diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix index a793b5b..360aaa9 100644 Binary files a/secret/hosts/attic.nix and b/secret/hosts/attic.nix differ diff --git a/system/nixos/home-proxy.nix b/system/nixos/home-proxy.nix index 3efcca7..8bb1685 100644 --- a/system/nixos/home-proxy.nix +++ b/system/nixos/home-proxy.nix @@ -5,15 +5,15 @@ resolver 1.1.1.1 ipv6=off; upstream home { - server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.port}; + server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.upstreamPort}; } server { - listen ${builtins.toString secret.nginx.upstream.home.port}; + listen ${builtins.toString secret.nginx.upstream.home.externalPort}; proxy_protocol on; proxy_pass home; } ''; - networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.port ]; + networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.externalPort ]; } diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index c465004..c7a984d 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -43,9 +43,42 @@ }; }; + services.nginx.virtualHosts."jellyfin.home.kempkens.io" = { + listen = [ + { + addr = "0.0.0.0"; + port = 9921; + ssl = true; + extraParameters = [ "proxy_protocol" ]; + } + ]; + + quic = true; + http3 = true; + + onlySSL = true; + useACMEHost = "internal.kempkens.network"; + + extraConfig = '' + set_real_ip_from 100.76.233.31/32; + real_ip_header proxy_protocol; + ''; + + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:8096"; + }; + + locations."/socket" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; + }; + }; + networking.firewall.interfaces = let - ports = [ 9920 ]; + ports = [ 9920 9921 ]; in { "ens3".allowedTCPPorts = ports;