glennwso/nixos-selfhost
1
0
Fork 0
Code Issues 2 Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: glennwso:4eb4b439d0a9442195ec49a94299ef02de19fb7e
Branches Tags
glennwso:main
glennwso:rebase
...
compare: glennwso:451b952b3754bc5f762bb2c28d960071c019a35a
Branches Tags
glennwso:main
glennwso:rebase

14 commits
4eb4b439d0 ... 451b952b37

Author SHA1 Message Date
admin 451b952b37 init: mailserver 2024-04-04 15:05:25 +02:00
admin 5301db0656 homepage back up again :) 2024-04-04 13:40:20 +02:00
admin 445dd15c12 SSL for git server 2024-04-03 12:59:26 +02:00
admin dcc5594bc9 fix: nextcloud 2024-04-03 12:59:00 +02:00
admin 11d08b6bf6 bump lock 2024-04-02 21:00:51 +02:00
admin a39578fea0 enable nextcloud 2024-04-02 19:25:00 +02:00
admin 77f95e8f84 disable tailserve of filebrowser 2024-04-02 19:24:26 +02:00
admin 8201cafa28 fix: acme was blocked by tailscale 2024-04-02 17:55:12 +02:00
admin 972a83efac enable turn 2024-04-02 13:56:35 +02:00
admin 0402b4b0ee git graph 2024-04-02 13:53:57 +02:00
admin 09d9b3a172 disable: tunnel becouse it prevented acme 2024-04-02 13:53:25 +02:00
admin d413a5f2b1 revert: flake.lock matrix 2024-04-02 13:52:13 +02:00
admin cb0ddd5072 fix: dubble config redis 2024-04-02 11:03:48 +02:00
admin 4d9d07cabe gitui 2024-04-02 10:47:01 +02:00
16 changed files with 340 additions and 74 deletions
Show stats Expand all files Collapse all files

2
configuration.nix
View file

@ -115,6 +115,8 @@
filebrowser filebrowser
dufs dufs
git git
git-graph
gitui
helix helix
nil nil
starship starship

33
coturn.nix
View file

@ -56,17 +56,30 @@
allowedTCPPorts = [ 3478 5349 ]; allowedTCPPorts = [ 3478 5349 ];
}; };
}; };
# get a certificate services.nginx = {
security.acme.certs.${config.services.coturn.realm} = { enable = true;
/* insert here the right configuration to obtain a certificate */ virtualHosts."turn.sondell.org" = {
postRun = "systemctl restart coturn.service"; forceSSL = true;
group = "turnserver"; enableACME = true;
};
}; };
# configure synapse to point users to coturn # get a certificate
# services.matrix-synapse = with config.services.coturn; { users.users.nginx.extraGroups = [
# turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"]; "turnserver"
# turn_shared_secret = static-auth-secret; ];
# turn_user_lifetime = "1h"; # security.acme.certs.${config.services.coturn.realm} = {
# /* insert here the right configuration to obtain a certificate */
# postRun = "systemctl restart coturn.service";
# group = "turnserver";
# }; # };
# configure synapse to point users to coturn
services.matrix-synapse = with config.services.coturn; {
settings.turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
settings.turn_user_lifetime = "1h";
# turn_shared_secret = static-auth-secret;
extraConfigFiles = [
config.services.coturn.static-auth-secret-file
];
};
} }

