gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

switch to cloudflare proxy for ipv4

Browse source
This commit is contained in:
Gerg-L 2023-03-15 18:28:03 -04:00
parent a33b8bd87c
commit 84b15db0af
3 changed files with 31 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

40
systems/gerg-desktop/containers/website.nix
View file

@ -9,6 +9,14 @@ _: {...}: {
"website/nextcloud" = { "website/nextcloud" = {
mode = "0444"; mode = "0444";
}; };
"website/ssl_key" = {
mode = "0444";
};
"website/ssl_cert" = {
mode = "0444";
};
}; };
containers."website" = { containers."website" = {
ephemeral = true; ephemeral = true;
@ -79,10 +87,8 @@ _: {...}: {
enable = true; enable = true;
package = pkgs.nextcloud25; package = pkgs.nextcloud25;
hostName = "next.gerg-l.com"; hostName = "next.gerg-l.com";
nginx.recommendedHttpHeaders = true;
enableBrokenCiphersForSSE = false;
https = true;
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
enableBrokenCiphersForSSE = false;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
dbhost = "/run/postgresql"; dbhost = "/run/postgresql";
@ -90,7 +96,6 @@ _: {...}: {
adminpassFile = "/secrets/nextcloud"; adminpassFile = "/secrets/nextcloud";
adminuser = "admin-root"; adminuser = "admin-root";
defaultPhoneRegion = "IL"; defaultPhoneRegion = "IL";
extraTrustedDomains = ["[2605:59c8:252e:500:200:ff:fe00:11]"];
}; };
}; };
postgresql = { postgresql = {
@ -116,18 +121,21 @@ _: {...}: {
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = let
"git.gerg-l.com" = { template = {
forceSSL = true; forceSSL = true;
enableACME = true; sslCertificate = "/secrets/ssl_cert";
locations."/" = { sslCertificateKey = "/secrets/ssl_key";
proxyPass = "http://localhost:${toString giteaPort}"; };
in {
"git.gerg-l.com" =
template
// {
locations."/" = {
proxyPass = "http://localhost:${toString giteaPort}";
};
}; };
}; "next.gerg-l.com" = template;
"next.gerg-l.com" = {
forceSSL = true;
enableACME = true;
};
}; };
}; };
openssh = { openssh = {
@ -143,10 +151,6 @@ _: {...}: {
requires = ["postgresql.service"]; requires = ["postgresql.service"];
after = ["postgresql.service"]; after = ["postgresql.service"];
}; };
security.acme = {
acceptTerms = true;
defaults.email = "gregleyda@proton.me";
};
}; };
}; };
} }

6
systems/gerg-desktop/default.nix
View file

@ -54,9 +54,13 @@ inputs: {
in ["L+ /home/gerg/.config/WebCord/Themes/black - - - - ${theme}"]; in ["L+ /home/gerg/.config/WebCord/Themes/black - - - - ${theme}"];
networking = { networking = {
useDHCP = false;
hostName = "gerg-desktop"; hostName = "gerg-desktop";
hostId = "288b56db"; hostId = "288b56db";
nameservers = ["192.168.1.1"]; nameservers = [
"192.168.1.1"
"2605:59c8:252e:500::1"
];
defaultGateway = "192.168.1.1"; defaultGateway = "192.168.1.1";
interfaces = { interfaces = {
"enp11s0" = { "enp11s0" = {

6
systems/gerg-desktop/secrets.yaml
View file

@ -5,6 +5,8 @@ website:
nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str] nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str] sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
sql_nextcloud: ENC[AES256_GCM,data:xkJioAZCCd8aIxS283UhZ2yfLgQ=,iv:7SQ2iSJShX6dDP3qD0KPaJP49CQ6RMHQ6uY5J/WODtI=,tag:HNXYa1L88mGB5uOrmTuFDg==,type:str] sql_nextcloud: ENC[AES256_GCM,data:xkJioAZCCd8aIxS283UhZ2yfLgQ=,iv:7SQ2iSJShX6dDP3qD0KPaJP49CQ6RMHQ6uY5J/WODtI=,tag:HNXYa1L88mGB5uOrmTuFDg==,type:str]
ssl_key: ENC[AES256_GCM,data:EBs5NZ5nHvC687N+YxY62MtJMK2Mi8FfhVrhrmOtmHLnZJlHEzljYBvImypvLEMA2v1++PEN+j7d/utv2kdHrSxBETKiE6ckk8DpjK6MWcjS2fVanYT/XRScJCLOx0PI6E2AR6L8snQ/Wp/3Ado+hLr6Ze7MI3DZd/gwJyrTZtdcSVzBGAJhmzgrF9/Hwb8qtFnJxj7z5kJ3FrXYdaobgSthsdjRpElGNJw0xgz3MVN67LVAMgkmkOXB6NF8FS5rsrvF2nYsqF0bkySCRSSjCjvlxRNAu3kUJQR+o4dA/Zu353z3mbh0driKAO2iih3rfRr+eVrTVjImoGVxpVcjEyCRI0vL8PBLgdC1L5uvE+KgodfaoBiCHTaQt++QbXsa29U4iO5U8hykt0JJW9yZSCaMAspZu/mb1EhChd5lj0q1WLgeGLAtzBN2QCIQ79yRs+nSK0Jgd9k/M4GC4+QufBAM1KZ9FrjZD5RgFuoGpvE69sR4MiekuNXTnFKwBp1WQo7MzWjutXN/x30k2JfaH/s9GoM0DZNPovg16Cgf7SLMCPUo9ynBbeFLOp/Pb+AhIQuNtjX8IpwJDYSJQAKrhUrV/NyI9OKjXVfIWO2yN5wIO2b2u72cIJrOgsMpYO1mGkyEbPtntew4EXPsgw8gdF7bfT6WPpJivvxNhGHSYuNDDoXvh+/t72yFXDuXu28/R6DIg+HmknYNu1On1sHZPrg9BnLny/4tD8OSYr4lKT/0FvQmspM6JPu5ZnxseJf3qjClQbcnwX4deqZX4JHhPXolDJ+LLycl4i62C7dTcO4/B/HLJ5J/+3WP9YvHd+FW3KlrRw/YVGcY+Mjn43/s0vgufH/VxFJ6+CIZZ8CiNt0MtMtajg5Xz8eFHbJRuKJlzzC5JQ1rJ2j0ZnZX19qmvC2nuowdZG7yDX9Htbgv0Elg7cNyO3T3NEKjbU2EjPj9NEah0zWzdymRVoVCv0E9EJIX73K/OSDNrjxJr5P8gNC4p/qD6Ufl3j9MTq1uujIQxFYEYQmSymQiaVbIbY2dmp5ISS6mioGJ4clQluuVsNNFQyFM0fM82Bsmk6MKlHaVk3pyvSLQ6j3R/YFtN9cwGKTdbcHmZIsTUF0XysU7LHM9JmHE9BXPsku01ONszHFlPz/GEgHGxB3bTthE2BHrTR9K6gZZy3j9/cpp6rZe711gnjyfWXpVOL2oPFL+nZZ17WDPOjD/w9KNB3Av4XSAHOJj8F6BcS7f6c69F9vTUlVeG7a6lTQ+4n5o/FQ+mPFyXgCJaMR88T+vYEG+tNbvZrGjyEYaDkfDOXfnqWL/ITDL/lD2YEdB/Vvi8cZtFqQ5fP91T/wOn9Gae0QG4zG6f1aKKW03WJKIvSMh0sUZ1QKVf/8KYUMBho1ZdXcjnxFpn0dpW8bCxIe3juhayyyGrLrMN1+Kr8