Networking setup for VMs, new hosts for internal apps
This commit is contained in:
parent
d636c4edb7
commit
641b329d55
|
@ -163,16 +163,55 @@
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
'';
|
'';
|
||||||
proxyPass = "http://127.0.0.1:8973/";
|
proxyPass = "http://127.0.0.1:8973/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
virtualHosts."request-media.gmem.ca" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
acmeRoot = null;
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig =
|
||||||
|
''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
'';
|
||||||
|
proxyPass = "http://127.0.0.1:5055/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
virtualHosts."flood.gmem.ca" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
acmeRoot = null;
|
||||||
|
locations."/" = {
|
||||||
|
extraConfig =
|
||||||
|
''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
'';
|
||||||
|
proxyPass = "http://192.168.50.187:3000/";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
gitea = {
|
gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stateDir = "/Primary/gitea";
|
stateDir = "/Primary/gitea";
|
||||||
package = pkgs.forgejo;
|
package = pkgs.forgejo;
|
||||||
settings = {
|
settings = {
|
||||||
|
DEFAULT = {
|
||||||
|
APP_NAME = "Arch's Git Forge";
|
||||||
|
};
|
||||||
server = {
|
server = {
|
||||||
ROOT_URL = "https://git.gmem.ca/";
|
ROOT_URL = "https://git.gmem.ca/";
|
||||||
HTTP_PORT = 8973;
|
HTTP_PORT = 8973;
|
||||||
|
@ -211,12 +250,24 @@
|
||||||
hostName = "vancouver";
|
hostName = "vancouver";
|
||||||
domain = "gmem.ca";
|
domain = "gmem.ca";
|
||||||
firewall = {
|
firewall = {
|
||||||
trustedInterfaces = ["tailscale0"];
|
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 22 53 80 443 ];
|
allowedTCPPorts = [ 22 53 80 443 2049 ];
|
||||||
allowedUDPPorts = [ 53 41641 ];
|
allowedUDPPorts = [ 53 41641 ];
|
||||||
};
|
};
|
||||||
|
useDHCP = false;
|
||||||
|
bridges = {
|
||||||
|
"br0" = {
|
||||||
|
interfaces = [ "eno1" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
interfaces.br0.ipv4.addresses = [ {
|
||||||
|
address = "192.168.50.229";
|
||||||
|
prefixLength = 24;
|
||||||
|
} ];
|
||||||
|
defaultGateway = "192.168.50.1";
|
||||||
|
nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
|
||||||
nftables.enable = true;
|
nftables.enable = true;
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -232,7 +283,7 @@
|
||||||
cifs-utils
|
cifs-utils
|
||||||
cloudflared
|
cloudflared
|
||||||
bat
|
bat
|
||||||
# atuin
|
virtiofsd
|
||||||
];
|
];
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
@ -313,6 +364,16 @@
|
||||||
dnsProvider = "route53";
|
dnsProvider = "route53";
|
||||||
credentialsFile = "/var/lib/secrets/credentials";
|
credentialsFile = "/var/lib/secrets/credentials";
|
||||||
};
|
};
|
||||||
|
security.acme.certs."request-media.gmem.ca" = {
|
||||||
|
domain = "request-media.gmem.ca";
|
||||||
|
dnsProvider = "route53";
|
||||||
|
credentialsFile = "/var/lib/secrets/credentials";
|
||||||
|
};
|
||||||
|
security.acme.certs."flood.gmem.ca" = {
|
||||||
|
domain = "flood.gmem.ca";
|
||||||
|
dnsProvider = "route53";
|
||||||
|
credentialsFile = "/var/lib/secrets/credentials";
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue