Merge branch 'main' of github.com:philip-peterson/petersweb-infra

This commit is contained in:
Philip Peterson 2024-12-24 06:50:02 -05:00
commit fae9eb26b6
5 changed files with 66 additions and 7 deletions

View file

@ -8,8 +8,9 @@
2200 #forgejo ssh 2200 #forgejo ssh
3000 #forgejo http 3000 #forgejo http
9090 #sync.io 8082 #webdav
9090 #sync.io
9091 #caddy 9091 #caddy
]; ];
} }

View file

@ -48,8 +48,17 @@ in {
time.timeZone = "America/Anchorage"; time.timeZone = "America/Anchorage";
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age; age.secrets = {
age.secrets.nearlyfreespeech.owner = "root"; nearlyfreespeech = {
file = ./secrets/nearlyfreespeech.age;
owner = "root";
};
webdav = {
file = ./secrets/webdav.age;
owner = "root";
};
};
environment.systemPackages = [ environment.systemPackages = [
ddnsPkg ddnsPkg
@ -144,15 +153,15 @@ in {
"webdav" = { "webdav" = {
autoStart = true; autoStart = true;
image = "dgraziotin/nginx-webdav-nononsense"; image = "quineglobal/nginx-webdav-nononsense@sha256:86002d386e433c3ed1d265d3aa7f921f96fb678651a913aaa92af8fb78870b1c";
volumes = [ volumes = [
"/mnt/webdav/data:/data" "/mnt/webdav/data:/data"
"/mnt/webdav/config:/config" "/mnt/webdav/config:/config"
(config.age.secrets."webdav".path + ":/password")
]; ];
environment = { environment = {
"WEBDAV_USERNAME" = "foo"; "WEBDAV_USERNAME" = "ironmagma";
# TODO "WEBDAV_PASSWORD_FILE" = "/password";
"WEBDAV_PASSWORD" = "bar";
"TZ" = "America/Anchorage"; "TZ" = "America/Anchorage";
"PUID" = "60"; # nginx user "PUID" = "60"; # nginx user
@ -221,5 +230,11 @@ in {
environmentFile = config.age.secrets."nearlyfreespeech".path; environmentFile = config.age.secrets."nearlyfreespeech".path;
webroot = null; webroot = null;
}; };
certs."webdav.philippeterson.com" = {
dnsProvider = "nearlyfreespeech";
environmentFile = config.age.secrets."nearlyfreespeech".path;
webroot = null;
};
}; };
} }

View file

@ -110,6 +110,39 @@
''; '';
}; };
}; };
"webdav.philippeterson.com" = {
serverName = "webdav.philippeterson.com";
enableACME = true;
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav
extraConfig = ''
# Pass required headers for WebDAV
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Pass Authorization header if required
proxy_set_header Authorization $http_authorization;
# Set timeouts for large file uploads or long WebDAV operations
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
# Increase client body size for large uploads
client_max_body_size 100M;
# Optional: Disable caching for WebDAV operations
proxy_buffering off;
proxy_cache off;
'';
};
};
"forge.quinefoundation.com-https" = { "forge.quinefoundation.com-https" = {
serverName = "forge.quinefoundation.com"; serverName = "forge.quinefoundation.com";
enableACME = true; enableACME = true;

View file

@ -5,4 +5,7 @@ in {
# NEARLYFREESPEECH_API_KEY # NEARLYFREESPEECH_API_KEY
# NEARLYFREESPEECH_LOGIN # NEARLYFREESPEECH_LOGIN
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey]; "./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
# WEBDAV_PASSWORD
"./webdav.age".publicKeys = [mainframePublicKey];
} }

7
nixos/secrets/webdav.age Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyA3dVNY
SWE3TVY1aUx5d3QvRXlXMWpHUlUwbkJWMEh1VUx0MUh6NTdJOUZnCnNyTGdHdzlz
WlU1dUtDa3UwQ2FTbGhYbG9YeGhVZStXK2pVVjM4L0pTTDgKLS0tIGt1a3IxOFR6
YzVPVXFTVDFDQXV6NnpKTnJ4U3VSYm51eElDTFlwUXhMc1UKS4xUGWRtLZU7K8Q0
vwCwvntjoIxeNbLbzYbRRsOkmlu1T+V70iERWMSSWXVqqlX0FqffTw==
-----END AGE ENCRYPTED FILE-----