aHYLTUcB4FU6DppD1esjJN05Y9Im9OqdLCK7UsldUb16j0Xk+2xYKqyQ8JniSL8XQaqeVIJnLaw0Vx1mvnrpe0GHPZVWxFjHzkFzx2H9+M5RuBqZnuWQtfAlCnQ631VvOG1BF+oY89CXG9d/SN6IY3kJ01LzG5XXbBnqeUjcNAIGwkHaVVn4w74Sko5hASWLX60Fo0Cq/BLuUw4qeZ/x0zPtICrl7JXcu4Ei+LO4aZVaDX/ZLw6nkN/GFf5Lc8FZ3COW9I39Dzo3VfK6wfMMnjNgk0cIQZqYC8oIhyexwE047+nwGw10h0jAerHqZmTsaWy+NCBweXWy2lHvQBGnXr8L0db0vrPr+XkrPmoDckSp2J0+/GPTQdWUWijPWLnd3K3hAU7jwkPwfAQNVpVPBbhTea51TcGej5CiphnEElIiuAvUO60kAxyRsbFYDESnJPCj5G+biiKVvN0rzrjU4KpS5wDgyJC8tq8SNv6tGUrqTsNKZXmKQ1wpEadQVam+hpC81HJOr8He51ZZm9OQLkfzN4U8dJx6ax27GOW/1OSzqEycZ3gNJE3MJmFyeRL9cY9+78L5ZB5UrpOJtFPm09fxKKY4A2/E/u70rnbWDkip8aKjflun3Skdr8meC1JiMW/awe8ausTy4cZzkkJWUqBogjTJCfH8UvOo1zwFRubOQLFeFrK3pSD74ALfG8OlT1mTnjSHc4xD6I11LTrGEetyfngNcRQElP44ipslaGno7390J6Tbv8i/8J1SPTvVzqSdHBIzjsMp0/HzyL4LuxRRn2mfrEuGaz0INeeYfATCJf/XsIrPX2uvnimJOLOKD4,iv:plv5vk1K1MvSvG4qfCgktRLaONHKYlJpKz89c9miGO4=,tag:FIOgCYD7X/G0I0+4XrtuQw==,type:str]
ssl_cert: ENC[AES256_GCM,data:+MVjz7j3LAjWNmNOw2tIWdyXGnNukLI9iQM+xoca0t4mZgU8TQcx71sanxD4SpnIOMy/vVNAUHJS3wAM7XMIbTy2S8qSG1bbk6EVC8TB7zfgSVY6BqD4H1lCiVe43AjWwc/qkdxGHO/nX8e7KkxFY4H7RnROdhqH1MYnXUvMXZgHrY/Bv/pNkJ/fC9UapQWKciw26uORk6Ji+ihmhp6h9qLUPIt4UBTljruUhr34UhwxQ1tib6j1GFdPcSpXmbnQ8dQ5s64DShs7aMcS87vwY5r2bZowaX+FdpWokDXCF3wXwS+vhS/pMvzcN0cKogT4uXC3FatIByuLpvb35JD0k2f8OYi1zdKNRyffFkveWySXzVUojq56zhyY6d0rFpW14s5m4WdBpQUDHLe1kO8B4EUv3ZmOQz+SgbPL9EQVzpwoQt2yNkFENJbu2Jvs3LVwoclLM81hOomSThPRMgbixRcttf1MbmU8ED1EoNwF04VgDbNDOOyZFsSkz2rOVTlv/gIWTnBgngh3nU+8VWU6PPbNvYliXvU2XRPhGnXeKH2yCyilQ7aLsWjjvco257p4XvS8g7uuFpyau1UkO81kc3R1qrBjyPdxZylDvxI7JCDQZqWxtNiRRRWTWd+4oHTt8REp7aZlGP9FLDW10LWnOtCe56dbuVvFQd/3mjF1YDEkqE7Q3ZotiV6JzbkouV1rue8jpReREDp7Dsm7ZPdBn58Z0c3NaI8OTffOhQ2oDEJn2I/lUuvGhrEU41SxLvDDmpNVi2ISI/c6PfdKlATKZUDVWP7L6nu2M1bb1HvVXaYoKxldZmLGSdVGk3rhY6HUVSM3BgsgkLiFO0AHui0ETQnkfuhy1T8IMPb3WaAQmHHzR9YipZ03xlUoOSeICgDohMw/bLaP4zNAs+gMgLssWJd8Jm9iK5K/OKN6gG0V7YFdUwNyeX7guEADND0hlT0mFkKlLKywBEGwiSdzrqIvrnE7tzUdD/SlL+WOYKBCByksHwmC51ImFe3/GapAPEoMlxtwy4o/E8nExL/WAMEoNT9wxV4/Mk5l5CT1sUDGG8ifzMVcq4LxPxvQDFYLyKf5Apg4f0MkB4kOvS5hFRF9Ewx3hEjHgKJL4HTWFPut7ktbGvYvfJTSvpyJv9s+uk+b69Y+YhwxFgCLc6oTkHoGaekGaQN8rbPGiomepDK/ZdYr/720zDZuC9Z1WMdRsR7E4GX1Ko31pQEk2tUWmjQk76hp299Sly7tjrh7mRtZXNNVhAzh3DEdqmTZPKNObXI/sf7KM4e0SzSbdJd4DdbV+S8vwbqBYdmEtBwSZNp0YnApBoEC/R7iPp7T98sdt2Y8cWcFITMyHTOQ0Qk9/hFzrdYi+rrOQ33AP/rjzOFp11t99nZKNZGuMucSTRUKgTuRLumjD5dS6PWuTm6k94HUNT8p8BSgGOBSIPqBdvZvKe7titvtfoH7iqoafHfePJ8sUd5dKZdpvDBl5bW2aiTB9v/qP/vlmThAG6t1ukmqbo3rS/6QC2N8X2X4GKqcPrVLKk1vtlnI4qWzLLieePxruJoWhctdp14CjKotVAzgYXtAvuKm1MI5gNWKRqwykeNS5w3C/CQT0KpyqUNLAkEa5+Fg4PUxeLCitpgnz6jq8+1WCltwdWAAkp8RwdMncbG2Jk6AA0iC6lu0kog9U7gsclRc16+jVFYPA+h3trbt8DnFLQTrCEaeOeRwli+WBibO31+0efk4D4e/IUz3c3PkNVwLV3RPFF7FeAo9w7HYOaHrmvbFevnbyUb+aI8i/EiDkoCzgaIcG9nOWSjBjNjZPrK5JZR+hXvTZ163k2eFj7uwfuQkUUakXfFJxLjHzko87oEiOsUkieEamp0yZ4n8eMq/BgNSPMYmnpmxaotdDB/czN5qM0myLKsDgHZso0sLMmPs1YfoDGjsZsMNaQh3C92XyzR4psSwy81wXFLahvt3E/DczOFaBoJ0VtmqFcGuYep/r3Ft6YCXf0y0Yruj5kZRSBvSSu6bfOwppA7gJKChlKKyRiKROMbt9Oh843tWuGKgKajOZZCY/mQH5D1VyxQ8YqxotgbCpEUu/gLPuqf2upCMxA+Vhw8plwrPUOmgnsjybdYoNayfzo28X8ek8ryWKHAcOrIAcCO9e6RHeuZFmstcJsDz7gjpolbufWu7oZkF9NoqksI46+1isb7iZ58U777RSLJWcGlrYdvzJA==,iv:QvDjeJf7D1eqdhDPO472F4MsM5DTcs+4aGgJfhI9J9k=,tag:jVGgIZqzaEqjRAGJxy/zCw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -20,8 +22,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-12T06:10:20Z" lastmodified: "2023-03-15T22:15:18Z"
mac: ENC[AES256_GCM,data:0x7fngutav44zWsytXfxrOYYWvJsAVPGhG4KC8Vu6mxVz27alK52ZksLraQ6C+vGzUiPca1cv6nN/+aYBzU0NdxIJQOeCr//H1oDf7X8k5wTzcwxDRxqu6og66zCuMcLW5WZhuaoCKSIZX120gVZe4a6q1E2JzbpaXwlzz7wH8E=,iv:Htgcu9LvHOV1Xsxknq2vf9GEE9WG6ffS7q0D50xLiac=,tag:p6AL3w5PgqvQg2MuZ+URRw==,type:str] mac: ENC[AES256_GCM,data:vH5LgIfeuBUoXdD4hlwQr5BpENNJVIaq1l2sPeb+SotX60+5ScPO0EgsK/ub6qhIGssevhanchis8LQ9sMr48LNmp/qCpJvGeJA8ny1Gvj2Mjri9z9/XC11Ev2Ta/slfgG/sv2YiIQWE0KomzuOVJ2ys+7mPNRl2X8pTer4jrxM=,iv:z63SujQLMcenGY1AYQb0/b1AzCWaLgaaiTuPbi+Qr14=,tag:iK/esalP5SkZLgyCAup5eQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3