daniel/dotfiles
1
0
Fork 0
Code Actions Activity
dotfiles/system/nixos/home-proxy.nix

63 lines
1.5 KiB
Nix
Raw Normal View History

wip: home proxy
2023-04-08 22:37:43 +00:00
{ pkgs, config, secret, ... }:
{
services.nginx.streamConfig = ''
fixup
2023-04-08 22:43:37 +00:00
resolver 1.1.1.1 ipv6=off;
argon: init system
2023-06-07 18:40:27 +00:00
upstream video {
server ${secret.nginx.upstream.video.hostname}:${builtins.toString secret.nginx.upstream.video.upstreamPort};
fixup
2023-04-09 00:11:14 +00:00
}
wip: home proxy
2023-04-08 22:37:43 +00:00
server {
argon: init system
2023-06-07 18:40:27 +00:00
listen ${builtins.toString secret.nginx.upstream.video.externalPort};
fixup
2023-04-09 00:11:14 +00:00
proxy_protocol on;
argon: init system
2023-06-07 18:40:27 +00:00
proxy_pass video;
wip: home proxy
2023-04-08 22:37:43 +00:00
}
'';
argon: init system
2023-06-07 18:40:27 +00:00
services.nginx = {
commonHttpConfig = ''
resolver 1.1.1.1;
'';
upstreams.dns = {
servers = {
Updates
2023-06-10 18:48:07 +00:00
"${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = {
fail_timeout = "5s";
};
"${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = {
backup = true;
};
argon: init system
2023-06-07 18:40:27 +00:00
};
Updates
2023-06-10 18:48:07 +00:00
extraConfig = ''
keepalive 8;
'';
argon: init system
2023-06-07 18:40:27 +00:00
};
virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "cache.daniel.sx";
locations."/${secret.adguardhome.auth}/dns-query" = {
recommendedProxySettings = true;
proxyPass = "https://dns";
extraConfig = ''
rewrite ^/${secret.adguardhome.auth}(.*)$ $1 break;
proxy_hide_header alt-svc;
'';
};
};
};
networking.firewall.interfaces."enp1s0".allowedTCPPorts = [
secret.nginx.upstream.video.externalPort
];
wip: home proxy
2023-04-08 22:37:43 +00:00
}
Copy permalink