Nebucatnetzer
/
nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use the hostname properly

This commit is contained in:
Andreas Zweili 2022-09-06 20:14:29 +02:00
parent 4d6b021e6f
commit 85a06a9233
4 changed files with 10 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/mk_raspi.nix
View File

@ -4,7 +4,8 @@
modules = (
[
# System configuration for this host
"${inputs.self}/systems/${hostname}"
(import "${inputs.self}/systems/${hostname}"
{ inherit custom hostname inputs pkgs; })
# Common configuration
"${inputs.self}/modules/common"

4
modules/restic-server-client/default.nix
View File

@ -1,4 +1,4 @@
{ config, inputs, custom, pkgs, time, ... }:
{ hostname, inputs, custom, pkgs, time, ... }:
{
imports = [
"${inputs.self}/modules/telegram-notifications"
@ -28,7 +28,7 @@
${pkgs.restic}/bin/restic forget \
--tag home-dir \
--host ${config.networking.hostName} \
--host ${hostname} \
--keep-daily 7 \
--keep-weekly 5 \
--keep-monthly 12 \

7
systems/proxy/default.nix
View File

@ -1,13 +1,12 @@
{ config, custom, inputs, pkgs, ... }:
{ custom, hostname, inputs, pkgs, ... }:
{
imports = [
(import "${inputs.self}/systems/raspi4" {
hostname = "proxy";
ip = "10.7.89.99";
inherit inputs pkgs;
inherit hostname inputs pkgs;
})
(import "${inputs.self}/modules/restic-server-client" {
time = "11:30"; inherit config custom inputs pkgs;
time = "11:30"; inherit custom hostname inputs pkgs;
})
"${inputs.self}/modules/nginx-acme-base"
"${inputs.self}/modules/docker"

72
systems/raspi-test/default.nix
View File

@ -1,77 +1,11 @@
{ config, custom, inputs, pkgs, ... }:
{ hostname, inputs, pkgs, ... }:
{
imports = [
(import "${inputs.self}/systems/raspi4" {
hostname = "raspi-test";
ip = "10.7.89.99";
inherit inputs pkgs;
ip = "10.7.89.150";
inherit hostname inputs pkgs;
})
(import "${inputs.self}/modules/restic-server-client" {
time = "11:30"; inherit config custom inputs pkgs;
})
"${inputs.self}/modules/nginx-acme-base"
"${inputs.self}/modules/docker"
"${inputs.self}/modules/haproxy"
"${inputs.self}/modules/tmux"
];
services.nginx = {
commonHttpConfig = ''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
map $scheme $hsts_header {
https "max-age=63072000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame
add_header X-Frame-Options DENY;
# Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff;
# Enable XSS protection of the browser.
# May be unnecessary when CSP is configured properly (see above)
add_header X-XSS-Protection "1; mode=block";
# This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts = {
"2li.ch" = {
serverAliases = [ "www.2li.ch" ];
enableACME = true;
forceSSL = true;
listen = [{ port = 4433; addr = "127.0.0.1"; ssl = true; }];
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; # needed if you need to use WebSocket
};
};
"heimdall.2li.ch" = {
enableACME = true;
forceSSL = true;
listen = [{ port = 4433; addr = "127.0.0.1"; ssl = true; }];
locations."/" = {
proxyPass = "http://127.0.0.1:8081";
proxyWebsockets = true; # needed if you need to use WebSocket
};
};
"rss-bridge.2li.ch" = {
enableACME = true;
forceSSL = true;
listen = [{ port = 4433; addr = "127.0.0.1"; ssl = true; }];
locations."/" = {
proxyPass = "http://127.0.0.1:8082";
proxyWebsockets = true; # needed if you need to use WebSocket
};
};
};
};
}