From 4351e7b40d445ae35ab9f9afe3132028d885e5d8 Mon Sep 17 00:00:00 2001 From: teidesu Date: Sat, 3 Aug 2024 22:33:50 +0300 Subject: [PATCH] fix(koi): improved dns in nginx --- hosts/koi/containers/navidrome/default.nix | 2 +- hosts/koi/containers/pds/default.nix | 2 +- hosts/koi/containers/sharkey/default.nix | 2 +- hosts/koi/containers/teisu.nix | 4 ++-- hosts/koi/containers/torrent.nix | 2 +- hosts/koi/containers/vaultwarden.nix | 2 +- hosts/koi/containers/verdaccio/default.nix | 2 +- hosts/koi/containers/zond/default.nix | 2 +- hosts/koi/services/coredns.nix | 1 + hosts/koi/services/nginx.nix | 8 ++++++++ hosts/koi/vms/hass.nix | 2 +- readme.md | 3 --- 12 files changed, 19 insertions(+), 13 deletions(-) diff --git a/hosts/koi/containers/navidrome/default.nix b/hosts/koi/containers/navidrome/default.nix index ebafe5e..37529e9 100644 --- a/hosts/koi/containers/navidrome/default.nix +++ b/hosts/koi/containers/navidrome/default.nix @@ -43,7 +43,7 @@ in { useACMEHost = "stupid.fish"; locations."/" = { - proxyPass = "http://navidrome.docker:4533/"; + proxyPass = "http://navidrome.docker:4533$request_uri"; extraConfig = '' proxy_buffering off; diff --git a/hosts/koi/containers/pds/default.nix b/hosts/koi/containers/pds/default.nix index bfdaaa2..11c7b00 100644 --- a/hosts/koi/containers/pds/default.nix +++ b/hosts/koi/containers/pds/default.nix @@ -32,7 +32,7 @@ in { ''; locations."/" = { - proxyPass = "http://pds.pds.docker:3000/"; + proxyPass = "http://pds.pds.docker:3000$request_uri"; proxyWebsockets = true; }; }; diff --git a/hosts/koi/containers/sharkey/default.nix b/hosts/koi/containers/sharkey/default.nix index e0d328b..b037835 100644 --- a/hosts/koi/containers/sharkey/default.nix +++ b/hosts/koi/containers/sharkey/default.nix @@ -22,7 +22,7 @@ ''; locations."/" = { - proxyPass = "http://web.sharkey.docker/"; + proxyPass = "http://web.sharkey.docker$request_uri"; proxyWebsockets = true; }; }; diff --git a/hosts/koi/containers/teisu.nix b/hosts/koi/containers/teisu.nix index e7575a3..a958526 100644 --- a/hosts/koi/containers/teisu.nix +++ b/hosts/koi/containers/teisu.nix @@ -37,11 +37,11 @@ in { useACMEHost = "tei.su"; locations."/" = { - proxyPass = "http://teisu.docker:4321/"; + proxyPass = "http://teisu.docker:4321$request_uri"; }; locations."/.well-known/" = { - proxyPass = "http://teisu.docker:4321/.well-known/"; + proxyPass = "http://teisu.docker:4321$request_uri"; extraConfig = '' add_header 'Access-Control-Allow-Origin' '*'; ''; diff --git a/hosts/koi/containers/torrent.nix b/hosts/koi/containers/torrent.nix index ed55156..f017c25 100644 --- a/hosts/koi/containers/torrent.nix +++ b/hosts/koi/containers/torrent.nix @@ -78,7 +78,7 @@ in useACMEHost = "stupid.fish"; locations."/" = { - proxyPass = "http://torrent.containers/"; + proxyPass = "http://torrent.containers$request_uri"; # https://github.com/qbittorrent/qBittorrent/issues/6962 extraConfig = '' diff --git a/hosts/koi/containers/vaultwarden.nix b/hosts/koi/containers/vaultwarden.nix index 54fdb59..fee8428 100644 --- a/hosts/koi/containers/vaultwarden.nix +++ b/hosts/koi/containers/vaultwarden.nix @@ -48,7 +48,7 @@ in { useACMEHost = "tei.su"; locations."/" = { - proxyPass = "http://vault.containers/"; + proxyPass = "http://vault.containers$request_uri"; proxyWebsockets = true; }; }; diff --git a/hosts/koi/containers/verdaccio/default.nix b/hosts/koi/containers/verdaccio/default.nix index 8930f6c..c26b382 100644 --- a/hosts/koi/containers/verdaccio/default.nix +++ b/hosts/koi/containers/verdaccio/default.nix @@ -43,7 +43,7 @@ in { useACMEHost = "tei.su"; locations."/" = { - proxyPass = "http://verdaccio.docker:4873/"; + proxyPass = "http://verdaccio.docker:4873$request_uri"; # https://verdaccio.org/docs/reverse-proxy extraConfig = '' diff --git a/hosts/koi/containers/zond/default.nix b/hosts/koi/containers/zond/default.nix index 60ab5f9..0e7adb8 100644 --- a/hosts/koi/containers/zond/default.nix +++ b/hosts/koi/containers/zond/default.nix @@ -8,7 +8,7 @@ useACMEHost = "tei.su"; locations."/" = { - proxyPass = "http://umami.umami.docker:3000/"; + proxyPass = "http://umami.umami.docker:3000$request_uri"; }; }; } \ No newline at end of file diff --git a/hosts/koi/services/coredns.nix b/hosts/koi/services/coredns.nix index ef3e2d8..dada9b8 100644 --- a/hosts/koi/services/coredns.nix +++ b/hosts/koi/services/coredns.nix @@ -69,6 +69,7 @@ in }; systemd.services.coredns = { + after = [ "docker.service" "docker.socket" ]; serviceConfig = { DynamicUser = pkgs.lib.mkForce false; User = "coredns"; diff --git a/hosts/koi/services/nginx.nix b/hosts/koi/services/nginx.nix index 43b4b3d..22c0315 100644 --- a/hosts/koi/services/nginx.nix +++ b/hosts/koi/services/nginx.nix @@ -58,9 +58,17 @@ in { } ''; + resolver = { + addresses = [ "127.0.0.1" ]; + ipv6 = false; + valid = "30s"; + }; + proxyResolveWhileRunning = true; + # declared in the relevant service nixfiles # virtualHosts = { ... }; }; + systemd.services.nginx.after = [ "coredns.service" ]; security.acme.acceptTerms = true; security.acme.defaults.dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much diff --git a/hosts/koi/vms/hass.nix b/hosts/koi/vms/hass.nix index 2c47f7c..f834d30 100644 --- a/hosts/koi/vms/hass.nix +++ b/hosts/koi/vms/hass.nix @@ -27,7 +27,7 @@ in useACMEHost = "stupid.fish"; locations."/" = { - proxyPass = "http://10.42.0.3:8123/"; + proxyPass = "http://10.42.0.3:8123$request_uri"; proxyWebsockets = true; }; }; diff --git a/readme.md b/readme.md index c27cd9f..7f2b379 100755 --- a/readme.md +++ b/readme.md @@ -20,9 +20,6 @@ note to self on what needs to be installed on the host manually: - `/etc/secureboot/keys` - secure boot keys, generated with `sudo nix-shell -p sbctl --run "sbctl create-keys"` - to enroll fde onto tpm: `sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7` -nginx may not start the first time, its fine, just run `sudo systemctl restart nginx` and it should work. -its likely due to docker containers not resolving yet. todo fix this - ### teidesu-osx `cp /var/run/current-system/Library/Fonts/* /Library/Fonts` - copy nix-managed fonts to system fonts (waiting for [this PR](https://github.com/LnL7/nix-darwin/pull/754))