Merge branch 'main' of github.com:philip-peterson/petersweb-infra
This commit is contained in:
commit
fae9eb26b6
5 changed files with 66 additions and 7 deletions
|
|
@ -8,8 +8,9 @@
|
||||||
2200 #forgejo ssh
|
2200 #forgejo ssh
|
||||||
3000 #forgejo http
|
3000 #forgejo http
|
||||||
|
|
||||||
9090 #sync.io
|
8082 #webdav
|
||||||
|
|
||||||
|
9090 #sync.io
|
||||||
9091 #caddy
|
9091 #caddy
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -48,8 +48,17 @@ in {
|
||||||
|
|
||||||
time.timeZone = "America/Anchorage";
|
time.timeZone = "America/Anchorage";
|
||||||
|
|
||||||
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age;
|
age.secrets = {
|
||||||
age.secrets.nearlyfreespeech.owner = "root";
|
nearlyfreespeech = {
|
||||||
|
file = ./secrets/nearlyfreespeech.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
webdav = {
|
||||||
|
file = ./secrets/webdav.age;
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
ddnsPkg
|
ddnsPkg
|
||||||
|
|
@ -144,15 +153,15 @@ in {
|
||||||
|
|
||||||
"webdav" = {
|
"webdav" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
image = "dgraziotin/nginx-webdav-nononsense";
|
image = "quineglobal/nginx-webdav-nononsense@sha256:86002d386e433c3ed1d265d3aa7f921f96fb678651a913aaa92af8fb78870b1c";
|
||||||
volumes = [
|
volumes = [
|
||||||
"/mnt/webdav/data:/data"
|
"/mnt/webdav/data:/data"
|
||||||
"/mnt/webdav/config:/config"
|
"/mnt/webdav/config:/config"
|
||||||
|
(config.age.secrets."webdav".path + ":/password")
|
||||||
];
|
];
|
||||||
environment = {
|
environment = {
|
||||||
"WEBDAV_USERNAME" = "foo";
|
"WEBDAV_USERNAME" = "ironmagma";
|
||||||
# TODO
|
"WEBDAV_PASSWORD_FILE" = "/password";
|
||||||
"WEBDAV_PASSWORD" = "bar";
|
|
||||||
"TZ" = "America/Anchorage";
|
"TZ" = "America/Anchorage";
|
||||||
|
|
||||||
"PUID" = "60"; # nginx user
|
"PUID" = "60"; # nginx user
|
||||||
|
|
@ -221,5 +230,11 @@ in {
|
||||||
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||||
webroot = null;
|
webroot = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
certs."webdav.philippeterson.com" = {
|
||||||
|
dnsProvider = "nearlyfreespeech";
|
||||||
|
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||||
|
webroot = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -110,6 +110,39 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"webdav.philippeterson.com" = {
|
||||||
|
serverName = "webdav.philippeterson.com";
|
||||||
|
enableACME = true;
|
||||||
|
onlySSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav
|
||||||
|
extraConfig = ''
|
||||||
|
# Pass required headers for WebDAV
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
|
# Pass Authorization header if required
|
||||||
|
proxy_set_header Authorization $http_authorization;
|
||||||
|
|
||||||
|
# Set timeouts for large file uploads or long WebDAV operations
|
||||||
|
proxy_read_timeout 300;
|
||||||
|
proxy_connect_timeout 300;
|
||||||
|
proxy_send_timeout 300;
|
||||||
|
|
||||||
|
# Increase client body size for large uploads
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
|
# Optional: Disable caching for WebDAV operations
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_cache off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
"forge.quinefoundation.com-https" = {
|
"forge.quinefoundation.com-https" = {
|
||||||
serverName = "forge.quinefoundation.com";
|
serverName = "forge.quinefoundation.com";
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
||||||
|
|
@ -5,4 +5,7 @@ in {
|
||||||
# NEARLYFREESPEECH_API_KEY
|
# NEARLYFREESPEECH_API_KEY
|
||||||
# NEARLYFREESPEECH_LOGIN
|
# NEARLYFREESPEECH_LOGIN
|
||||||
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
|
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
|
||||||
|
|
||||||
|
# WEBDAV_PASSWORD
|
||||||
|
"./webdav.age".publicKeys = [mainframePublicKey];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
7
nixos/secrets/webdav.age
Normal file
7
nixos/secrets/webdav.age
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyA3dVNY
|
||||||
|
SWE3TVY1aUx5d3QvRXlXMWpHUlUwbkJWMEh1VUx0MUh6NTdJOUZnCnNyTGdHdzlz
|
||||||
|
WlU1dUtDa3UwQ2FTbGhYbG9YeGhVZStXK2pVVjM4L0pTTDgKLS0tIGt1a3IxOFR6
|
||||||
|
YzVPVXFTVDFDQXV6NnpKTnJ4U3VSYm51eElDTFlwUXhMc1UKS4xUGWRtLZU7K8Q0
|
||||||
|
vwCwvntjoIxeNbLbzYbRRsOkmlu1T+V70iERWMSSWXVqqlX0FqffTw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
Loading…
Reference in a new issue