{ config, lib, pkgs, ... }: with lib; #### VHost table #### # 10000 riot.nyanlout.re # 10001 factorio.nyanlout.re # 10002 minecraft.nyanlout.re # 10003 nyanlout.re # 10004 musique-meyenheim.fr # 10005 social.nyanlout.re # 10006 pgmanage.nyanlout.re # 10007 maxspiegel.fr #### let domaine = "nyanlout.re"; jellyfin_backend = '' http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } ''; sonarr_acl = '' acl API path_beg /api ''; sonarr_auth = '' !AUTH_OK !API ''; nginxGetFirstLocalPort = vh: (findFirst (x: x.addr == "127.0.0.1") (throw "No local port found") config.services.nginx.virtualHosts.${vh}.listen).port; in { services = { haproxy-acme = { enable = true; domaine = domaine; services = { "grafana.${domaine}" = { ip = "127.0.0.1"; port = config.services.grafana.port; auth = true; }; "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; extraBackend = jellyfin_backend; }; "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; }; "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = sonarr_acl; aclBool = sonarr_auth; }; "transmission.${domaine}" = { ip = "127.0.0.1"; port = config.services.transmission.port; auth = true; }; "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; }; "riot.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "riot.nyanlout.re"; auth = false; }; "matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; }; "pgmanage.${domaine}" = { ip = "127.0.0.1"; port = config.services.pgmanage.port; auth = true; }; "gitea.${domaine}" = { ip = "127.0.0.1"; port = config.services.gitea.httpPort; auth = false; }; "ci.${domaine}" = { ip = "127.0.0.1"; port = 52350; auth = false; }; "factorio.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "factorio.nyanlout.re"; auth = false; }; "airsonic.${domaine}" = { ip = "127.0.0.1"; port = 4040; auth = false; }; "${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "nyanlout.re"; auth = false; }; "musique-meyenheim.fr" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "musique-meyenheim.fr"; auth = false; }; "minecraft.${domaine}" = { ip = "127.0.0.1"; port = nginxGetFirstLocalPort "minecraft.nyanlout.re"; auth = false; }; }; }; searx.enable = true; nginx = { enable = true; recommendedProxySettings = true; appendHttpConfig = '' set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; ''; virtualHosts = { "riot.nyanlout.re" = { listen = [ { addr = "127.0.0.1"; port = 10000; } ]; locations = { "/" = { root = pkgs.riot-web; }; }; }; "factorio.nyanlout.re" = { listen = [ { addr = "127.0.0.1"; port = 10001; } ]; locations = { "/" = { root = "/var/www/factorio"; }; }; }; "minecraft.nyanlout.re" = { listen = [ { addr = "127.0.0.1"; port = 10002; } ]; locations = { "/" = { root = "/var/www/minecraft-overviewer"; }; }; }; "nyanlout.re" = { listen = [ { addr = "127.0.0.1"; port = 10003; } ]; locations = { "/" = { alias = "/var/www/site-perso/"; }; "/.well-known/openpgpkey/" = { alias = "/var/lib/gnupg/wks/nyanlout.re"; extraConfig = '' add_header Access-Control-Allow-Origin * always; ''; }; }; }; "musique-meyenheim.fr" = { listen = [ { addr = "127.0.0.1"; port = 10004; } ]; locations = { "/" = { proxyPass = "http://unix:/run/site-musique.sock"; }; "/static/" = { alias = "/var/www/site-musique/staticfiles/"; }; "/media/" = { alias = "/var/www/site-musique/media/"; }; }; }; }; }; postgresql.enable = true; pgmanage = { enable = true; port = 10006; connections = { localhost = "hostaddr=127.0.0.1 port=5432 dbname=postgres"; }; }; gitea = { enable = true; cookieSecure = true; httpPort = 3001; rootUrl = "https://gitea.nyanlout.re/"; database = { type = "postgres"; port = 5432; passwordFile = "/var/lib/gitea/custom/conf/database_password"; }; log.level = "Warn"; extraConfig = '' [ui] DEFAULT_THEME = arc-green [service] DISABLE_REGISTRATION = true ''; }; python-ci.enable = true; site-max = { enable = true; port = 10007; domaine = "maxspiegel.fr"; }; }; systemd.services.site-musique = let djangoEnv =(pkgs.python3.withPackages (ps: with ps; [ gunicorn django_2_2 pillow setuptools ])); in { description = "Site Django de la musique de Meyenheim"; after = [ "network.target" ]; requires = [ "site-musique.socket" ]; preStart = '' ${djangoEnv}/bin/python manage.py migrate; ${djangoEnv}/bin/python manage.py collectstatic --no-input; ''; environment = { DJANGO_SETTINGS_MODULE = "site_musique.settings.prod"; NGINX_DIRECTORY = "/var/www/site-musique"; }; serviceConfig = { DynamicUser = true; Group = "nginx"; StateDirectory = "site-musique"; WorkingDirectory = "/var/www/site-musique/"; ReadWritePaths = [ "/var/www/site-musique/staticfiles" "/var/www/site-musique/media" ]; EnvironmentFile = "/mnt/secrets/site-musique.env"; ExecStart = ''${djangoEnv}/bin/gunicorn \ --access-logfile - \ --bind unix:/run/site-musique.sock \ site_musique.wsgi:application ''; PrivateTmp = true; }; }; systemd.sockets.site-musique = { description = "Site Musique socket"; wantedBy = [ "sockets.target" ]; listenStreams = [ "/run/site-musique.sock" ]; }; }