mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-07 05:27:13 -06:00
Compare commits
2 commits
2fc17f3539
...
6c010d9f10
| Author | SHA1 | Date | |
|---|---|---|---|
|
6c010d9f10 | ||
|
|
83aab0bc63 |
5 changed files with 1489 additions and 936 deletions
|
|
@ -53,7 +53,7 @@ in
|
||||||
caddy
|
caddy
|
||||||
comfyui
|
comfyui
|
||||||
# filesorter
|
# filesorter
|
||||||
# firefly-iii
|
firefly-iii
|
||||||
forgejo
|
forgejo
|
||||||
# glance
|
# glance
|
||||||
jellyfin
|
jellyfin
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
config,
|
|
||||||
flake,
|
flake,
|
||||||
|
config,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
|
|
@ -12,8 +12,8 @@ let
|
||||||
smtpCfg = instances.smtp;
|
smtpCfg = instances.smtp;
|
||||||
hostCfg = instances.web;
|
hostCfg = instances.web;
|
||||||
host = serviceCfg.domains.url0;
|
host = serviceCfg.domains.url0;
|
||||||
dns0 = instances.web.dns.provider0;
|
dns = instances.web.dns.provider0;
|
||||||
dns0Path = "dns/${dns0}";
|
dnsPath = "dns/${dns}";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
microvm.vms = {
|
microvm.vms = {
|
||||||
|
|
@ -27,7 +27,6 @@ in
|
||||||
services = {
|
services = {
|
||||||
firefly-iii = {
|
firefly-iii = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# dataDir = serviceCfg.varPaths.path0;
|
|
||||||
enableNginx = false;
|
enableNginx = false;
|
||||||
poolConfig = {
|
poolConfig = {
|
||||||
"listen.owner" = config.services.caddy.user;
|
"listen.owner" = config.services.caddy.user;
|
||||||
|
|
@ -40,18 +39,18 @@ in
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
APP_URL = "https://${host}";
|
APP_URL = "https://${host}";
|
||||||
APP_KEY_FILE = "/run/secrets/pass";
|
APP_KEY_FILE = "/etc/firefly-secrets/pass";
|
||||||
# DB_PASSWORD_FILE = "/run/secrets/data";
|
DB_PASSWORD_FILE = "/etc/firefly-secrets/data";
|
||||||
# DB_CONNECTION = "pgsql";
|
DB_CONNECTION = "pgsql";
|
||||||
# DB_HOST = "db";
|
DB_HOST = "/run/postgresql";
|
||||||
# DB_DATABASE = "firefly";
|
DB_DATABASE = "firefly-iii";
|
||||||
# DB_USERNAME = "firefly";
|
DB_USERNAME = "firefly-iii";
|
||||||
MAIL_MAILER = smtpCfg.name;
|
MAIL_MAILER = smtpCfg.name;
|
||||||
MAIL_HOST = smtpCfg.hostname;
|
MAIL_HOST = smtpCfg.hostname;
|
||||||
MAIL_PORT = smtpCfg.ports.port0;
|
MAIL_PORT = smtpCfg.ports.port0;
|
||||||
MAIL_FROM = smtpCfg.email.address0;
|
MAIL_FROM = smtpCfg.email.address0;
|
||||||
MAIL_USERNAME = smtpCfg.email.address0;
|
MAIL_USERNAME = smtpCfg.email.address0;
|
||||||
MAIL_PASSWORD_FILE = "/run/secrets/smtp";
|
MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp";
|
||||||
MAIL_ENCRYPTION = "tls";
|
MAIL_ENCRYPTION = "tls";
|
||||||
SITE_OWNER = email.address2;
|
SITE_OWNER = email.address2;
|
||||||
};
|
};
|
||||||
|
|
@ -63,7 +62,7 @@ in
|
||||||
|
|
||||||
caddy = {
|
caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."${serviceCfg.interface.ip}" = {
|
virtualHosts.":80" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
root * ${config.services.firefly-iii.package}/public
|
root * ${config.services.firefly-iii.package}/public
|
||||||
|
|
||||||
|
|
@ -76,16 +75,16 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# postgresql = {
|
postgresql = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# ensureDatabases = [ "firefly" ];
|
ensureDatabases = [ "firefly-iii" ];
|
||||||
# ensureUsers = [
|
ensureUsers = [
|
||||||
# {
|
{
|
||||||
# name = "firefly";
|
name = "firefly-iii";
|
||||||
# ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
# }
|
}
|
||||||
# ];
|
];
|
||||||
# };
|
};
|
||||||
|
|
||||||
openssh = {
|
openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -117,10 +116,12 @@ in
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
chown root:firefly-iii /run/secrets/pass
|
mkdir -p /etc/firefly-secrets
|
||||||
chown root:firefly-iii /run/secrets/smtp
|
cp /run/secrets/pass /etc/firefly-secrets/pass
|
||||||
chmod 0640 /run/secrets/pass
|
cp /run/secrets/data /etc/firefly-secrets/data
|
||||||
chmod 0640 /run/secrets/smtp
|
cp /run/secrets/smtp /etc/firefly-secrets/smtp
|
||||||
|
chmod 755 /etc/firefly-secrets
|
||||||
|
chmod 644 /etc/firefly-secrets/*
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd-networkd.wantedBy = [ "multi-user.target" ];
|
systemd-networkd.wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -128,7 +129,7 @@ in
