ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add media to ssl cert

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-10-09 21:54:06 -05:00
parent 24f6484496
commit 160be6071e
5 changed files with 45 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/h001/containers/default.nix
View file

@ -58,13 +58,6 @@
proxyPass = "http://10.0.0.111"; proxyPass = "http://10.0.0.111";
}; };
}; };
"_" = {
default = true;
locations."/" = {
return = "404"; # or 444 for drop
};
};
}; };
}; };

47
hosts/h001/flake.lock generated
View file

@ -67,22 +67,17 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_3",
"ragenix": "ragenix" "ragenix": "ragenix"
}, },
"locked": { "locked": {
"lastModified": 1760053007, "path": "../../common",
"narHash": "sha256-0csJRXdWM+ybfB41g6Ptndi0WRU33onQRH0SdNKZmio=", "type": "path"
"ref": "refs/heads/master",
"rev": "8e5e514b169b62833457d6d851bb1437fb8a8257",
"revCount": 711,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },
"original": { "original": {
"type": "git", "path": "../../common",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "type": "path"
} },
"parent": []
}, },
"crane": { "crane": {
"locked": { "locked": {
@ -537,7 +532,7 @@
}, },
"nixarr": { "nixarr": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"vpnconfinement": "vpnconfinement", "vpnconfinement": "vpnconfinement",
"website-builder": "website-builder" "website-builder": "website-builder"
}, },
@ -588,22 +583,6 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1741379970, "lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -619,7 +598,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1748662220, "lastModified": 1748662220,
"narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=",
@ -635,7 +614,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1759735786, "lastModified": 1759735786,
"narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=", "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=",
@ -651,7 +630,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1759772810, "lastModified": 1759772810,
"narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=",
@ -1607,7 +1586,7 @@
"agenix": "agenix", "agenix": "agenix",
"crane": "crane", "crane": "crane",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
@ -1629,7 +1608,7 @@
"common": "common", "common": "common",
"litellm-nixpkgs": "litellm-nixpkgs", "litellm-nixpkgs": "litellm-nixpkgs",
"nixarr": "nixarr", "nixarr": "nixarr",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_5",
"oauth2-proxy-nixpkgs": "oauth2-proxy-nixpkgs", "oauth2-proxy-nixpkgs": "oauth2-proxy-nixpkgs",
"open-webui-nixpkgs": "open-webui-nixpkgs", "open-webui-nixpkgs": "open-webui-nixpkgs",
"ros_neovim": "ros_neovim", "ros_neovim": "ros_neovim",
@ -1638,7 +1617,7 @@
}, },
"ros_neovim": { "ros_neovim": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_6",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",

4
hosts/h001/flake.nix
View file

@ -8,8 +8,8 @@
oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing # Use relative to get current version for testing
# common.url = "path:../../common"; common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";

28
hosts/h001/mods/nixarr.nix
View file

@ -47,39 +47,23 @@
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"jellyfin.joshuabell.xyz" = { "jellyfin.joshuabell.xyz" = {
enableACME = true; addSSL = true;
# forceSSL = true; sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://localhost:8096"; proxyPass = "http://localhost:8096";
}; };
}; };
"media.joshuabell.xyz" = { "media.joshuabell.xyz" = {
enableACME = true; addSSL = true;
# forceSSL = true; sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://localhost:5055"; proxyPass = "http://localhost:5055";
}; };
}; };
# "10.12.14.10" = {
# locations."/" = {
# proxyWebsockets = true;
# proxyPass = "http://localhost:8096";
# };
# };
# "jellyfin.h001.local.joshuabell.xyz" = {
# locations."/" = {
# proxyWebsockets = true;
# proxyPass = "http://localhost:8096";
# };
# };
# "media.h001.local.joshuabell.xyz" = {
# locations."/" = {
# proxyWebsockets = true;
# proxyPass = "http://localhost:5055";
# };
# };
}; };
}; };
}; };

26
hosts/h001/nginx.nix
View file

@ -1,4 +1,5 @@
{ {
config,
... ...
}: }:
let let
@ -8,8 +9,21 @@ let
}; };
in in
{ {
security.acme.acceptTerms = true; # TODO transfer these to o001 to use same certs?
security.acme.defaults.email = "admin@joshuabell.xyz"; security.acme = {
acceptTerms = true;
defaults.email = "admin@joshuabell.xyz";
certs."joshuabell.xyz" = {
domain = "joshuabell.xyz";
extraDomainNames = [ "*.joshuabell.xyz" ];
credentialFiles = {
LINODE_TOKEN_FILE = config.age.secrets.linode_rw_domains.path;
};
dnsProvider = "linode";
group = "nginx";
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -45,6 +59,14 @@ in
"/" = homarr; "/" = homarr;
}; };
}; };
"_" = {
rejectSSL = true;
default = true;
locations."/" = {
return = "444"; # 404 for not found or 444 for drop
};
};
}; };
}; };
} }