diff --git a/systems/etna/dendrite.nix b/systems/etna/dendrite.nix index f266807..5f3597b 100644 --- a/systems/etna/dendrite.nix +++ b/systems/etna/dendrite.nix @@ -91,5 +91,35 @@ in } ]; }; + + nginx.virtualHosts."m.uku.moe".locations = + let + server = { + "m.server" = "m.uku.moe:443"; + }; + client = { + "m.homeserver"."base_url" = "https://m.uku.moe"; + }; + in + { + "=/.well-known/matrix/server" = { + return = "200 '${builtins.toJSON server}'"; + }; + + "=/.well-known/matrix/client" = { + return = "200 '${builtins.toJSON client}'"; + }; + + "/" = { + proxyPass = "http://localhost:8008"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_read_timeout 600; + client_max_body_size 100M; + ''; + }; + }; }; } diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index ee534c1..30bf9fa 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -20,6 +20,8 @@ in { imports = [ secrets.generate ]; + cfTunnels."git.uku3lig.net" = "http://localhost:3000"; + services = { forgejo = { enable = true; @@ -40,11 +42,9 @@ in server = { ROOT_URL = "https://git.uku3lig.net"; - HTTP_ADDR = "0.0.0.0"; - HTTP_PORT = 3000; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; - SSH_DOMAIN = "git.uku3lig.net"; + SSH_DOMAIN = "ssh.uku.moe"; SSH_LISTEN_PORT = 2222; }; @@ -120,7 +120,7 @@ in name = "forgejo-ssh"; type = "tcp"; localIp = "127.0.0.1"; - localPort = config.services.forgejo.settings.server.SSH_LISTEN_PORT; + localPort = 2222; remotePort = 22; } ]; diff --git a/systems/etna/immich.nix b/systems/etna/immich.nix index 33c4675..ececb10 100644 --- a/systems/etna/immich.nix +++ b/systems/etna/immich.nix @@ -1,7 +1,12 @@ +{ config, _utils, ... }: +let + frp = _utils.mkFrpPassthrough "immich" config.services.immich.port; +in { + imports = [ frp ]; + services.immich = { enable = true; - host = "0.0.0.0"; settings = null; mediaLocation = "/data/immich"; diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix index 41cde41..cf0e458 100644 --- a/systems/vesuvio/default.nix +++ b/systems/vesuvio/default.nix @@ -16,6 +16,7 @@ ]; services = { + nginx.enable = true; openssh = { ports = [ 4269 ]; openFirewall = true; diff --git a/systems/vesuvio/nginx.nix b/systems/vesuvio/nginx.nix index 57ef76f..e8c40b2 100644 --- a/systems/vesuvio/nginx.nix +++ b/systems/vesuvio/nginx.nix @@ -1,92 +1,52 @@ { - services.nginx = { - enable = true; - virtualHosts = { - # default server - "vps.uku3lig.net" = { - default = true; - addSSL = true; - enableACME = true; - locations."/".return = "404"; + services.nginx.virtualHosts = { + # default server + "vps.uku3lig.net" = { + default = true; + addSSL = true; + enableACME = true; + locations."/".return = "404"; + }; + + # immich + "im.uku.moe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:2283"; + proxyWebsockets = true; }; - # immich - "im.uku.moe" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://etna:2283"; - proxyWebsockets = true; - }; + extraConfig = '' + client_max_body_size 5000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + }; - extraConfig = '' - client_max_body_size 5000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - - # dendrite - "m.uku.moe" = { - forceSSL = true; - enableACME = true; - locations = - let - server = { - "m.server" = "m.uku.moe:443"; - }; - client = { - "m.homeserver"."base_url" = "https://m.uku.moe"; - }; - in - { - "=/.well-known/matrix/server" = { - return = "200 '${builtins.toJSON server}'"; - }; - - "=/.well-known/matrix/client" = { - return = "200 '${builtins.toJSON client}'"; - }; - - "/" = { - proxyPass = "http://etna:8008"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; - client_max_body_size 100M; - ''; - }; - }; - }; - - "zipline.uku3lig.net" = { - serverAliases = [ "v.uku.moe" ]; - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://etna:3001"; - recommendedProxySettings = true; - }; - - extraConfig = '' - client_max_body_size 1000M; - ''; - }; - - "git.uku3lig.net" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://etna:3000"; - recommendedProxySettings = true; - }; + # dendrite + "m.uku.moe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:80"; + recommendedProxySettings = true; }; }; - }; - # we depend on etna, which makes nginx fail if it's started before tailscale - systemd.services.nginx.after = [ "tailscaled.service" ]; + "zipline.uku3lig.net" = { + serverAliases = [ "v.uku.moe" ]; + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:3001"; + recommendedProxySettings = true; + }; + + extraConfig = '' + client_max_body_size 1000M; + ''; + }; + }; }