Merge branch 'main' of github.com:philip-peterson/petersweb-infra
This commit is contained in:
commit
fae9eb26b6
5 changed files with 66 additions and 7 deletions
|
|
@ -8,8 +8,9 @@
|
|||
2200 #forgejo ssh
|
||||
3000 #forgejo http
|
||||
|
||||
9090 #sync.io
|
||||
8082 #webdav
|
||||
|
||||
9090 #sync.io
|
||||
9091 #caddy
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,8 +48,17 @@ in {
|
|||
|
||||
time.timeZone = "America/Anchorage";
|
||||
|
||||
age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age;
|
||||
age.secrets.nearlyfreespeech.owner = "root";
|
||||
age.secrets = {
|
||||
nearlyfreespeech = {
|
||||
file = ./secrets/nearlyfreespeech.age;
|
||||
owner = "root";
|
||||
};
|
||||
|
||||
webdav = {
|
||||
file = ./secrets/webdav.age;
|
||||
owner = "root";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
ddnsPkg
|
||||
|
|
@ -144,15 +153,15 @@ in {
|
|||
|
||||
"webdav" = {
|
||||
autoStart = true;
|
||||
image = "dgraziotin/nginx-webdav-nononsense";
|
||||
image = "quineglobal/nginx-webdav-nononsense@sha256:86002d386e433c3ed1d265d3aa7f921f96fb678651a913aaa92af8fb78870b1c";
|
||||
volumes = [
|
||||
"/mnt/webdav/data:/data"
|
||||
"/mnt/webdav/config:/config"
|
||||
(config.age.secrets."webdav".path + ":/password")
|
||||
];
|
||||
environment = {
|
||||
"WEBDAV_USERNAME" = "foo";
|
||||
# TODO
|
||||
"WEBDAV_PASSWORD" = "bar";
|
||||
"WEBDAV_USERNAME" = "ironmagma";
|
||||
"WEBDAV_PASSWORD_FILE" = "/password";
|
||||
"TZ" = "America/Anchorage";
|
||||
|
||||
"PUID" = "60"; # nginx user
|
||||
|
|
@ -221,5 +230,11 @@ in {
|
|||
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||
webroot = null;
|
||||
};
|
||||
|
||||
certs."webdav.philippeterson.com" = {
|
||||
dnsProvider = "nearlyfreespeech";
|
||||
environmentFile = config.age.secrets."nearlyfreespeech".path;
|
||||
webroot = null;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -110,6 +110,39 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"webdav.philippeterson.com" = {
|
||||
serverName = "webdav.philippeterson.com";
|
||||
enableACME = true;
|
||||
onlySSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav
|
||||
extraConfig = ''
|
||||
# Pass required headers for WebDAV
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# Pass Authorization header if required
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
|
||||
# Set timeouts for large file uploads or long WebDAV operations
|
||||
proxy_read_timeout 300;
|
||||
proxy_connect_timeout 300;
|
||||
proxy_send_timeout 300;
|
||||
|
||||
# Increase client body size for large uploads
|
||||
client_max_body_size 100M;
|
||||
|
||||
# Optional: Disable caching for WebDAV operations
|
||||
proxy_buffering off;
|
||||
proxy_cache off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"forge.quinefoundation.com-https" = {
|
||||
serverName = "forge.quinefoundation.com";
|
||||
enableACME = true;
|
||||
|
|
|
|||
|
|
@ -5,4 +5,7 @@ in {
|
|||
# NEARLYFREESPEECH_API_KEY
|
||||
# NEARLYFREESPEECH_LOGIN
|
||||
"./nearlyfreespeech.age".publicKeys = [mainframePublicKey];
|
||||
|
||||
# WEBDAV_PASSWORD
|
||||
"./webdav.age".publicKeys = [mainframePublicKey];
|
||||
}
|
||||
|
|
|
|||
7
nixos/secrets/webdav.age
Normal file
7
nixos/secrets/webdav.age
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyA3dVNY
|
||||
SWE3TVY1aUx5d3QvRXlXMWpHUlUwbkJWMEh1VUx0MUh6NTdJOUZnCnNyTGdHdzlz
|
||||
WlU1dUtDa3UwQ2FTbGhYbG9YeGhVZStXK2pVVjM4L0pTTDgKLS0tIGt1a3IxOFR6
|
||||
YzVPVXFTVDFDQXV6NnpKTnJ4U3VSYm51eElDTFlwUXhMc1UKS4xUGWRtLZU7K8Q0
|
||||
vwCwvntjoIxeNbLbzYbRRsOkmlu1T+V70iERWMSSWXVqqlX0FqffTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
Loading…
Reference in a new issue