Project-A/project-flake
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added aqore-nix & changed nginx settings ebat ego v rot

Browse source
This commit is contained in:
emptyynes 2025-09-24 16:59:35 +07:00
parent 032a5f4b04
commit 7e2f7a341a
24 changed files with 573 additions and 90 deletions
Download patch file Download diff file Expand all files Collapse all files

5
servers/artemisia/nginx.nix
View file

@ -6,8 +6,6 @@
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 444;
virtualHosts = {
@ -39,9 +37,6 @@
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 30s;
proxy_timeout 1h;
proxy_buffer_size 64k;
}
'';
};

2
servers/common/main.nix
View file

@ -12,5 +12,5 @@
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.settings.trusted-users = [ "root" "@wheel" ];
}

5
servers/mio/nginx.nix
View file

@ -6,8 +6,6 @@
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 444;
streamConfig = ''
@ -28,9 +26,6 @@
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 30s;
proxy_timeout 1h;
proxy_buffer_size 64k;
}
'';
};

2
servers/reine/firewall.nix
View file

@ -1,5 +1,5 @@
{config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

4
servers/reine/main.nix
View file

@ -4,7 +4,7 @@
imports = [
./hardware-configuration.nix
./jellyfin.nix
./traefik.nix
./nginx.nix
./firewall.nix
];
networking.hostName = "reine";
@ -21,4 +21,4 @@
hardware.amdgpu.overdrive.ppfeaturemask = "0xffffffff";
environment.systemPackages = with pkgs; [ clinfo mesa.opencl ];
system.stateVersion = "25.05";
}
}

23
servers/reine/nginx.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
{
security.acme.defaults.email = "porject-a@project-a.space";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 443;
virtualHosts = {
"affine.project-a.space" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3010";
};
};
};
};
}

66
servers/reine/traefik.nix
View file

@ -1,66 +0,0 @@
{ config, pkgs, ... }:
{
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
http.tls = {
certResolver = "letsencrypt";
};
};
};
api = {
dashboard = false;
insecure = false; # Включить только для отладки, лучше использовать безопасный доступ
};
certificatesResolvers.letsencrypt.acme = {
email = "luc_ren@blnt-cult.ru";
storage = "${config.services.traefik.dataDir}/acme.json";
httpChallenge.entryPoint = "web";
};
};
dynamicConfigOptions = {
http = {
routers = {
jellyfin = {
rule = "Host(`jellyfin.project-a.space`)";
service = "jellyfin";
entryPoints = ["websecure"];
tls = {
certResolver = "letsencrypt";
};
};
jellyseerr = {
rule = "Host(`jellyseerr.project-a.space`)";
service = "jellyseerr";
entryPoints = ["websecure"];
tls = {
certResolver = "letsencrypt";
};
};
};
services = {
jellyfin.loadBalancer.servers = [
{ url = "http://127.0.0.1:8096"; }
];
jellyseerr.loadBalancer.servers = [
{ url = "http://127.0.0.1:5055"; }
];
};
};
};
};
}

5
servers/vanessa/nginx.nix
View file

@ -6,8 +6,6 @@
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
defaultSSLListenPort = 444;
streamConfig = ''
@ -24,9 +22,6 @@
listen [::0]:443;
proxy_pass $name;
ssl_preread on;
proxy_connect_timeout 30s;
proxy_timeout 1h;
proxy_buffer_size 16k;
}
'';
};