william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix mkNginxVHosts usage; fix librespeed proxy; fix vaultwarden proxy

Browse source
This commit is contained in:
William 2025-10-17 08:37:09 -03:00
parent ee1ed3b88e
commit c8f1b3a5e0
5 changed files with 39 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hosts/alexandria/librespeed.nix
View file

@ -1,14 +1,37 @@
{ lib, inputs, ... }: {
config,
lib,
inputs,
...
}:
let let
utils = import ../../utils.nix { inherit inputs lib; }; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts; inherit (utils) mkNginxVHosts;
in in
{ {
systemd.services.init-librespeed-network = {
description = "Create the network bridge for librespeed.";
after = [ "network.target" ];
wantedBy = [ "podman-librespeed.service" ];
serviceConfig.Type = "oneshot";
script = ''
check=$(${config.virtualisation.podman.package}/bin/podman network ls | grep "librespeed" || true)
if [ -z "$check" ]; then
${config.virtualisation.podman.package}/bin/podman network create librespeed
else
echo "librespeed network already exists"
fi
'';
};
virtualisation.oci-containers.containers."librespeed" = { virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest"; image = "lscr.io/linuxserver/librespeed:latest";
environment = { environment = {
TZ = "America/Bahia"; TZ = "America/Bahia";
}; };
networks = [ "librespeed" ];
extraOptions = [ extraOptions = [
"--pull=newer" "--pull=newer"
"--label=io.containers.autoupdate=registry" "--label=io.containers.autoupdate=registry"

4
hosts/alexandria/nextcloud.nix
View file

@ -80,12 +80,12 @@
"nextcloud-secrets.json" = { "nextcloud-secrets.json" = {
file = ../../secrets/nextcloud-secrets.json.age; file = ../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud"; owner = "nextcloud";
group = "hosted"; group = "nextcloud";
}; };
nextcloud-adminpass = { nextcloud-adminpass = {
file = ../../secrets/nextcloud-adminpass.age; file = ../../secrets/nextcloud-adminpass.age;
owner = "nextcloud"; owner = "nextcloud";
group = "hosted"; group = "nextcloud";
}; };
}; };
} }

14
hosts/alexandria/nginx.nix
View file

@ -4,10 +4,12 @@
inputs, inputs,
... ...
}: }:
let let
utils = import ../../utils.nix { inherit inputs lib; }; utils = import ../../utils.nix { inherit inputs lib; };
inherit (utils) mkNginxVHosts; inherit (utils) mkNginxVHosts;
in in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -22,12 +24,6 @@ in
}; };
}; };
age.secrets.cloudflare = {
file = ../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -41,4 +37,10 @@ in
}; };
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
age.secrets.cloudflare = {
file = ../../secrets/cloudflare.age;
owner = "nginx";
group = "nginx";
};
} }

5
hosts/alexandria/vaultwarden.nix
View file

@ -14,13 +14,14 @@ in
config = { config = {
DOMAIN = "https://pass.baduhai.dev"; DOMAIN = "https://pass.baduhai.dev";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 58222;
}; };
}; };
services.nginx.virtualHosts = mkNginxVHosts { services.nginx.virtualHosts = mkNginxVHosts {
acmeHost = "baduhai.dev"; acmeHost = "baduhai.dev";
domains."pass.baduhai.dev".locations."/".proxyPass = domains."pass.baduhai.dev".locations."/".proxyPass =
"http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
}; };
} }

2
utils.nix
View file

@ -1,4 +1,5 @@
{ inputs, lib }: { inputs, lib }:
let let
inherit (inputs) inherit (inputs)
self self
@ -8,6 +9,7 @@ let
agenix agenix
; ;
in in
{ {
# Tag-based host configuration system # Tag-based host configuration system
mkHost = mkHost =