104
dbg/err.log Normal file
View file

@ -0,0 +1,104 @@
apr 03 10:27:48 nixos Nextcloud[150872]: {"reqId":"pW9oiFQa0uFJNtYkN650",
"level":4,
"time":"2024-04-03T08:27:48+00:00",
"remoteAddr":"",
"user":"--",
"app":"no app in context",
"method":"",
"url":"--",
"message":"{\"Exception\":\"RedisException\",
\"Message\":\"ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?\",
\"Code\":0,
\"Trace\":[{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\",
\"line\":123,
\"function\":\"auth\",
\"class\":\"Redis\",
\"type\":\"->\",
\"args\":[\"*** sensitive parameters replaced ***\"]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\",
\"line\":158,
\"function\":\"create\",
\"class\":\"OC\\\\RedisFactory\",
\"type\":\"->\",
\"args\":[\"*** sensitive parameters replaced ***\"]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\",
\"line\":70,
\"function\":\"getInstance\",
\"class\":\"OC\\\\RedisFactory\",
\"type\":\"->\",
\"args\":[]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/Memcache/Redis.php\",
\"line\":76,
\"function\":\"getCache\",
\"class\":\"OC\\\\Memcache\\\\Redis\",
\"type\":\"->\",
\"args\":[]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/Manager.php\",
\"line\":113,
\"function\":\"get\",
\"class\":\"OC\\\\Memcache\\\\Redis\",
\"type\":\"->\",
\"args\":[\"events\"]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\",
\"line\":71,
\"function\":\"getAllConfiguredEvents\",
\"class\":\"OCA\\\\WorkflowEngine\\\\Manager\",
\"type\":\"->\",
\"args\":[]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/FunctionInjector.php\",
\"line\":45,
\"function\":\"registerRuleListeners\",
\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\",
\"type\":\"->\",
\"args\":[[\"OC\\\\EventDispatcher\\\\EventDispatcher\"],
[\"OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer\"],
[\"OC\\\\AppFramework\\\\ScopedPsrLogger\"]]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/BootContext.php\",
\"line\":50,
\"function\":\"injectFn\",
\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\FunctionInjector\",
\"type\":\"->\",
\"args\":[[\"Closure\"]]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/apps/workflowengine/lib/AppInfo/Application.php\",
\"line\":63,
\"function\":\"injectFn\",
\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\",
\"type\":\"->\",
\"args\":[[\"Closure\"]]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/AppFramework/Bootstrap/Coordinator.php\",
\"line\":200,
\"function\":\"boot\",
\"class\":\"OCA\\\\WorkflowEngine\\\\AppInfo\\\\Application\",
\"type\":\"->\",
\"args\":[[\"OC\\\\AppFramework\\\\Bootstrap\\\\BootContext\"]]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\",
\"line\":434,
\"function\":\"bootApp\",
\"class\":\"OC\\\\AppFramework\\\\Bootstrap\\\\Coordinator\",
\"type\":\"->\",
\"args\":[\"workflowengine\"]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/App/AppManager.php\",
\"line\":213,
\"function\":\"loadApp\",
\"class\":\"OC\\\\App\\\\AppManager\",
\"type\":\"->\",
\"args\":[\"workflowengine\"]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/legacy/OC_App.php\",
\"line\":125,
\"function\":\"loadApps\",
\"class\":\"OC\\\\App\\\\AppManager\",
\"type\":\"->\",
\"args\":[[]]},
{\"file\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/cron.php\",
\"line\":55,
\"function\":\"loadApps\",
\"class\":\"OC_App\",
\"type\":\"::\",
\"args\":[]}],
\"File\":\"/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3/lib/private/RedisFactory.php\",
\"Line\":123,
\"message\":\"Could not boot workflowengine: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?\",
\"exception\":{},
\"CustomMessage\":\"Could not boot workflowengine: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?\"}",
"userAgent":"--",
"version":"28.0.3.2"}

1
dbg/nextcloud Symbolic link
View file

@ -0,0 +1 @@
/nix/store/75z9bwr5zn527sj6wg6f8g737k7yhlrl-nextcloud-28.0.3

1
dbg/nextcloud.cfg Symbolic link
View file

@ -0,0 +1 @@
/var/lib/nextcloud

1
dbg/nextredis.cfg Symbolic link
View file

@ -0,0 +1 @@
/var/lib/redis-nextcloud

1
dbg/redis-nixos.conf Symbolic link
View file

@ -0,0 +1 @@
/nix/store/alsv8fyd8m1j006sz7c6p8x9cn9kmz7f-redis.conf

2
filebrowser.nix
View file

@ -19,7 +19,7 @@ in
}; };
systemd.services.tailBrowser = with pkgs; { systemd.services.tailBrowser = with pkgs; {
enable = true; enable = false;
description = "serve via tailscale filebrowser"; description = "serve via tailscale filebrowser";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
unitConfig = { unitConfig = {

95
flake.lock
View file

@ -1,5 +1,37 @@
{ {
"nodes": { "nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@ -39,13 +71,36 @@
"url": "https://git.sondell.org/glennwso/home.git" "url": "https://git.sondell.org/glennwso/home.git"
} }
}, },
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
"lastModified": 1710449465,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1709237383, "lastModified": 1711703276,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -58,6 +113,7 @@
"root": { "root": {
"inputs": { "inputs": {
"home": "home", "home": "home",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
}, },
@ -75,6 +131,39 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