|
||||||
network = {
|
network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
networks."20-lan" = {
|
networks."20-lan" = {
|
||||||
matchConfig.Name = "enp0s5";
|
matchConfig.Name = "enp0s6";
|
||||||
addresses = [
|
addresses = [
|
||||||
{ Address = "${serviceCfg.interface.ip}/24"; }
|
{ Address = "${serviceCfg.interface.ip}/24"; }
|
||||||
];
|
];
|
||||||
|
|
@ -183,15 +184,15 @@ in
|
||||||
{
|
{
|
||||||
mountPoint = "/var/lib/${serviceCfg.name}";
|
mountPoint = "/var/lib/${serviceCfg.name}";
|
||||||
proto = "virtiofs";
|
proto = "virtiofs";
|
||||||
source = "${serviceCfg.mntPaths.path0}";
|
source = "${serviceCfg.mntPaths.path0}/data";
|
||||||
tag = "${serviceCfg.name}_data";
|
tag = "${serviceCfg.name}_data";
|
||||||
}
|
}
|
||||||
# {
|
{
|
||||||
# mountPoint = "/var/lib/postgresql";
|
mountPoint = "/var/lib/postgresql";
|
||||||
# proto = "virtiofs";
|
proto = "virtiofs";
|
||||||
# source = "${serviceCfg.mntPaths.path0}/database";
|
source = "${serviceCfg.mntPaths.path0}/database";
|
||||||
# tag = "${serviceCfg.name}_database";
|
tag = "${serviceCfg.name}_database";
|
||||||
# }
|
}
|
||||||
{
|
{
|
||||||
mountPoint = "/run/secrets";
|
mountPoint = "/run/secrets";
|
||||||
proto = "virtiofs";
|
proto = "virtiofs";
|
||||||
|
|
@ -207,15 +208,15 @@ in
|
||||||
users.users.caddy.extraGroups = [ "acme" ];
|
users.users.caddy.extraGroups = [ "acme" ];
|
||||||
|
|
||||||
security.acme.certs."${host}" = {
|
security.acme.certs."${host}" = {
|
||||||
dnsProvider = dns0;
|
dnsProvider = dns;
|
||||||
environmentFile = config.sops.secrets.${dns0Path}.path;
|
environmentFile = config.sops.secrets.${dnsPath}.path;
|
||||||
group = "caddy";
|
group = "caddy";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
|
||||||
# "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
|
||||||
# "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
|
|
@ -225,7 +226,8 @@ in
|
||||||
name = "${serviceCfg.name}/${secret}";
|
name = "${serviceCfg.name}/${secret}";
|
||||||
value = {
|
value = {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "600";
|
group = "root";
|
||||||
|
mode = "0644";
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
@ -237,7 +239,7 @@ in
|
||||||
};
|
};
|
||||||
services.caddy.virtualHosts."${host}" = {
|
services.caddy.virtualHosts."${host}" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
reverse_proxy ${serviceCfg.interface.ip}:80
|
reverse_proxy http://${serviceCfg.interface.ip}:80
|
||||||
|
|
||||||
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
|
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
|
||||||
|
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
|
|
@ -52,16 +52,16 @@ in
|
||||||
${serviceCfg.name} = {
|
${serviceCfg.name} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
localDomain = host;
|
localDomain = host;
|
||||||
secretKeyBaseFile = "/run/mastodon-secrets/pass";
|
secretKeyBaseFile = "/etc/mastodon-secrets/pass";
|
||||||
streamingProcesses = 7;
|
streamingProcesses = 7;
|
||||||
trustedProxy = hostCfg.localhost.address1;
|
trustedProxy = hostCfg.localhost.address0;
|
||||||
automaticMigrations = true;
|
automaticMigrations = true;
|
||||||
database = {
|
database = {
|
||||||
createLocally = true;
|
createLocally = true;
|
||||||
name = serviceCfg.name;
|
name = serviceCfg.name;
|
||||||
host = "/run/postgresql";
|
host = "/run/postgresql";
|
||||||
user = serviceCfg.name;
|
user = serviceCfg.name;
|
||||||
passwordFile = "/run/mastodon-secrets/database";
|
passwordFile = "/etc/mastodon-secrets/database";
|
||||||
};
|
};
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
SINGLE_USER_MODE = "true";
|
SINGLE_USER_MODE = "true";
|
||||||
|
|
@ -116,7 +116,7 @@ in
|
||||||
createLocally = false;
|
createLocally = false;
|
||||||
fromAddress = "upRootNutrition <${smtpCfg.email.address1}>";
|
fromAddress = "upRootNutrition <${smtpCfg.email.address1}>";
|
||||||
host = smtpCfg.hostname;
|
host = smtpCfg.hostname;
|
||||||
passwordFile = "/run/mastodon-secrets/smtp";
|
passwordFile = "/etc/mastodon-secrets/smtp";
|
||||||
port = smtpCfg.ports.port1;
|
port = smtpCfg.ports.port1;
|
||||||
user = smtpCfg.email.address1;
|
user = smtpCfg.email.address1;
|
||||||
};
|
};
|
||||||
|
|
@ -134,7 +134,10 @@ in
|
||||||
}
|
}
|
