Merge branch 'main' of github.com:philip-peterson/petersweb-infra

This commit is contained in:
Philip Peterson 2024-12-24 06:50:02 -05:00
commit fae9eb26b6
5 changed files with 66 additions and 7 deletions

View file

@ -8,8 +8,9 @@
2200 #forgejo ssh
3000 #forgejo http
9090 #sync.io
8082 #webdav
9090 #sync.io
9091 #caddy
];
}

View file

@ -48,8 +48,17 @@ in {
time.timeZone = "America/Anchorage";
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age;
age.secrets.nearlyfreespeech.owner = "root";
age.secrets = {
nearlyfreespeech = {
file = ./secrets/nearlyfreespeech.age;
owner = "root";
};
webdav = {
file = ./secrets/webdav.age;
owner = "root";
};
};
environment.systemPackages = [
ddnsPkg
@ -144,15 +153,15 @@ in {
"webdav" = {
autoStart = true;
image = "dgraziotin/nginx-webdav-nononsense";
image = "quineglobal/nginx-webdav-nononsense@sha256:86002d386e433c3ed1d265d3aa7f921f96fb678651a913aaa92af8fb78870b1c";
volumes = [
"/mnt/webdav/data:/data"
"/mnt/webdav/config:/config"
(config.age.secrets."webdav".path + ":/password")
];
environment = {
"WEBDAV_USERNAME" = "foo";
# TODO
"WEBDAV_PASSWORD" = "bar";
"WEBDAV_USERNAME" = "ironmagma";
"WEBDAV_PASSWORD_FILE" = "/password";
"TZ" = "America/Anchorage";
"PUID" = "60"; # nginx user
@ -221,5 +230,11 @@ in {
environmentFile = config.age.secrets."nearlyfreespeech".path;
webroot = null;
};
certs."webdav.philippeterson.com" = {
dnsProvider = "nearlyfreespeech";
environmentFile = config.age.secrets."nearlyfreespeech".path;
webroot = null;
};
};
}

View file

@ -110,6 +110,39 @@
'';
};
};
"webdav.philippeterson.com" = {
serverName = "webdav.philippeterson.com";
enableACME = true;
onlySSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav
extraConfig = ''
# Pass required headers for WebDAV
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Pass Authorization header if required
proxy_set_header Authorization $http_authorization;
# Set timeouts for large file uploads or long WebDAV operations
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
# Increase client body size for large uploads
client_max_body_size 100M;
# Optional: Disable caching for WebDAV operations
proxy_buffering off;
proxy_cache off;
'';
};
};
"forge.quinefoundation.com-https" = {
serverName = "forge.quinefoundation.com";
enableACME = true;

View file

@ -5,4 +5,7 @@ in {
# NEARLYFREESPEECH_API_KEY
# NEARLYFREESPEECH_LOGIN
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
# WEBDAV_PASSWORD
"./webdav.age".publicKeys = [mainframePublicKey];
}

7
nixos/secrets/webdav.age Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyA3dVNY
SWE3TVY1aUx5d3QvRXlXMWpHUlUwbkJWMEh1VUx0MUh6NTdJOUZnCnNyTGdHdzlz
WlU1dUtDa3UwQ2FTbGhYbG9YeGhVZStXK2pVVjM4L0pTTDgKLS0tIGt1a3IxOFR6
YzVPVXFTVDFDQXV6NnpKTnJ4U3VSYm51eElDTFlwUXhMc1UKS4xUGWRtLZU7K8Q0
vwCwvntjoIxeNbLbzYbRRsOkmlu1T+V70iERWMSSWXVqqlX0FqffTw==
-----END AGE ENCRYPTED FILE-----