10
flake.nix
View file

@ -2,11 +2,16 @@
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.home.url = "git+https://git.sondell.org/glennwso/home.git"; inputs.home.url = "git+https://git.sondell.org/glennwso/home.git";
inputs.home.inputs.nixpkgs.follows = "nixpkgs"; inputs.home.inputs.nixpkgs.follows = "nixpkgs";
inputs.nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, home }@attrs: outputs = { self, nixpkgs, home, nixos-mailserver}@attrs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
homepage = home.packages.${system}.default; homepage = home.packages.${system}.default;
mailserver = nixos-mailserver.nixosModules.default;
in in
{ {
# replace 'joes-desktop' with your hostname here. # replace 'joes-desktop' with your hostname here.
@ -24,8 +29,9 @@
./filebrowser.nix ./filebrowser.nix
./tail.nix ./tail.nix
./matrix.nix ./matrix.nix
./coturn.nix
(import ./mail.nix {inherit mailserver;})
(import ./homepage.nix {inherit homepage;}) (import ./homepage.nix {inherit homepage;})
# ./coturn.nix # disabled becouse tls not solved
]; ];
}; };

2
forgejo.nix
View file

@ -28,6 +28,8 @@ in
}; };
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://localhost:3000/"; proxyPass = "http://localhost:3000/";
}; };

40
mail.nix Normal file
View file

@ -0,0 +1,40 @@
{ mailserver , ... }:
{
imports = [
mailserver
];
mailserver = {
enable = true;
fqdn = "mail.sondell.org";
domains = [ "sondell.org" ];
# A list of all login accounts. To create the password hashes, use
# cat .secrets/nextadminpw | nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > .secrets/mailpw.hash
loginAccounts = {
"admin@sondell.org" = {
hashedPasswordFile = "/etc/nixos/.secrets/mailpw.hash";
aliases = ["info@sondell.org"];
};
};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.
certificateScheme = "acme-nginx";
};
# services.roundcube = {
# enable = true;
# # this is the url of the vhost, not necessarily the same as the fqdn of
# # the mailserver
# hostName = "webmail.sondell.org";
# extraConfig = ''
# # starttls needed for authentication, so the fqdn required to match
# # the certificate
# $config['smtp_server'] = "tls://${mailserver.fqdn}";
# $config['smtp_user'] = "%u";
# $config['smtp_pass'] = "%p";
# '';
# };
}

39
matrix.nix
View file

@ -2,7 +2,6 @@
let let
domain = "sondell.org"; domain = "sondell.org";
matrixAdress = "m.${domain}";
hostName = "matrix"; hostName = "matrix";
fqdn = "${hostName}.${domain}"; fqdn = "${hostName}.${domain}";
baseUrl = "https://${fqdn}"; baseUrl = "https://${fqdn}";
@ -53,11 +52,11 @@ services.postgresql = {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${fqdn} = { ${fqdn} = {
# enableACME = true; enableACME = true;
# forceSSL = true; forceSSL = true;
locations."/".extraConfig = '' # locations."/".extraConfig = ''
return 404; # return 404;
''; # '';
# Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
# *must not* be used here. # *must not* be used here.
locations."/_matrix".proxyPass = "http://[::1]:8008"; locations."/_matrix".proxyPass = "http://[::1]:8008";
@ -65,21 +64,21 @@ services.postgresql = {
locations."/_synapse/client".proxyPass = "http://[::1]:8008"; locations."/_synapse/client".proxyPass = "http://[::1]:8008";
}; };
${matrixAdress} = { ${domain} = {
# enableACME = true; enableACME = true;
# forceSSL = true; forceSSL = true;
locations."/" = { # locations."/" = {
proxyPass = "http://localhost:8008"; # proxyPass = "http://localhost:8008";
}; # };
# # This section is not needed if the server_name of matrix-synapse is equal to # This section is not needed if the server_name of matrix-synapse is equal to
# # the domain (i.e. example.org from @foo:example.org) and the federation port # the domain (i.e. example.org from @foo:example.org) and the federation port
# # is 8448. # is 8448.
# # Further reference can be found in the docs about delegation under # Further reference can be found in the docs about delegation under
# # https://element-hq.github.io/synapse/latest/delegate.html # https://element-hq.github.io/synapse/latest/delegate.html
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
# # This is usually needed for homeserver discovery (from e.g. other Matrix clients). # This is usually needed for homeserver discovery (from e.g. other Matrix clients).
# # Further reference can be found in the upstream docs at # Further reference can be found in the upstream docs at
# # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
}; };
}; };

