jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: moved reverse proxy into own section in server modules

Browse source
This commit is contained in:
Leyla Becker 2025-09-14 22:10:57 -05:00
parent 663bdcc012
commit 52801b4bb7
7 changed files with 142 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/nixos-modules/server/actual.nix
View file

@ -18,11 +18,6 @@ in {
systemd.tmpfiles.rules = [
"d ${dataDirectory} 2770 actual actual"
];
host = {
reverse_proxy.subdomains.${config.services.actual.subdomain} = {
target = "http://localhost:${toString config.services.actual.settings.port}";
};
};
services.actual = {
settings = {
@ -30,6 +25,13 @@ in {
};
};
}
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.${config.services.actual.subdomain} = {
target = "http://localhost:${toString config.services.actual.settings.port}";
};
};
})
(lib.mkIf config.services.fail2ban.enable {
# TODO: configuration for fail2ban for actual
})

10
modules/nixos-modules/server/forgejo.nix
View file

@ -26,9 +26,6 @@ in {
}
];
host = {
reverse_proxy.subdomains.${config.services.forgejo.subdomain} = {
target = "http://localhost:${toString forgejoPort}";
};
postgres = {
enable = true;
extraUsers = {
@ -76,6 +73,13 @@ in {
config.services.forgejo.settings.server.SSH_LISTEN_PORT
];
}
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.${config.services.forgejo.subdomain} = {
target = "http://localhost:${toString forgejoPort}";
};
};
})
(lib.mkIf config.services.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable (

37
modules/nixos-modules/server/home-assistant.nix
View file

@ -43,24 +43,6 @@ in {
config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [
{
host = {
reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = {
target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
add_header Upgrade $http_upgrade;
add_header Connection \"upgrade\";
proxy_buffering off;
proxy_read_timeout 90;
'';
};
};
services.home-assistant = {
configDir = configDir;
extraComponents = [
@ -173,6 +155,25 @@ in {
];
};
})
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = {
target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
add_header Upgrade $http_upgrade;
add_header Connection \"upgrade\";
proxy_buffering off;
proxy_read_timeout 90;
'';
};
};
})
(lib.mkIf config.services.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable (

38
modules/nixos-modules/server/immich.nix
View file

@ -17,23 +17,6 @@ in {
config = lib.mkIf config.services.immich.enable (lib.mkMerge [
{
host = {
reverse_proxy.subdomains.${config.services.immich.subdomain} = {
target = "http://localhost:${toString config.services.immich.port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
# allow large file uploads
client_max_body_size 50000M;
# set timeout
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
proxy_redirect off;
'';
};
postgres = {
enable = true;
extraUsers = {
@ -53,6 +36,27 @@ in {
];
};
}
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.${config.services.immich.subdomain} = {
target = "http://localhost:${toString config.services.immich.port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
# allow large file uploads
client_max_body_size 50000M;
# set timeout
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
proxy_redirect off;
'';
};
};
})
(lib.mkIf config.services.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable (

28
modules/nixos-modules/server/jellyfin.nix
View file

@ -30,6 +30,20 @@ in {
config = lib.mkIf config.services.jellyfin.enable (
lib.mkMerge [
{
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort];
systemd.tmpfiles.rules = [
"d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media"
"A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-"
];
}
(lib.mkIf config.host.reverse_proxy.enable {
host.reverse_proxy.subdomains.jellyfin = {
target = "http://localhost:${toString jellyfinPort}";
@ -45,19 +59,7 @@ in {
proxy_buffering off;
'';
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort];
systemd.tmpfiles.rules = [
"d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media"
"A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-"
];
}
})
(lib.mkIf config.services.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/jellyfin.local".text = (

26
modules/nixos-modules/server/paperless.nix
View file

@ -24,17 +24,6 @@ in {
config = lib.mkIf config.services.paperless.enable (lib.mkMerge [
{
host = {
reverse_proxy.subdomains.${config.services.paperless.subdomain} = {
target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
# allow large file uploads
client_max_body_size 50000M;
'';
};
postgres = {
enable = true;
extraUsers = {
@ -61,6 +50,21 @@ in {
};
};
}
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.${config.services.paperless.subdomain} = {
target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}";
websockets.enable = true;
forwardHeaders.enable = true;
extraConfig = ''
# allow large file uploads
client_max_body_size 50000M;
'';
};
};
})
(lib.mkIf config.services.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/paperless.local".text = (

22
modules/nixos-modules/server/searx.nix
View file

@ -12,18 +12,14 @@
};
};
config = lib.mkIf config.services.searx.enable {
config = lib.mkIf config.services.searx.enable (
lib.mkMerge [
{
sops.secrets = {
"services/searx" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
};
host = {
reverse_proxy.subdomains.searx = {
subdomain = config.services.searx.subdomain;
target = "http://localhost:${toString config.services.searx.settings.server.port}";
};
};
services.searx = {
environmentFile = config.sops.secrets."services/searx".path;
@ -68,5 +64,15 @@
];
};
};
};
}
(lib.mkIf config.host.reverse_proxy.enable {
host = {
reverse_proxy.subdomains.searx = {
subdomain = config.services.searx.subdomain;
target = "http://localhost:${toString config.services.searx.settings.server.port}";
};
};
})
]
);
}