qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

reverse-proxy: Init new module to simplify nginx reverse proxies

Browse source
This commit is contained in:
Katherina Walshe-Grey 2025-09-16 19:01:56 +01:00
parent 5967974d15
commit 12cfceb2f9
9 changed files with 67 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

1
services/default.nix
View file

@ -5,6 +5,7 @@
./distributed-builds.nix ./distributed-builds.nix
./remote-builder.nix ./remote-builder.nix
./reverse-proxy.nix
./web-redirect.nix ./web-redirect.nix
]; ];
} }

14
services/qenya/actual.nix
View file

@ -13,18 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:5006/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5006/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.actual = { services.actual = {
enable = true; enable = true;

17
services/qenya/audiobookshelf.nix
View file

@ -13,21 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8234/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8234/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.audiobookshelf.enable = true; services.audiobookshelf.enable = true;
services.audiobookshelf.port = 8234; services.audiobookshelf.port = 8234;

52
services/qenya/forgejo.nix
View file

@ -13,44 +13,32 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
fountain.services.reverse-proxy.enable = true;
fountain.services.reverse-proxy.domains.${cfg.domain} = "http://[::1]:3000/";
# TODO: email out # TODO: email out
# TODO: interface customisation # TODO: interface customisation
services = { services.forgejo = {
nginx = { enable = true;
enable = true; settings = {
virtualHosts = { DEFAULT.APP_NAME = cfg.domain;
${cfg.domain} = { cache = {
forceSSL = true; ADAPTER = "twoqueue";
enableACME = true; HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
locations."/".proxyPass = "http://[::1]:3000/";
};
}; };
}; database = {
DB_TYPE = "sqlite3";
forgejo = { SQLITE_JOURNAL_MODE = "WAL";
enable = true;
settings = {
DEFAULT.APP_NAME = cfg.domain;
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
};
database = {
DB_TYPE = "sqlite3";
SQLITE_JOURNAL_MODE = "WAL";
};
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = cfg.domain;
HTTP_PORT = 3000;
ROOT_URL = "https://${cfg.domain}/";
};
service.DISABLE_REGISTRATION = true;
}; };
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = cfg.domain;
HTTP_PORT = 3000;
ROOT_URL = "https://${cfg.domain}/";
};
service.DISABLE_REGISTRATION = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
}; };
} }

17
services/qenya/headscale.nix
View file

@ -16,21 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32770/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32770/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.headscale = { services.headscale = {
enable = true; enable = true;

15
services/qenya/jellyfin.nix
View file

@ -13,19 +13,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:8096/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:8096/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.jellyfin.enable = true; services.jellyfin.enable = true;
}; };
} }

14
services/qenya/navidrome.nix
View file

@ -16,18 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:4533/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:4533/";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.navidrome.enable = true; services.navidrome.enable = true;
services.navidrome.settings = { services.navidrome.settings = {

17
services/qenya/owncast.nix
View file

@ -16,21 +16,10 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.nginx = { fountain.services.reverse-proxy.enable = true;
enable = true; fountain.services.reverse-proxy.domains.${cfg.domain} = "http://127.0.0.1:32769/";
virtualHosts = {
${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32769/";
proxyWebsockets = true;
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 1935 ]; # 1935 for rtmp networking.firewall.allowedTCPPorts = [ 1935 ]; # for rtmp
services.owncast.enable = true; services.owncast.enable = true;
services.owncast.port = 32769; services.owncast.port = 32769;

33
services/reverse-proxy.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption types;
cfg = config.fountain.services.reverse-proxy;
in
{
options.fountain.services.reverse-proxy = {
enable = mkEnableOption "Module to use nginx as a reverse proxy";
domains = mkOption {
type = types.attrsOf types.str;
description = "Mapping from external domain to internal address";
};
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
virtualHosts = builtins.mapAttrs
(name: value: {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = value;
proxyWebsockets = true;
};
})
cfg.domains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}