qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

reverse-proxy: Init new module to simplify nginx reverse proxies

Browse source
This commit is contained in:
Katherina Walshe-Grey 2025-09-16 19:01:56 +01:00
parent 5967974d15
commit 12cfceb2f9
9 changed files with 67 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

1
services/default.nix
View file

@ -5,6 +5,7 @@
./distributed-builds.nix ./distributed-builds.nix
./remote-builder.nix ./remote-builder.nix
./reverse-proxy.nix
./web-redirect.nix ./web-redirect.nix
]; ];
} }

14
services/qenya/actual.nix
View file

@ -13,18 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:5006/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5006/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.actual = { services.actual = {
enable = true; enable = true;

17
services/qenya/audiobookshelf.nix
View file

@ -13,21 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8234/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8234/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.audiobookshelf.enable = true; services.audiobookshelf.enable = true;
services.audiobookshelf.port = 8234; services.audiobookshelf.port = 8234;

20
services/qenya/forgejo.nix
View file

@ -13,22 +13,13 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
fountain.services.reverse-proxy.enable = true;
fountain.services.reverse-proxy.domains.${cfg.domain} = "http://[::1]:3000/";
# TODO: email out # TODO: email out
# TODO: interface customisation # TODO: interface customisation
services = { services.forgejo = {
nginx = {
enable = true;
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://[::1]:3000/";
};
};
};
forgejo = {
enable = true; enable = true;
settings = { settings = {
DEFAULT.APP_NAME = cfg.domain; DEFAULT.APP_NAME = cfg.domain;
@ -50,7 +41,4 @@ in
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
} }

17
services/qenya/headscale.nix
View file

@ -16,21 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32770/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32770/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.headscale = { services.headscale = {
enable = true; enable = true;

15
services/qenya/jellyfin.nix
View file

@ -13,19 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8096/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:8096/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.jellyfin.enable = true; services.jellyfin.enable = true;
}; };
} }

14
services/qenya/navidrome.nix
View file

@ -16,18 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:4533/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:4533/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.navidrome.enable = true; services.navidrome.enable = true;
services.navidrome.settings = { services.navidrome.settings = {

17
services/qenya/owncast.nix
View file

@ -16,21 +16,10 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32769/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32769/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 1935 ]; # 1935 for rtmp networking.firewall.allowedTCPPorts = [ 1935 ]; # for rtmp
services.owncast.enable = true; services.owncast.enable = true;
services.owncast.port = 32769; services.owncast.port = 32769;

33
services/reverse-proxy.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.fountain.services.reverse-proxy;
in
{
options.fountain.services.reverse-proxy = {
enable = mkEnableOption "Module to use nginx as a reverse proxy";
domains = mkOption {
type = types.attrsOf types.str;
description = "Mapping from external domain to internal address";
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = builtins.mapAttrs
(name: value: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = value;
proxyWebsockets = true;
};
})
cfg.domains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}