Networking setup for VMs, new hosts for internal apps
This commit is contained in:
parent
d636c4edb7
commit
641b329d55
|
@ -163,16 +163,55 @@
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:8973/";
|
||||
};
|
||||
};
|
||||
virtualHosts."request-media.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:5055/";
|
||||
};
|
||||
};
|
||||
virtualHosts."flood.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://192.168.50.187:3000/";
|
||||
};
|
||||
};
|
||||
};
|
||||
gitea = {
|
||||
enable = true;
|
||||
stateDir = "/Primary/gitea";
|
||||
package = pkgs.forgejo;
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
APP_NAME = "Arch's Git Forge";
|
||||
};
|
||||
server = {
|
||||
ROOT_URL = "https://git.gmem.ca/";
|
||||
HTTP_PORT = 8973;
|
||||
|
@ -211,12 +250,24 @@
|
|||
hostName = "vancouver";
|
||||
domain = "gmem.ca";
|
||||
firewall = {
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||
checkReversePath = "loose";
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 53 80 443 ];
|
||||
allowedTCPPorts = [ 22 53 80 443 2049 ];
|
||||
allowedUDPPorts = [ 53 41641 ];
|
||||
};
|
||||
useDHCP = false;
|
||||
bridges = {
|
||||
"br0" = {
|
||||
interfaces = [ "eno1" ];
|
||||
};
|
||||
};
|
||||
interfaces.br0.ipv4.addresses = [ {
|
||||
address = "192.168.50.229";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
defaultGateway = "192.168.50.1";
|
||||
nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
|
||||
nftables.enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -232,7 +283,7 @@
|
|||
cifs-utils
|
||||
cloudflared
|
||||
bat
|
||||
# atuin
|
||||
virtiofsd
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -313,6 +364,16 @@
|
|||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."request-media.gmem.ca" = {
|
||||
domain = "request-media.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."flood.gmem.ca" = {
|
||||
domain = "flood.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue