fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added nginx

Browse source
This commit is contained in:
FredzyW 2024-04-08 17:14:03 +02:00
parent 23dceaa5ba
commit 222fad61ea
8 changed files with 217 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

56
.lego/certificates/wastring.com.crt Normal file
View file

@ -0,0 +1,56 @@
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgISBG3/TJ99rk/zB9SGDddGcNarMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDA0MDgxMzM1MjFaFw0yNDA3MDcxMzM1MjBaMBcxFTATBgNVBAMT
DHdhc3RyaW5nLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGYDgoBG6UM
gtNlAGxE66nSAHpBb/hLQgtRlSzB/hh+C+euZQ7I/c50o2Lg/PznW/hPyVrgUaAe
SN94AN3/OTijggIhMIICHTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGKNQQ1nLOqq
FfBHpfXc7RH4+xWFMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUG
CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3Jn
MCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvMCkGA1UdEQQiMCCC
EGdpdC53YXN0cmluZy5jb22CDHdhc3RyaW5nLmNvbTATBgNVHSAEDDAKMAgGBmeB
DAECATCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ADtTd3U+LbmAToswWwb+QDtn
2E/D9Me9AA0tcm/h+tQXAAABjr4ilgMAAAQDAEcwRQIgSp5OYJdF2myf7mG8G6gw
ZYEZ0D7oXBQBQIItCnprOCYCIQCcrcX1kiyv+annLcJgiHiCOw2vxx75UDx4kRS7
08Ki6gB3AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABjr4ilrYA
AAQDAEgwRgIhAK9A3CVJDnyPZ/VdXKU7ES6Xq6FrhijCS2Qji+7XOIF+AiEA82fk
pXem/CCKJ6BtaYKBHyBeBlnVSDImEOH74DURIlAwDQYJKoZIhvcNAQELBQADggEB
AFTIiTbgKDlmFA1BAbULqVdhR9GNAVH2jNofbhSd+4Zk+B5XE4KP8HOTop7yzQ+u
fnWhakGHPwqH3i5IuF4vokShy4L1TfCihZUf4w45rNt6jpMqLoO0ytmAlDwIAn3e
Ioru3hqm3HXetP3YwISHY31tWkAWOsib375LnIFnvAlsfMuMMg4UQnNrNcmCH1/5
9l3b+fKxN25KlX72Uwi66bsBOpX0utavEtkGS+go1wZ28KLUF2wIKkPGjYGzDbZE
lEXdaQn2ajvf5KAUK8kN41duQziHS9FmQjwHohjYcLHNfaJecFaAlsaesjhxVmeU
JPBVKnmo4F4HSxTnzL1yyhg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

31
.lego/certificates/wastring.com.issuer.crt Normal file
View file

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

5
.lego/certificates/wastring.com.key Normal file
View file

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEII8qtQxul4py8fERm1RRqfg+v0Q5Ew9DBmhUa3hi+OFuoAoGCCqGSM49
AwEHoUQDQgAE0ZgOCgEbpQyC02UAbETrqdIAekFv+EtCC1GVLMH+GH4L565lDsj9
znSjYuD8/Odb+E/JWuBRoB5I33gA3f85OA==
-----END EC PRIVATE KEY-----

99
config/server.nix
View file

@ -1,5 +1,5 @@
# This is your home-manager configuration fileserver # This is your home-manager configuration fileserver
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix) # Use this to configure your home environment (it replaces ~/.config/nixnix)
{ {
inputs, inputs,
lib, lib,
@ -28,66 +28,65 @@
}; };
}; };
home.packages = [ home.packages = with pkgs; [
# System # System
pkgs.arion arion
pkgs.wget wget
pkgs.killall killall
pkgs.gcc gcc
pkgs.gnumake gnumake
pkgs.htop htop
pkgs.openssh openssh
pkgs.xsel xsel
pkgs.unzip unzip
pkgs.nixops_unstable nixops_unstable
pkgs.cmake cmake
pkgs.networkmanager networkmanager
pkgs.fd fd
pkgs.bat bat
unstable.lego
#Terminal #Terminal
pkgs.git git
pkgs.yt-dlp yt-dlp
pkgs.fzf fzf
pkgs.ripgrep ripgrep
#Desktop #Desktop
pkgs.neovim neovim
pkgs.lazygit lazygit
#Dev #Dev
pkgs.python3 python3
pkgs.python311Packages.pip python311Packages.pip
pkgs.ranger ranger
pkgs.python311Packages.pynvim python311Packages.pynvim
pkgs.ueberzugpp ueberzugpp
#LSP #LSP
pkgs.nil nil
pkgs.python311Packages.python-lsp-server python311Packages.python-lsp-server
pkgs.marksman marksman
pkgs.clojure-lsp clojure-lsp
pkgs.omnisharp-roslyn omnisharp-roslyn
pkgs.haskell-language-server haskell-language-server
pkgs.java-language-server java-language-server
pkgs.nodePackages_latest.bash-language-server nodePackages_latest.bash-language-server
pkgs.dockerfile-language-server-nodejs dockerfile-language-server-nodejs
pkgs.yaml-language-server yaml-language-server
pkgs.ansible-language-server ansible-language-server
pkgs.lua-language-server lua-language-server
pkgs.tree-sitter tree-sitter
pkgs.nodejs_21 nodejs_21
pkgs.nodePackages_latest.vls nodePackages_latest.vls
pkgs.nodePackages_latest.volar nodePackages_latest.volar
pkgs.vscode-langservers-extracted vscode-langservers-extracted
#VPN #VPN
pkgs.openvpn openvpn
pkgs.networkmanagerapplet networkmanagerapplet
pkgs.networkmanager-l2tp networkmanager-l2tp
pkgs.strongswan strongswan
pkgs.ansible ansible
]; ];
programs.home-manager.enable = true; programs.home-manager.enable = true;

46
flake.lock generated
View file

@ -92,17 +92,33 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1711668574, "lastModified": 1712439257,
"narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=", "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659", "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1712437997,
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e38d7cb66ea4f7a0eb6681920615dfcc30fc2920",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -113,23 +129,7 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-gaming": "nix-gaming", "nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"unstable": "unstable" "nixpkgs-unstable": "nixpkgs-unstable"
}
},
"unstable": {
"locked": {
"lastModified": 1712439257,
"narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
} }
}, },

19
flake.nix
View file

@ -3,8 +3,8 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
# Home manager # Home manager
home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.url = "github:nix-community/home-manager/release-23.11";
@ -18,11 +18,18 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
unstable,
home-manager, home-manager,
nixpkgs-unstable,
... ...
} @ inputs: let } @ inputs: let
inherit (self) outputs; inherit (self) outputs;
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
};
in { in {
# NixOS configuration entrypoint # NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#your-hostname' # Available through 'nixos-rebuild --flake .#your-hostname'
@ -41,7 +48,11 @@
}; };
server = nixpkgs.lib.nixosSystem { server = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs outputs;}; specialArgs = {inherit inputs outputs;};
modules = [./maskiner/server/configuration.nix]; inherit system;
modules = [
({nixpkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./maskiner/server/configuration.nix
];
}; };
}; };

1
maskiner/server/configuration.nix
View file

@ -25,6 +25,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mergerfs mergerfs
unstable.lego
]; ];
fileSystems."/data" = { fileSystems."/data" = {
fsType = "fuse.mergerfs"; fsType = "fuse.mergerfs";

51
moduler/common/nginx.nix
View file

@ -1,26 +1,49 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
security.acme = { networking.firewall = {
acceptTerms = true; allowedTCPPorts = [ 80 443 ];
email = "fredrik@wastring.com"; };
virtualisation.oci-containers = {
containers = {
"gitea" = {
image = "gitea/gitea:1.15.6-rootless";
ports = [ "3030:3000" ];
};
};
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
# Use recommended settings
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."wastring.com" = { default = true; useACMEHost = "wastring.com"; addSSL = true; locations."/".proxyPass = "http://172.17.0.1:3030/"; };
};
# security.acme.certs."wastring.com" = { # Only allow PFS-enabled ciphers with AES256
# group = "nginx"; # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# domain = "wastring.com";
# dnsProvider = "gandiv5"; # Add any further config to match your needs, e.g.:
# dnsResolver = "1.1.1.1:53"; virtualHosts = let
# dnsPropagationCheck = true; base = locations: {
# credentialsFile = "/home/fw/credentials"; inherit locations;
# };
addSSL = true;
sslCertificateKey = "/home/fw/nix-config/.lego/certificates/wastring.com.key";
sslCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.crt";
# sslTrustedCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.issuer.crt";
};
proxy = port: base {
"/" = {
proxyPass = "http://172.17.0.1:" + toString(port) + "/";
proxyWebsockets = true;
};
};
in {
# Define example.com as reverse-proxied service on 127.0.0.1:3000
"git.wastring.com" = proxy 3030 // { default = true; };
};
};
} }