57
nextcloud.nix
View file

@ -1,24 +1,18 @@
{ self, config, lib, pkgs, ... }: { self, config, lib, pkgs, ... }:
let domain = "cloud.sondell.org"; let
domain = "cloud.sondell.org";
nextcloud = pkgs.nextcloud28;
in in
{ {
# Based on https://carjorvaz.com/posts/the-holy-grail-nextcloud-setup-made-easy-by-nixos/
# security.acme = {
# acceptTerms = true;
# defaults = {
# email = "glennpub@proton.me";
# dnsProvider = "cloudflare";
# # # location of your CLOUDFLARE_DNS_API_TOKEN=[value]
# # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile=
# environmentFile = "/REPLACE/WITH/YOUR/PATH";
# };
# };
environment.systemPackages = [
nextcloud
];
services = { services = {
nginx.virtualHosts = { nginx.virtualHosts = {
${domain} = { ${domain} = {
# forceSSL = true; forceSSL = true;
# enableACME = true; enableACME = true;
# Use DNS Challenege. # Use DNS Challenege.
# acmeRoot = null; # acmeRoot = null;
}; };
@ -29,24 +23,27 @@ in
enable = true; enable = true;
hostName = domain; hostName = domain;
# Need to manually increment with every major upgrade. # Need to manually increment with every major upgrade.
package = pkgs.nextcloud28; package = nextcloud;
# Let NixOS install and configure the database automatically. # Let NixOS install and configure the database automatically.
database.createLocally = true; database.createLocally = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
# Increase the maximum file upload size. # Increase the maximum file upload size.
maxUploadSize = "16G"; maxUploadSize = "16G";
https = true; https = true;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
extraAppsEnable = true; extraAppsEnable = true;
# Let NixOS install and configure Redis caching automatically.
configureRedis = true;
settings = {
maintenance_window_start = 1;
};
extraOptions = { extraOptions = {
redis = { # redis = {
host = "/run/redis/redis.sock"; # # host = "/run/redis/redis.sock";
port = 0; # port = 0;
dbindex = 0; # dbindex = 0;
password = "secret"; # password = "secret";
timeout = 1.5; # timeout = 1.5;
}; # };
}; };
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in # List of apps we want to install and are already packaged in
@ -55,7 +52,7 @@ in
}; };
config = { config = {
overwriteProtocol = "https"; overwriteProtocol = "https";
# defaultPhoneRegion = "US"; defaultPhoneRegion = "SE";
dbtype = "pgsql"; dbtype = "pgsql";
adminuser = "admin"; adminuser = "admin";
adminpassFile = "/etc/nixos/.secrets/nextadminpw"; adminpassFile = "/etc/nixos/.secrets/nextadminpw";
@ -69,4 +66,14 @@ in
# startAt = "*-*-* 01:15:00"; # startAt = "*-*-* 01:15:00";
# }; # };
}; };
services.onlyoffice = {
enable = true;
port = 8123;
hostname = "office.sondell.org";
};
services.nginx.virtualHosts."office.sondell.org" = {
forceSSL = true;
enableACME = true;
# locations."/".proxyPass = "http://12:8123";
};
} }

2
tail.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
{ {
services.tailscale = { services.tailscale = {
enable =true; enable =false;
useRoutingFeatures = "both"; useRoutingFeatures = "both";
extraUpFlags = [ extraUpFlags = [
"--advertise-exit-node" "--advertise-exit-node"

24
tunnel.nix
View file

@ -3,19 +3,19 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
clientMaxBodySize = "10g"; clientMaxBodySize = "10g";
defaultHTTPListenPort = 1234; # defaultHTTPListenPort = 1234;
}; };
services.cloudflared = { services.cloudflared = {
enable = true; enable = false;
tunnels = { # tunnels = {
"tulpan" = { # "tulpan" = {
credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json"; # credentialsFile = "/etc/nixos/.secrets/tulpan-tunnel.json";
default = "http_status:404"; # default = "http_status:404";
ingress = { # ingress = {
"*.sondell.org" = "http://localhost:1234"; # "*.sondell.org" = "http://localhost:1234";
"sondell.org" = "http://localhost:1234"; # "sondell.org" = "http://localhost:1234";
}; # };
}; # };
}; # };
}; };
} }