leonliuy/nixos-config-backup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Leon Liu 2024-11-19 05:13:13 +09:00
parent 22c0fd8a46
commit 57788dfbaa
2 changed files with 56 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
configuration.nix
View File

@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
kubeMasterIP = "192.168.11.2"; kubeMasterIP = "192.168.11.2";
@ -25,6 +25,7 @@ in
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./containers.nix ./containers.nix
./nginx.nix
]; ];
nix.settings.trusted-users = [ "root" "liu" ]; nix.settings.trusted-users = [ "root" "liu" ];
@ -125,7 +126,7 @@ in
extraGroups = [ "networkmanager" "wheel" "docker" ]; extraGroups = [ "networkmanager" "wheel" "docker" ];
}; };
users.extraGroups.docker.members = [ "liu" ]; users.extraGroups.docker.members = [ "liu" ];
users.users.nginx.extraGroups = [ "acme" ];
fonts = { fonts = {
fontDir.enable = true; fontDir.enable = true;
enableDefaultPackages = true; enableDefaultPackages = true;
@ -165,7 +166,7 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "root"; User = "root";
ExecStart = "${pkgs.easytier}/bin/easytier-core --file-log-level debug -i 10.144.144.1 --network-name 5b601a6b-fbc0-4c26-b8fb-0b6be0edfbf9 --network-secret d112e133-c80d-4b48-86bc-a2ec83a5e652 -e tcp://oracle-amd-ubuntu-1.ly-dodo.win:11010"; ExecStart = "${pkgs.easytier}/bin/easytier-core --file-log-level debug -i 10.144.144.1 --network-name 5b601a6b-fbc0-4c26-b8fb-0b6be0edfbf9 --network-secret d112e133-c80d-4b48-86bc-a2ec83a5e652 -n 192.168.11.0/24 -e tcp://oracle-amd-ubuntu-1.ly-dodo.win:11010";
# ... # ...
}; };
path = with pkgs; [iptables-legacy iproute2 bash]; path = with pkgs; [iptables-legacy iproute2 bash];
@ -243,6 +244,22 @@ in
openFirewall = true; openFirewall = true;
host = "0.0.0.0"; host = "0.0.0.0";
}; };
security.acme = {
acceptTerms = true;
defaults.email = "leon.liuyang.d@gmail.com";
certs."home.ly-dodo.win" = {
domain = "*.home.ly-dodo.win";
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
environmentFile = "${pkgs.writeText "cloudflare-creds" ''
CLOUDFLARE_DNS_API_TOKEN=2HvBOy8LzwnvssuL4jZxOVlMtHoLP981FJRY2cQF
''}";
};
};
systemd.services.caddy.serviceConfig.EnvironmentFile = ["/opt/caddy/env"];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

35
nginx.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, modulesPath, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
proxy = port: {
forceSSL = true;
useACMEHost = "home.ly-dodo.win";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig =
# required when the target is also TLS server with multiple hosts
# "proxy_ssl_server_name on;" +
# required when the server wants to use HTTP Authentication
"proxy_pass_header Authorization;"
;
};
};
in {
"open-webui.home.ly-dodo.win" = proxy 8080;
"adguard.home.ly-dodo.win" = proxy 8082;
"plex.home.ly-dodo.win" = proxy 32400;
"qbittorrent.home.ly-dodo.win" = proxy 30011;
"paperless.home.ly-dodo.win" = proxy 30012;
};
};
}