teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(koi): improved dns in nginx

Browse source
This commit is contained in:
alina 🌸 2024-08-03 22:33:50 +03:00
parent a194fc64b5
commit 4351e7b40d
Signed by: teidesu
SSH key fingerprint: SHA256:uNeCpw6aTSU4aIObXLvHfLkDa82HWH9EiOj9AXOIRpI
12 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/koi/containers/navidrome/default.nix
View file

@ -43,7 +43,7 @@ in {
useACMEHost = "stupid.fish"; useACMEHost = "stupid.fish";
locations."/" = { locations."/" = {
proxyPass = "http://navidrome.docker:4533/"; proxyPass = "http://navidrome.docker:4533$request_uri";
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;

2
hosts/koi/containers/pds/default.nix
View file

@ -32,7 +32,7 @@ in {
''; '';
locations."/" = { locations."/" = {
proxyPass = "http://pds.pds.docker:3000/"; proxyPass = "http://pds.pds.docker:3000$request_uri";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

2
hosts/koi/containers/sharkey/default.nix
View file

@ -22,7 +22,7 @@
''; '';
locations."/" = { locations."/" = {
proxyPass = "http://web.sharkey.docker/"; proxyPass = "http://web.sharkey.docker$request_uri";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

4
hosts/koi/containers/teisu.nix
View file

@ -37,11 +37,11 @@ in {
useACMEHost = "tei.su"; useACMEHost = "tei.su";
locations."/" = { locations."/" = {
proxyPass = "http://teisu.docker:4321/"; proxyPass = "http://teisu.docker:4321$request_uri";
}; };
locations."/.well-known/" = { locations."/.well-known/" = {
proxyPass = "http://teisu.docker:4321/.well-known/"; proxyPass = "http://teisu.docker:4321$request_uri";
extraConfig = '' extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
''; '';

2
hosts/koi/containers/torrent.nix
View file

@ -78,7 +78,7 @@ in
useACMEHost = "stupid.fish"; useACMEHost = "stupid.fish";
locations."/" = { locations."/" = {
proxyPass = "http://torrent.containers/"; proxyPass = "http://torrent.containers$request_uri";
# https://github.com/qbittorrent/qBittorrent/issues/6962 # https://github.com/qbittorrent/qBittorrent/issues/6962
extraConfig = '' extraConfig = ''

2
hosts/koi/containers/vaultwarden.nix
View file

@ -48,7 +48,7 @@ in {
useACMEHost = "tei.su"; useACMEHost = "tei.su";
locations."/" = { locations."/" = {
proxyPass = "http://vault.containers/"; proxyPass = "http://vault.containers$request_uri";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

2
hosts/koi/containers/verdaccio/default.nix
View file

@ -43,7 +43,7 @@ in {
useACMEHost = "tei.su"; useACMEHost = "tei.su";
locations."/" = { locations."/" = {
proxyPass = "http://verdaccio.docker:4873/"; proxyPass = "http://verdaccio.docker:4873$request_uri";
# https://verdaccio.org/docs/reverse-proxy # https://verdaccio.org/docs/reverse-proxy
extraConfig = '' extraConfig = ''

2
hosts/koi/containers/zond/default.nix
View file

@ -8,7 +8,7 @@
useACMEHost = "tei.su"; useACMEHost = "tei.su";
locations."/" = { locations."/" = {
proxyPass = "http://umami.umami.docker:3000/"; proxyPass = "http://umami.umami.docker:3000$request_uri";
}; };
}; };
} }

1
hosts/koi/services/coredns.nix
View file

@ -69,6 +69,7 @@ in
}; };
systemd.services.coredns = { systemd.services.coredns = {
after = [ "docker.service" "docker.socket" ];
serviceConfig = { serviceConfig = {
DynamicUser = pkgs.lib.mkForce false; DynamicUser = pkgs.lib.mkForce false;
User = "coredns"; User = "coredns";

8
hosts/koi/services/nginx.nix
View file

@ -58,9 +58,17 @@ in {
} }
''; '';
resolver = {
addresses = [ "127.0.0.1" ];
ipv6 = false;
valid = "30s";
};
proxyResolveWhileRunning = true;
# declared in the relevant service nixfiles # declared in the relevant service nixfiles
# virtualHosts = { ... }; # virtualHosts = { ... };
}; };
systemd.services.nginx.after = [ "coredns.service" ];
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much security.acme.defaults.dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much

2
hosts/koi/vms/hass.nix
View file

@ -27,7 +27,7 @@ in
useACMEHost = "stupid.fish"; useACMEHost = "stupid.fish";
locations."/" = { locations."/" = {
proxyPass = "http://10.42.0.3:8123/"; proxyPass = "http://10.42.0.3:8123$request_uri";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

3
readme.md
View file

@ -20,9 +20,6 @@ note to self on what needs to be installed on the host manually:
- `/etc/secureboot/keys` - secure boot keys, generated with `sudo nix-shell -p sbctl --run "sbctl create-keys"` - `/etc/secureboot/keys` - secure boot keys, generated with `sudo nix-shell -p sbctl --run "sbctl create-keys"`
- to enroll fde onto tpm: `sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7` - to enroll fde onto tpm: `sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto --tpm2-pcrs=0+2+7`
nginx may not start the first time, its fine, just run `sudo systemctl restart nginx` and it should work.
its likely due to docker containers not resolving yet. todo fix this
### teidesu-osx ### teidesu-osx
`cp /var/run/current-system/Library/Fonts/* /Library/Fonts` - copy nix-managed fonts to system fonts (waiting for [this PR](https://github.com/LnL7/nix-darwin/pull/754)) `cp /var/run/current-system/Library/Fonts/* /Library/Fonts` - copy nix-managed fonts to system fonts (waiting for [this PR](https://github.com/LnL7/nix-darwin/pull/754))