|
|
|
@ -31,92 +31,9 @@
|
|
|
|
|
gotosocial.nixosModule
|
|
|
|
|
drowning.nixosModule
|
|
|
|
|
|
|
|
|
|
({ pkgs, ...}: {
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
|
|
home-manager.useGlobalPkgs = true;
|
|
|
|
|
home-manager.useUserPackages = true;
|
|
|
|
|
|
|
|
|
|
services.nginx.enable = true;
|
|
|
|
|
services.nginx.recommendedProxySettings = true;
|
|
|
|
|
services.nginx.appendHttpConfig = ''
|
|
|
|
|
types {
|
|
|
|
|
text/plain wat;
|
|
|
|
|
text/plain glsl;
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
|
security.acme.defaults.email = "acme@tempest.dev";
|
|
|
|
|
|
|
|
|
|
ashe.services."ashen.earth".enable = true;
|
|
|
|
|
ashe.services."ashen.earth".domain = "ashen.earth";
|
|
|
|
|
|
|
|
|
|
ashe.services.tmpfiles.enable = true;
|
|
|
|
|
ashe.services.tmpfiles.domain = "files.tempest.dev";
|
|
|
|
|
ashe.services.tmpfiles.port = 4441;
|
|
|
|
|
|
|
|
|
|
ashe.services."tempest.dev".enable = true;
|
|
|
|
|
ashe.services."tempest.dev".domain = "tempest.dev";
|
|
|
|
|
ashe.services."tempest.dev".port = 4442;
|
|
|
|
|
|
|
|
|
|
ashe.services.tempest-secret.enable = true;
|
|
|
|
|
ashe.services.tempest-secret.domain = "tempest.dev";
|
|
|
|
|
ashe.services.tempest-secret.path = "/secret";
|
|
|
|
|
ashe.services.tempest-secret.port = 4443;
|
|
|
|
|
|
|
|
|
|
ashe.services.tempest-api-contact.enable = true;
|
|
|
|
|
ashe.services.tempest-api-contact.domain = "contact.tempest.dev";
|
|
|
|
|
ashe.services.tempest-api-contact.configFile = "/etc/tempest/contact.json";
|
|
|
|
|
ashe.services.tempest-api-contact.port = 4444;
|
|
|
|
|
|
|
|
|
|
ashe.services.social.enable = true;
|
|
|
|
|
ashe.services.social.appDomain = "social.tempest.dev";
|
|
|
|
|
ashe.services.social.accountDomain = "tempest.dev";
|
|
|
|
|
ashe.services.social.port = 4445;
|
|
|
|
|
|
|
|
|
|
ashe.services.drowning.enable = true;
|
|
|
|
|
ashe.services.drowning.domain = "drowning.ashen.earth";
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."static.tempest.dev" = {
|
|
|
|
|
root = "/var/www/static";
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
|
|
|
|
|
locations."/" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
if ($request_method = GET) {
|
|
|
|
|
add_header Access-Control-Allow-Origin *;
|
|
|
|
|
add_header Access-Control-Allow-Credentials true;
|
|
|
|
|
add_header Access-Control-Allow-Methods "GET, OPTIONS";
|
|
|
|
|
add_header Access-Control-Allow-Headers "origin, accept, range";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($request_method = OPTIONS ) {
|
|
|
|
|
add_header Access-Control-Allow-Origin *;
|
|
|
|
|
add_header Access-Control-Allow-Credentials true;
|
|
|
|
|
add_header Access-Control-Allow-Methods "GET, OPTIONS";
|
|
|
|
|
add_header Access-Control-Allow-Headers "origin, accept, range";
|
|
|
|
|
add_header Content-Length 0;
|
|
|
|
|
add_header Content-Type text/plain;
|
|
|
|
|
return 204;
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."phantomthieves.net" = {
|
|
|
|
|
locations."/" = { proxyPass = "http://necronomicon.tempest.local:4000"; };
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."forum.phantomthieves.net" = {
|
|
|
|
|
locations."/" = { proxyPass = "http://melete.tempest.local:8999"; };
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
./hosts/nyx/include/nginx.nix
|
|
|
|
|
./hosts/nyx/include/services.nix
|
|
|
|
|
./hosts/nyx/include/proxy.nix
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
@ -125,21 +42,8 @@
|
|
|
|
|
modules = [
|
|
|
|
|
./hosts/hemera/configuration.nix
|
|
|
|
|
private.nixosModules.hemera
|
|
|
|
|
|
|
|
|
|
({ config, pkgs, ...}: {
|
|
|
|
|
services.nix-serve = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secretKeyFile = "/etc/tempest/bincache/key-priv.pem";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
virtualHosts."hemera.tempest.local" = {
|
|
|
|
|
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
./hosts/hemera/include/nginx.nix
|
|
|
|
|
./hosts/hemera/include/nix-serve.nix
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|