lily/LiNix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4d7713173d4041b27c2ff26fdb9f33925cc9c154
LiNix/hosts/server/nginx.nix

159 lines
3.7 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
imports = [ ./jupyter.nix ];
users.users.nginx.extraGroups = [ "acme" ];
systemd.services.webdavPrivate = {
description = "Rclone WebDAV server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.rclone}/bin/rclone serve webdav --addr :8081 --baseurl / --htpasswd /var/www/basic_auth /var/www/dav.lilyanderson.xyz
'';
Restart = "always";
};
};
services.nginx = {
enable = true;
virtualHosts = {
# "jupyter.lilyanderson.xyz" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://localhost:9002";
# };
# basicAuthFile = "/var/www/basic_auth";
# extraConfig = ''
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection “upgrade”;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# '';
# };
"lilyanderson.xyz" = {
locations."/" = {
root = "/var/www/web";
};
};
"ai.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:9001";
};
extraConfig = ''
client_body_timeout 300;
client_header_timeout 300;
keepalive_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
# Add WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
'';
};
"dav.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8081";
};
};
"swap.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.0.101:9001";
};
basicAuthFile = "/var/www/basic_auth";
};
"192.168.0.42" = {
};
"git.lilyanderson.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001";
};
};
};
};
services.postgresql = {
ensureDatabases = [ config.services.gitea.user ];
ensureUsers = [
{
name = config.services.gitea.database.user;
ensureDBOwnership = true;
#ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
}
];
};
sops = {
age.keyFile = "/secrets/age/keys.txt";
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets."postgres/gitea_dbpass" = {
owner = config.services.gitea.user;
};
};
services.gitea = {
enable = true;
appName = "Lily's Gitea Server";
database = {
type = "postgres";
passwordFile = config.sops.secrets."postgres/gitea_dbpass".path;
};
settings.service.DISABLE_REGISTRATION = true;
settings.server = {
DOMAIN = "git.lilyanderson.xyz";
ROOT_URL = "https://git.lilyanderson.xyz";
HTTP_PORT = 3001;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "lilylanderson@zoho.com";
};
services.open-webui = {
enable = true;
host = "0.0.0.0";
port = 9001;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
ENABLE_LOGIN_FORM = "True";
};
};
}
Reference in New Issue View Git Blame Copy Permalink