alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ran nixfmt-tree
Some checks failed
Buill NixOS Configurations / build (carbon) (push) Has been cancelled
Details
Buill NixOS Configurations / build (git) (push) Has been cancelled
Details
Buill NixOS Configurations / build (gospel) (push) Has been cancelled
Details
Buill NixOS Configurations / build (node) (push) Has been cancelled
Details

Browse source
This commit is contained in:
alejandro-angulo 2026-02-28 21:25:59 -08:00
parent 259c75204d
commit 3edb267414
9 changed files with 153 additions and 160 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/nixos/services/adguardhome/default.nix
View file

@ -38,16 +38,15 @@ in
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."adguardhome.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
virtualHosts."adguardhome.kilonull.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall = {

21
modules/nixos/services/grafana/default.nix
View file

@ -113,18 +113,17 @@ in
services.nginx = {
enable = true;
virtualHosts."${server_settings.domain}" =
{
locations."/" = {
proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
virtualHosts."${server_settings.domain}" = {
locations."/" = {
proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall = {

97
modules/nixos/services/minio/default.nix
View file

@ -33,63 +33,62 @@ in
services.nginx = {
enable = true;
virtualHosts = {
"minio.kilonull.com" =
{
extraConfig = ''
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
'';
"minio.kilonull.com" = {
extraConfig = ''
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
'';
locations."/".extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
locations."/".extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9000;
'';
locations."/ui".extraConfig = ''
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:9000;
'';
locations."/ui".extraConfig = ''
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin "";
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin "";
chunked_transfer_encoding off;
chunked_transfer_encoding off;
proxy_pass http://localhost:9001;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
proxy_pass http://localhost:9001;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};
};

27
modules/nixos/services/nix-serve/default.nix
View file

@ -45,20 +45,19 @@ in
nginx = {
enable = true;
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" =
{
serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = {
serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};

25
modules/nixos/services/octoprint/default.nix
View file

@ -25,20 +25,19 @@ in
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."octoprint.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 512m;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
virtualHosts."octoprint.kilonull.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 512m;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall.allowedTCPPorts = [

31
modules/nixos/services/sunshine/default.nix
View file

@ -30,23 +30,22 @@ in
services.nginx = {
enable = true;
virtualHosts."sunshine.kilonull.com" =
{
locations."/" = {
recommendedProxySettings = true;
# NOTE: Sunshine is a little weird since it requires multiple
# ports. You configure it with a base port and the web UI +1 from
# the base port.
proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}";
extraConfig = ''
proxy_ssl_verify off;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
virtualHosts."sunshine.kilonull.com" = {
locations."/" = {
recommendedProxySettings = true;
# NOTE: Sunshine is a little weird since it requires multiple
# ports. You configure it with a base port and the web UI +1 from
# the base port.
proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}";
extraConfig = ''
proxy_ssl_verify off;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};
}

23
modules/nixos/services/teslamate/default.nix
View file

@ -147,19 +147,18 @@ in
services.nginx = {
enable = true;
virtualHosts."teslamate.kilonull.com" =
{
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
# TODO: Make port configurable.
proxyPass = "http://127.0.0.1:4000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
virtualHosts."teslamate.kilonull.com" = {
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
# TODO: Make port configurable.
proxyPass = "http://127.0.0.1:4000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall.allowedTCPPorts = [ 4000 ];

3
modules/nixos/user/default.nix
View file

@ -58,6 +58,7 @@ in
shell = pkgs.zsh;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} // cfg.extraOptions;
}
// cfg.extraOptions;
};
}