Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update a lot of options, simplify variables, replace options with tags

Browse source
This commit is contained in:
Bun 2025-06-04 16:12:08 -04:00
parent dbc0ab6dd3
commit 7667ef9a1b
147 changed files with 663 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/system/services/server/nginx/acme/default.nix
View file

@ -3,7 +3,7 @@
config = lib.mkIf config.services.nginx.enable {
security.acme = {
acceptTerms = true;
defaults.email = "contact@nixfox.ca";
defaults.email = "contact@${config.vars.mainDomain}";
};
environment.persistence."/persist".directories = [ "/var/lib/acme" ];
};

14
modules/system/services/server/nginx/default.nix
View file

@ -2,23 +2,21 @@
{
imports = [
./acme
./hosts
./rtmp
./user
];
options.services.webserver.enable = lib.mkEnableOption "Nginx webpages";
config = lib.mkIf config.services.nginx.enable {
services.nginx = {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
config.services.nginx.defaultHTTPListenPort
config.services.nginx.defaultSSLListenPort
];
environment.persistence."/persist".directories = [ "/var/www" ];
};
}

9
modules/system/services/server/nginx/hosts/default.nix
View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
{
imports = [
./files
./nixfox
];
environment.persistence."/persist".directories = lib.mkIf config.services.webserver.enable [ "/var/www" ];
}

8
modules/system/services/server/nginx/hosts/files/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable {
enableACME = true;
addSSL = true;
globalRedirect = "www.nixfox.ca";
};
}

29
modules/system/services/server/nginx/hosts/nixfox/default.nix
View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable {
"www.nixfox.ca" = {
enableACME = true;
addSSL = true;
default = true;
root = "/var/www/landing-page";
};
"nixfox.ca" = {
enableACME = true;
addSSL = true;
globalRedirect = "www.nixfox.ca";
locations = {
"/.well-known/matrix/client".extraConfig = ''
default_type application/json;
return 200 '{
"m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
"m.identity_server": { "base_url": "https://matrix.org" }
}';
'';
"/.well-known/matrix/server".extraConfig = ''
default_type application/json;
return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
'';
};
};
};
}

34
modules/system/services/server/nginx/rtmp/default.nix
View file

@ -1,34 +0,0 @@
{ config, lib, pkgs, nodes, ... }:
{
config = lib.mkIf config.services.webserver.enable {
services.nginx = {
additionalModules = with pkgs.nginxModules; [ rtmp ];
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
hls on;
hls_path /var/www/landing-page/streams/hls/;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
networking.firewall.extraInputRules = let
targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
in ''
ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept
ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
'';
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
};
}