From d423fae9db1ef7f05d195bfb363ee7dc45557c5d Mon Sep 17 00:00:00 2001 From: 514fpv Date: Fri, 5 Jan 2024 00:36:49 +0800 Subject: [PATCH] feat(library): add nginx service, add acme --- spec/library/acme.nix | 18 ++++++++++++++++++ spec/library/nginx.nix | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 spec/library/acme.nix create mode 100644 spec/library/nginx.nix diff --git a/spec/library/acme.nix b/spec/library/acme.nix new file mode 100644 index 00000000..82a71ff9 --- /dev/null +++ b/spec/library/acme.nix @@ -0,0 +1,18 @@ +{ + security.acme = { + acceptTerms = true; + defaults.email = "koishi@514fpv.one"; + defaults.group = "nginx"; + certs = let + cloudflare = { + dnsProvider = "cloudflare"; + credentialsFile = "/nix/persist/secret/cloudflare"; + }; + in { + "514fpv.io" = cloudflare; + ".514fpv.io" = cloudflare // { domain = "*.514fpv.io"; }; + }; + }; + + environment.persistence."/nix/persist/fhs".directories = [ "/var/lib/acme" ]; +} diff --git a/spec/library/nginx.nix b/spec/library/nginx.nix new file mode 100644 index 00000000..e6980dcc --- /dev/null +++ b/spec/library/nginx.nix @@ -0,0 +1,37 @@ +{ + services.nginx = { + enable = true; + + # enable all recommended settings + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + # set a reasonable default + clientMaxBodySize = "64m"; + + # proxy services running on TrueNAS + virtualHosts = { + "_" = { + addSSL = true; + useACMEHost = ".514fpv.io"; + extraConfig = "return 444;"; + }; + + "home.514fpv.io" = { + useACMEHost = ".514fpv.io"; + addSSL = true; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://192.168.1.250:8123"; + proxyWebsockets = true; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +}