From 51b6a62f912c1341728e96de56e9b8b9ca15b6cd Mon Sep 17 00:00:00 2001 From: William Date: Thu, 16 Oct 2025 19:36:46 -0300 Subject: [PATCH] new mkNginxVHosts function --- homeConfigurations.nix | 3 +- hosts/alexandria/dav.nix | 49 +++++++++++++--------------- hosts/alexandria/forgejo.nix | 18 +++++++++-- hosts/alexandria/jellyfin.nix | 12 +++++-- hosts/alexandria/librespeed.nix | 12 +++++-- hosts/alexandria/nginx.nix | 55 ++++++++------------------------ hosts/alexandria/vaultwarden.nix | 18 +++++++++-- nixosConfigurations.nix | 3 +- utils.nix | 17 +++++++++- 9 files changed, 109 insertions(+), 78 deletions(-) diff --git a/homeConfigurations.nix b/homeConfigurations.nix index 3d3a950..112783f 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkUser; in { diff --git a/hosts/alexandria/dav.nix b/hosts/alexandria/dav.nix index 8cb510f..a300e84 100644 --- a/hosts/alexandria/dav.nix +++ b/hosts/alexandria/dav.nix @@ -1,7 +1,7 @@ { lib, inputs, ... }: let - utils = import ../../utils.nix { inherit inputs; }; - inherit (utils) mkNginxVhosts; + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; rclone-webdav-start = pkgs.writeShellScript "rclone-webdav-start.sh" '' #!/bin/bash @@ -46,31 +46,28 @@ let in { services = { - nginx.virtualHosts = mkNginxVhosts { - inherit lib; + nginx.virtualHosts = mkNginxVHosts { acmeHost = "baduhai.dev"; - domains = { - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; - proxy_buffering off; - proxy_request_buffering off; - ''; - }; + domains."dav.baduhai.dev".locations = { + "/caldav" = { + proxyPass = "http://unix:/run/radicale/radicale.sock:/"; + extraConfig = '' + proxy_set_header X-Script-Name /caldav; + proxy_pass_header Authorization; + ''; + }; + "/webdav" = { + proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; + extraConfig = '' + proxy_set_header X-Script-Name /webdav; + proxy_pass_header Authorization; + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; + client_max_body_size 10G; + proxy_buffering off; + proxy_request_buffering off; + ''; }; }; }; diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 0b9908e..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.forgejo = { enable = true; @@ -18,4 +26,10 @@ actions.ENABLED = false; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 87a825f..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -1,8 +1,16 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.jellyfin = { enable = true; openFirewall = true; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 09e4768..79353bd 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,5 +1,8 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; @@ -11,4 +14,9 @@ "--label=io.containers.autoupdate=registry" ]; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 8c20d5d..192dbda 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -1,5 +1,13 @@ -{ config, lib, ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { security.acme = { acceptTerms = true; @@ -26,45 +34,10 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "dav.baduhai.dev".locations = { - "/caldav" = { - proxyPass = "http://unix:/run/radicale/radicale.sock:/"; - extraConfig = '' - proxy_set_header X-Script-Name /caldav; - proxy_pass_header Authorization; - ''; - }; - "/webdav" = { - proxyPass = "http://unix:/run/rclone-webdav/webdav.sock:/webdav/"; - extraConfig = '' - proxy_set_header X-Script-Name /webdav; - proxy_pass_header Authorization; - proxy_connect_timeout 300; # Increase timeouts for large file uploads - proxy_send_timeout 300; - proxy_read_timeout 300; - client_max_body_size 10G; # Allow large file uploads - proxy_buffering off; # Buffer settings for better performance - proxy_request_buffering off; - ''; - }; - }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - "pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; - }; + virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."_".locations."/".return = "444"; + }; }; users.users.nginx.extraGroups = [ "acme" ]; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 058c123..21f7d46 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.vaultwarden = { enable = true; @@ -9,4 +17,10 @@ ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 65a9e14..f32f422 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkHost; in { diff --git a/utils.nix b/utils.nix index e56e3c2..f25a821 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,4 @@ -{ inputs }: +{ inputs, lib }: let inherit (inputs) self @@ -172,4 +172,19 @@ in } ]; }; + + # Nginx virtual host utilities + mkNginxVHosts = + { + acmeHost, + domains, + }: + let + commonVHostConfig = { + useACMEHost = acmeHost; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; }