diff --git a/homeConfigurations.nix b/homeConfigurations.nix index db44b76..cbd1e6c 100644 --- a/homeConfigurations.nix +++ b/homeConfigurations.nix @@ -1,11 +1,14 @@ { inputs, ... }: + let - utils = import ./utils.nix { inherit inputs; }; - inherit (utils) mkHome; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; + inherit (utils) mkUser; in + { flake.homeConfigurations = { - "user@rotterdam" = mkHome { + "user@rotterdam" = mkUser { username = "user"; tags = [ "btop" @@ -20,7 +23,7 @@ in ]; }; - "user@io" = mkHome { + "user@io" = mkUser { username = "user"; tags = [ "btop" diff --git a/hosts/alexandria/forgejo.nix b/hosts/alexandria/forgejo.nix index 0b9908e..909d1d1 100644 --- a/hosts/alexandria/forgejo.nix +++ b/hosts/alexandria/forgejo.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.forgejo = { enable = true; @@ -18,4 +26,10 @@ actions.ENABLED = false; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + }; } diff --git a/hosts/alexandria/jellyfin.nix b/hosts/alexandria/jellyfin.nix index 87a825f..9555c89 100644 --- a/hosts/alexandria/jellyfin.nix +++ b/hosts/alexandria/jellyfin.nix @@ -1,8 +1,16 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.jellyfin = { enable = true; openFirewall = true; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; } diff --git a/hosts/alexandria/librespeed.nix b/hosts/alexandria/librespeed.nix index 09e4768..79353bd 100644 --- a/hosts/alexandria/librespeed.nix +++ b/hosts/alexandria/librespeed.nix @@ -1,5 +1,8 @@ -{ ... }: - +{ lib, inputs, ... }: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { virtualisation.oci-containers.containers."librespeed" = { image = "lscr.io/linuxserver/librespeed:latest"; @@ -11,4 +14,9 @@ "--label=io.containers.autoupdate=registry" ]; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; + }; } diff --git a/hosts/alexandria/nginx.nix b/hosts/alexandria/nginx.nix index 654035b..192dbda 100644 --- a/hosts/alexandria/nginx.nix +++ b/hosts/alexandria/nginx.nix @@ -1,5 +1,13 @@ -{ config, lib, ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { security.acme = { acceptTerms = true; @@ -26,28 +34,10 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - commonVHostConfig = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - }; - in - lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { - "_".locations."/".return = "444"; - "cloud.baduhai.dev" = { }; - "git.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:8096/"; - "office.baduhai.dev".locations."/" = { - proxyPass = "http://unix:/run/coolwsd/coolwsd.sock"; - proxyWebsockets = true; - }; - "pass.baduhai.dev".locations."/".proxyPass = - "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; - "speedtest.baduhai.dev".locations."/".proxyPass = "http://librespeed:80/"; - }; + virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."_".locations."/".return = "444"; + }; }; users.users.nginx.extraGroups = [ "acme" ]; diff --git a/hosts/alexandria/vaultwarden.nix b/hosts/alexandria/vaultwarden.nix index 058c123..21f7d46 100644 --- a/hosts/alexandria/vaultwarden.nix +++ b/hosts/alexandria/vaultwarden.nix @@ -1,5 +1,13 @@ -{ ... }: - +{ + config, + lib, + inputs, + ... +}: +let + utils = import ../../utils.nix { inherit inputs lib; }; + inherit (utils) mkNginxVHosts; +in { services.vaultwarden = { enable = true; @@ -9,4 +17,10 @@ ROCKET_ADDRESS = "/run/vaultwarden/vaultwarden.sock"; }; }; + + services.nginx.virtualHosts = mkNginxVHosts { + acmeHost = "baduhai.dev"; + domains."pass.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.vaultwarden.config.ROCKET_ADDRESS}:/"; + }; } diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix index 6c9cfb9..16433bd 100644 --- a/nixosConfigurations.nix +++ b/nixosConfigurations.nix @@ -1,6 +1,7 @@ { inputs, ... }: let - utils = import ./utils.nix { inherit inputs; }; + lib = inputs.nixpkgs.lib; + utils = import ./utils.nix { inherit inputs lib; }; inherit (utils) mkHost; in { diff --git a/utils.nix b/utils.nix index 0e51125..7b8e502 100644 --- a/utils.nix +++ b/utils.nix @@ -1,4 +1,4 @@ -{ inputs }: +{ inputs, lib }: let inherit (inputs) self @@ -172,4 +172,19 @@ in } ]; }; + + # Nginx virtual host utilities + mkNginxVHosts = + { + acmeHost, + domains, + }: + let + commonVHostConfig = { + useACMEHost = acmeHost; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) domains; }