx.nix | 80 ++++++++++++++++++---------- 4 files changed, 80 insertions(+), 28 deletions(-) create mode 100644 profiles/servers/homepage.nix create mode 100644 profiles/servers/it-tools.nix diff --git a/machines/Home-Hypervisor/default.nix b/machines/Home-Hypervisor/default.nix index 60a914a..02d03f1 100644 --- a/machines/Home-Hypervisor/default.nix +++ b/machines/Home-Hypervisor/default.nix @@ -33,6 +33,8 @@ in { # nixosProfiles.neko-browser nixosProfiles.yandex-db + nixosProfiles.it-tools + nixosProfiles.homepage ]; deviceSpecific.devInfo = { diff --git a/profiles/servers/homepage.nix b/profiles/servers/homepage.nix new file mode 100644 index 0000000..11e4609 --- /dev/null +++ b/profiles/servers/homepage.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +let + nas-path = "/media/nas/containers"; +in { + virtualisation.oci-containers.containers.homepage = { + autoStart = true; + image = "ghcr.io/benphelps/homepage:latest"; + environment = { + PUID = "1000"; + PGID = "100"; + }; + extraOptions = [ "--pull=newer" ]; + ports = [ "127.0.0.1:3000:3000/tcp" ]; + volumes = [ + "${nas-path}/homepage:/app/config" + ]; + }; +} \ No newline at end of file diff --git a/profiles/servers/it-tools.nix b/profiles/servers/it-tools.nix new file mode 100644 index 0000000..e38996d --- /dev/null +++ b/profiles/servers/it-tools.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: { + virtualisation.oci-containers.containers.it-tools = { + autoStart = true; + image = "docker.io/corentinth/it-tools:latest"; + extraOptions = [ "--pull=newer" ]; + ports = [ "127.0.0.1:8070:80/tcp" ]; + }; +} \ No newline at end of file diff --git a/profiles/servers/nginx.nix b/profiles/servers/nginx.nix index e507c5c..b4bd78b 100644 --- a/profiles/servers/nginx.nix +++ b/profiles/servers/nginx.nix @@ -27,9 +27,6 @@ let "/outpost.goauthentik.io" = { extraConfig = '' proxy_pass http://127.0.0.1:9000/outpost.goauthentik.io; - # proxy_pass http://auth.ataraxiadev.com:9000/outpost.goauthentik.io; - # proxy_pass https://auth.ataraxiadev.com/outpost.goauthentik.io; - # ensure the host of this vserver matches your external URL you've configured in authentik proxy_set_header Host $host; proxy_set_header X-Original-URL $scheme://$http_host$request_uri; add_header Set-Cookie $auth_cookie; @@ -77,6 +74,7 @@ in { "lidarr.ataraxiadev.com" "cocalc.ataraxiadev.com" "kavita.ataraxiadev.com" + "tools.ataraxiadev.com" ]; }; }; @@ -101,6 +99,7 @@ in { # add_header X-XSS-Protection "1; mode=block"; # add_header X-Robots-Tag "none"; # add_header X-Content-Type-Options "nosniff"; + ''; virtualHosts = let default = { @@ -121,20 +120,34 @@ in { add_header Referrer-Policy "strict-origin-when-cross-origin"; ''; in { + # "ataraxiadev.com" = default // authentik { + # root = { proxyPass = "http://127.0.0.1:3000"; }; + # rootExtraConfig = '' + # if ($http_origin ~* "^https?://\w*\.?ataraxiadev\.com$") { + # add_header Access-Control-Allow-Origin "$http_origin"; + # } + # '' + proxySettings; + # }; "ataraxiadev.com" = { locations."/" = { - root = "/srv/http/ataraxiadev.com/"; - extraConfig = '' - try_files $uri $uri/ =404; - ''; + proxyPass = "http://127.0.0.1:3000"; + extraConfig = proxySettings; }; - # locations."/.well-known/matrix" = { - # proxyPass = "https://matrix.ataraxiadev.com/.well-known/matrix"; - # extraConfig = '' - # proxy_set_header X-Forwarded-For $remote_addr; - # ''; - # }; } // default; + # "ataraxiadev.com" = { + # locations."/" = { + # root = "/srv/http/ataraxiadev.com/"; + # extraConfig = '' + # try_files $uri $uri/ =404; + # ''; + # }; + # # locations."/.well-known/matrix" = { + # # proxyPass = "https://matrix.ataraxiadev.com/.well-known/matrix"; + # # extraConfig = '' + # # proxy_set_header X-Forwarded-For $remote_addr; + # # ''; + # # }; + # } // default; # "matrix:443" = { # serverAliases = [ # "matrix.ataraxiadev.com" @@ -183,38 +196,38 @@ in { } // default; "vw.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:8812"; + proxyPass = "http://127.0.0.1:8812"; extraConfig = proxySettings; }; locations."/notifications/hub" = { - proxyPass = "http://localhost:3012"; + proxyPass = "http://127.0.0.1:3012"; proxyWebsockets = true; extraConfig = proxySettings; }; locations."/notifications/hub/negotiate" = { - proxyPass = "http://localhost:8812"; + proxyPass = "http://127.0.0.1:8812"; extraConfig = proxySettings; }; } // default; "code.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:6000"; + proxyPass = "http://127.0.0.1:6000"; extraConfig = proxySettings; }; } // default; # "bathist.ataraxiadev.com" = { # locations."/" = { - # proxyPass = "http://localhost:9999"; + # proxyPass = "http://127.0.0.1:9999"; # extraConfig = proxySettings; # }; # } // default; "bathist.ataraxiadev.com" = default // authentik { - root = { proxyPass = "http://localhost:9999"; }; + root = { proxyPass = "http://127.0.0.1:9999"; }; rootExtraConfig = proxySettings; }; "browser.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:8090"; + proxyPass = "http://127.0.0.1:8090"; proxyWebsockets = true; extraConfig = '' proxy_read_timeout 86400; @@ -222,7 +235,7 @@ in { }; } // default; "fb.ataraxiadev.com" = default // authentik { - root = { proxyPass = "http://localhost:3923"; }; + root = { proxyPass = "http://127.0.0.1:3923"; }; rootExtraConfig = '' proxy_redirect off; proxy_http_version 1.1; @@ -234,10 +247,18 @@ in { }; "file.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:8088"; + proxyPass = "http://127.0.0.1:8088"; extraConfig = '' - proxy_read_timeout 3600s; client_max_body_size 0; + proxy_buffer_size 16k; + proxy_busy_buffers_size 16k; + proxy_connect_timeout 36000s; + proxy_max_temp_file_size 102400m; + proxy_read_timeout 36000s; + proxy_request_buffering off; + send_timeout 36000s; + proxy_send_timeout 36000s; + # proxy_buffering off; '' + proxySettings; }; extraConfig = '' @@ -258,6 +279,9 @@ in { extraConfig = proxySettings; }; } // default; + "tools.ataraxiadev.com" = default // authentik { + root = { proxyPass = "http://127.0.0.1:8070"; }; + }; "media-stack" = { serverAliases = [ "jellyfin.ataraxiadev.com" @@ -271,7 +295,7 @@ in { "kavita.ataraxiadev.com" ]; locations."/" = { - proxyPass = "http://localhost:8180"; + proxyPass = "http://127.0.0.1:8180"; proxyWebsockets = true; extraConfig = '' # For Medusa @@ -289,7 +313,7 @@ in { } // default; # "microbin.ataraxiadev.com" = { # locations."/" = { - # proxyPass = "http://localhost:9988"; + # proxyPass = "http://127.0.0.1:9988"; # extraConfig = '' # client_max_body_size 40M; # '' + proxySettings; @@ -297,19 +321,19 @@ in { # } // default; "joplin.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:22300"; + proxyPass = "http://127.0.0.1:22300"; extraConfig = proxySettings; }; } // default; "fsync.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:5000"; + proxyPass = "http://127.0.0.1:5000"; extraConfig = proxySettings; }; } // default; "auth.ataraxiadev.com" = { locations."/" = { - proxyPass = "http://localhost:9000"; + proxyPass = "http://127.0.0.1:9000"; proxyWebsockets = true; extraConfig = proxySettings; };