emily/nixfiles
emily/nixfiles
1
0
Fork 1
Code Issues Pull requests Activity

added jellyfin

Browse source
This commit is contained in:
emily 2024-01-17 15:49:17 +01:00
parent af460cad2e
commit 8fcd52c9f9
Signed by: emily
GPG key ID: F6F4C66207FCF995
3 changed files with 78 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/hosts/crime/configuration.nix
View file

@ -1,5 +1,6 @@
{ config, pkgs, ... }: {
imports = [
./nginx.nix
../../common
../../common-lxc.nix
../../common-nginx.nix
@ -15,4 +16,6 @@
"2a0f:be01:0:100::1337/128"
];
};
services.jellyfin.enable = true;
}

70
config/hosts/crime/nginx.nix Normal file
View file

@ -0,0 +1,70 @@
{ config, pkgs, ... }:
let
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
proxyConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
jellyAddr = "[::1]";
jellyWeb = {
forceSSl = true;
http3 = true;
quic = true;
inherit extraConfig;
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://${jellyAddr}:8096";
extraConfig = ''
${proxyConfig}
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://${jellyAddr}:8096/web/index.html"
extraConfig = proxyConfig;
};
"/socket" = {
proxyPass = "http://${jellyAddr}:8096"
proxyWebsockets = true;
extraConfig = proxyConfig;
};
};
};
in {
services.nginx = {
virtualHosts = {
"fentanyl.trade" = jellyWeb // {
enableACME = true;
};
"frotti.ng" = jellyWeb // {
useACMEHost = "fentanyl.trade";
};
};
createHost = {
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
"redirect" = {
default = true;
reuseport = true;
useACMEHost = "fentanyl.trade";
extraConfig = ''
return 403;
'';
};
};
};
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
};
}

10
config/hosts/web-dus/configuration.nix
View file

@ -29,7 +29,7 @@ in {
};
services.vyosBld = {
enable = true;
output = "/nix/var/www/kyouma.net/vyos";
output = "/var/www/kyouma.net/vyos";
buildFlags = {
architecture = "amd64";
build-by = "noc@kyouma.net";
@ -57,7 +57,7 @@ in {
"miau.zip" = { root = kyouma-www.default; };
"www.miau.zip" = { redirectTo = "miau.zip"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
"emily.cat" = { root = "/nix/var/www/emily.cat/_site"; };
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
"www.emily.cat" = { redirectTo = "kyouma.net"; };
"www.cocaine.trade" = { redirectTo = "cocaine.trade"; };
@ -70,7 +70,7 @@ in {
'';
};
"cocaine.trade" = {
root = "/nix/var/www/basti/cocaine.trade";
root = "/var/www/basti/cocaine.trade";
extraConfig = ''error_page 404 /404.html;'';
locations."/" = {
index = "index.html";
@ -80,7 +80,7 @@ in {
};
"files.cocaine.trade" = {
useACMEHost = "cocaine.trade";
root = "/nix/var/www/basti/files.cocaine.trade";
root = "/var/www/basti/files.cocaine.trade";
locations."/".extraConfig = autoIndex;
};
"kyouma.net" = {
@ -92,7 +92,7 @@ in {
extraConfig = autoIndex;
};
"/ihk/" = {
root = "/nix/var/www/kyouma.net/ihk";
root = "/var/www/kyouma.net/ihk";
extraConfig = autoIndex;
};
};