sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Compare commits

base: sid:af0a423feb852a59345e68d48c2bd1f3084ee7fd
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns
..
compare: sid:ff2610a98d5da26036bf1d671047ae52e774a4d0
Branches Tags
sid:master
sid:develop
sid:feature/overleaf
sid:dns

No commits in common. "af0a423feb852a59345e68d48c2bd1f3084ee7fd" and "ff2610a98d5da26036bf1d671047ae52e774a4d0" have entirely different histories.
af0a423feb ... ff2610a98d

6 changed files with 15 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/rx4/services/default.nix
View file

@ -18,6 +18,8 @@
./nginx.nix
./open-webui-oci.nix
./print-server.nix
./rss-bridge.nix
./rsshub-oci.nix
./vaultwarden.nix
# ./alditalk-extender.nix # FIXME

2
hosts/sid/services/rss-bridge.nix → hosts/rx4/services/rss-bridge.nix
View file

@ -8,7 +8,7 @@
reverseProxy = {
enable = true;
subdomain = constants.services.rss-bridge.subdomain;
forceSSL = true;
forceSSL = false;
};
};
}

5
hosts/sid/services/rsshub-oci.nix → hosts/rx4/services/rsshub-oci.nix
View file

@ -10,10 +10,5 @@
services.rsshub-oci = {
enable = true;
inherit (constants.services.rsshub-oci) port;
reverseProxy = {
enable = true;
subdomain = constants.services.rss-bridge.subdomain;
forceSSL = true;
};
};
}

2
hosts/sid/services/default.nix
View file

@ -17,8 +17,6 @@
./netdata.nix
./nginx.nix
./radicale.nix
./rss-bridge.nix
./rsshub-oci.nix
./step-ca.nix
];
}

12
hosts/sid/services/nginx.nix
View file

@ -77,6 +77,18 @@ in
error_log /var/log/nginx/open-webui-error.log debug;
'';
};
virtualHosts."${constants.services.rss-bridge.fqdn}" = {
enableACME = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = "http://${constants.hosts.rx4.ip}";
};
};
virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost {
inherit ssl;
address = constants.hosts.rx4.ip;
port = constants.services.rsshub-oci.port;
};
virtualHosts."${constants.services.vaultwarden.fqdn}" = {
useACMEHost = "sid-internal";
forceSSL = ssl;

15
modules/nixos/rsshub-oci/default.nix
View file

@ -7,9 +7,6 @@
let
cfg = config.services.rsshub-oci;
domain = config.networking.domain;
subdomain = cfg.reverseProxy.subdomain;
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
images = {
# https://github.com/DIYgod/RSSHub/pkgs/container/rsshub
@ -61,10 +58,6 @@ let
optional
types
;
inherit (lib.utils)
mkReverseProxyOption
mkVirtualHost
;
in
{
options.services.rsshub-oci = {
@ -84,7 +77,6 @@ in
default = null;
description = "Environment file for secrets.";
};
reverseProxy = mkReverseProxyOption "RSSHub" "rsshub";
};
config = mkIf cfg.enable {
@ -94,13 +86,6 @@ in
dockerCompat = true;
};
services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
"${fqdn}" = mkVirtualHost {
inherit (cfg) port;
ssl = cfg.reverseProxy.forceSSL;
};
};
networking.firewall.interfaces =
let
matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";