From 389f6b2e10995b19af7cc5d7ba2d3f963dc22db5 Mon Sep 17 00:00:00 2001 From: uku Date: Mon, 30 Jun 2025 12:14:40 +0200 Subject: [PATCH 1/2] chore(vesuvio): change nginx config a bit --- systems/etna/dendrite.nix | 30 --------- systems/etna/immich.nix | 7 +-- systems/vesuvio/default.nix | 1 - systems/vesuvio/nginx.nix | 117 +++++++++++++++++++++++------------- 4 files changed, 75 insertions(+), 80 deletions(-) diff --git a/systems/etna/dendrite.nix b/systems/etna/dendrite.nix index 5f3597b..f266807 100644 --- a/systems/etna/dendrite.nix +++ b/systems/etna/dendrite.nix @@ -91,35 +91,5 @@ in } ]; }; - - nginx.virtualHosts."m.uku.moe".locations = - let - server = { - "m.server" = "m.uku.moe:443"; - }; - client = { - "m.homeserver"."base_url" = "https://m.uku.moe"; - }; - in - { - "=/.well-known/matrix/server" = { - return = "200 '${builtins.toJSON server}'"; - }; - - "=/.well-known/matrix/client" = { - return = "200 '${builtins.toJSON client}'"; - }; - - "/" = { - proxyPass = "http://localhost:8008"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_read_timeout 600; - client_max_body_size 100M; - ''; - }; - }; }; } diff --git a/systems/etna/immich.nix b/systems/etna/immich.nix index ececb10..33c4675 100644 --- a/systems/etna/immich.nix +++ b/systems/etna/immich.nix @@ -1,12 +1,7 @@ -{ config, _utils, ... }: -let - frp = _utils.mkFrpPassthrough "immich" config.services.immich.port; -in { - imports = [ frp ]; - services.immich = { enable = true; + host = "0.0.0.0"; settings = null; mediaLocation = "/data/immich"; diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix index cf0e458..41cde41 100644 --- a/systems/vesuvio/default.nix +++ b/systems/vesuvio/default.nix @@ -16,7 +16,6 @@ ]; services = { - nginx.enable = true; openssh = { ports = [ 4269 ]; openFirewall = true; diff --git a/systems/vesuvio/nginx.nix b/systems/vesuvio/nginx.nix index e8c40b2..74d7033 100644 --- a/systems/vesuvio/nginx.nix +++ b/systems/vesuvio/nginx.nix @@ -1,52 +1,83 @@ { - services.nginx.virtualHosts = { - # default server - "vps.uku3lig.net" = { - default = true; - addSSL = true; - enableACME = true; - locations."/".return = "404"; - }; - - # immich - "im.uku.moe" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:2283"; - proxyWebsockets = true; + services.nginx = { + enable = true; + virtualHosts = { + # default server + "vps.uku3lig.net" = { + default = true; + addSSL = true; + enableACME = true; + locations."/".return = "404"; }; - extraConfig = '' - client_max_body_size 5000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; + # immich + "im.uku.moe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:2283"; + proxyWebsockets = true; + }; - # dendrite - "m.uku.moe" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://etna:80"; - recommendedProxySettings = true; - }; - }; - - "zipline.uku3lig.net" = { - serverAliases = [ "v.uku.moe" ]; - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://etna:3001"; - recommendedProxySettings = true; + extraConfig = '' + client_max_body_size 5000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; }; - extraConfig = '' - client_max_body_size 1000M; - ''; + # dendrite + "m.uku.moe" = { + forceSSL = true; + enableACME = true; + locations = + let + server = { + "m.server" = "m.uku.moe:443"; + }; + client = { + "m.homeserver"."base_url" = "https://m.uku.moe"; + }; + in + { + "=/.well-known/matrix/server" = { + return = "200 '${builtins.toJSON server}'"; + }; + + "=/.well-known/matrix/client" = { + return = "200 '${builtins.toJSON client}'"; + }; + + "/" = { + proxyPass = "http://etna:8008"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_read_timeout 600; + client_max_body_size 100M; + ''; + }; + }; + }; + + "zipline.uku3lig.net" = { + serverAliases = [ "v.uku.moe" ]; + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:3001"; + recommendedProxySettings = true; + }; + + extraConfig = '' + client_max_body_size 1000M; + ''; + }; }; }; + + # we depend on etna, which makes nginx fail if it's started before tailscale + systemd.services.nginx.after = [ "tailscaled.service" ]; } From 5e171d9c06b56630424cc96424ac1eeb7b6654e9 Mon Sep 17 00:00:00 2001 From: uku Date: Mon, 30 Jun 2025 12:26:19 +0200 Subject: [PATCH 2/2] fix(etna): switch forgejo to vesuvio proxy ssh url now matches https!!! yay!!! --- systems/etna/forgejo.nix | 8 ++++---- systems/vesuvio/nginx.nix | 9 +++++++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix index 30bf9fa..ee534c1 100644 --- a/systems/etna/forgejo.nix +++ b/systems/etna/forgejo.nix @@ -20,8 +20,6 @@ in { imports = [ secrets.generate ]; - cfTunnels."git.uku3lig.net" = "http://localhost:3000"; - services = { forgejo = { enable = true; @@ -42,9 +40,11 @@ in server = { ROOT_URL = "https://git.uku3lig.net"; + HTTP_ADDR = "0.0.0.0"; + HTTP_PORT = 3000; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; - SSH_DOMAIN = "ssh.uku.moe"; + SSH_DOMAIN = "git.uku3lig.net"; SSH_LISTEN_PORT = 2222; }; @@ -120,7 +120,7 @@ in name = "forgejo-ssh"; type = "tcp"; localIp = "127.0.0.1"; - localPort = 2222; + localPort = config.services.forgejo.settings.server.SSH_LISTEN_PORT; remotePort = 22; } ]; diff --git a/systems/vesuvio/nginx.nix b/systems/vesuvio/nginx.nix index 74d7033..57ef76f 100644 --- a/systems/vesuvio/nginx.nix +++ b/systems/vesuvio/nginx.nix @@ -75,6 +75,15 @@ client_max_body_size 1000M; ''; }; + + "git.uku3lig.net" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://etna:3000"; + recommendedProxySettings = true; + }; + }; }; };