lily/LiNix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added server configs.

Browse Source
This commit is contained in:
Lily Anderson
2026-02-13 19:36:19 -06:00
parent 6dbb919f06
commit a50ae2e751
8 changed files with 340 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
modules/hosts/server/nginx.nix Normal file
View File

@@ -0,0 +1,172 @@
{inputs, ...}: {
flake.nixosModules.nginx = { config, pkgs, ... }: {
imports = [ inputs.sops-nix.nixosModules.sops ];
users.users.nginx.extraGroups = [ "acme" ];
systemd.services.webdavPrivate = {
description = "Rclone WebDAV server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.rclone}/bin/rclone serve webdav --addr :8081 --baseurl / --htpasswd /var/www/basic_auth /var/www/dav.lilyanderson.xyz
'';
Restart = "always";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"lilyanderson.xyz" = {
locations."/" = {
root = "/var/www/web";
};
};
"ai.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9001";
};
extraConfig = ''
client_body_timeout 300;
client_header_timeout 300;
keepalive_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
# Add WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
'';
};
"dav.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8081";
};
};
"swap.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.0.101:9001";
};
basicAuthFile = "/var/www/basic_auth";
};
"192.168.0.42" = {
};
"git.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001";
};
};
};
};
services.postgresql = {
ensureDatabases = [ config.services.gitea.user ];
ensureUsers = [
{
name = config.services.gitea.database.user;
ensureDBOwnership = true;
#ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
}
];
};
sops = {
age.keyFile = "/secrets/age/keys.txt";
defaultSopsFile = ../../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"postgres/gitea_dbpass".owner = config.services.gitea.user;
"porkbun/api_pk".owner = "root";
"porkbun/api_sk".owner = "root";
};
};
services.gitea = {
enable = true;
appName = "Lily's Gitea Server";
database = {
type = "postgres";
passwordFile = config.sops.secrets."postgres/gitea_dbpass".path;
};
settings.service.DISABLE_REGISTRATION = true;
settings.server = {
DOMAIN = "git.lilyanderson.xyz";
ROOT_URL = "https://git.lilyanderson.xyz";
HTTP_PORT = 3001;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "lilylanderson@zoho.com";
};
services.open-webui = {
enable = true;
host = "0.0.0.0";
port = 9001;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
ENABLE_LOGIN_FORM = "True";
};
};
services.oink = {
enable = true;
apiKeyFile = config.sops.secrets."porkbun/api_pk".path;
secretApiKeyFile = config.sops.secrets."porkbun/api_sk".path;
domains = [
{
domain = "ausrineblackthorn.com";
subdomain = "";
ttl = 600;
}
{
domain = "ausrineblackthorn.com";
subdomain = "*";
ttl = 600;
}
{
domain = "lilyanderson.xyz";
subdomain = "";
ttl = 600;
}
{
domain = "lilyanderson.xyz";
subdomain = "*";
ttl = 600;
}
];
};
};
}