||||||
|
|
||||||
handle /api/v1/streaming/* {
|
handle /api/v1/streaming/* {
|
||||||
reverse_proxy unix//run/mastodon-streaming/streaming.socket
|
reverse_proxy unix//run/mastodon-streaming/streaming.socket {
|
||||||
|
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||||||
|
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
route * {
|
route * {
|
||||||
|
|
@ -142,7 +145,10 @@ in
|
||||||
root ${pkgs.mastodon}/public
|
root ${pkgs.mastodon}/public
|
||||||
pass_thru
|
pass_thru
|
||||||
}
|
}
|
||||||
reverse_proxy * unix//run/mastodon-web/web.socket
|
reverse_proxy * unix//run/mastodon-web/web.socket {
|
||||||
|
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
|
||||||
|
header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
handle_errors {
|
handle_errors {
|
||||||
|
|
@ -198,57 +204,52 @@ in
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
services = {
|
services = {
|
||||||
systemd-networkd.wantedBy = [ "multi-user.target" ];
|
mastodon-init-dirs = {
|
||||||
mastodon-web.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-1.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-2.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-3.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-4.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-5.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-6.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-streaming-7.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-sidekiq-all.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-sidekiq-default.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-sidekiq-ingress.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-sidekiq-mailers.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-sidekiq-push-pull.wantedBy = [ "multi-user.target" ];
|
|
||||||
mastodon-init-db = {
|
|
||||||
environment = {
|
|
||||||
DISABLE_BOOTSNAP = "1";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
TimeoutStartSec = "10min";
|
PrivateMounts = lib.mkForce false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
copy-secrets-to-tmpfs = {
|
mastodon-web = {
|
||||||
description = "Copy secrets from virtiofs to tmpfs";
|
serviceConfig = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
PrivateMounts = lib.mkForce false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mastodon-streaming-1 = {
|
||||||
|
serviceConfig = {
|
||||||
|
PrivateMounts = lib.mkForce false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mastodon-streaming-2.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-streaming-3.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-streaming-4.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-streaming-5.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-streaming-6.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-streaming-7.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-sidekiq-all.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-sidekiq-default.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-sidekiq-ingress.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-sidekiq-mailers.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-sidekiq-push-pull.serviceConfig.PrivateMounts = lib.mkForce false;
|
||||||
|
mastodon-copy-secrets = {
|
||||||
|
description = "Copy secrets from virtiofs to local filesystem";
|
||||||
before = [ "mastodon-init-dirs.service" ];
|
before = [ "mastodon-init-dirs.service" ];
|
||||||
|
requiredBy = [ "mastodon-init-dirs.service" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p /run/mastodon-secrets
|
mkdir -p /etc/mastodon-secrets
|
||||||
mkdir -p /run/mastodon-web
|
cp /run/secrets/pass /etc/mastodon-secrets/pass
|
||||||
cp /run/secrets/pass /run/mastodon-secrets/pass
|
cp /run/secrets/database /etc/mastodon-secrets/database
|
||||||
cp /run/secrets/smtp /run/mastodon-secrets/smtp
|
cp /run/secrets/redis /etc/mastodon-secrets/redis
|
||||||
cp /run/secrets/database /run/mastodon-secrets/database
|
cp /run/secrets/smtp /etc/mastodon-secrets/smtp
|
||||||
cp /run/secrets/redis /run/mastodon-secrets/redis
|
chmod 755 /etc/mastodon-secrets
|
||||||
chown root:mastodon /run/mastodon-secrets/*
|
chmod 644 /etc/mastodon-secrets/*
|
||||||
chmod 0640 /run/mastodon-secrets/*
|
|
||||||
chown mastodon:mastodon /run/mastodon-web
|
|
||||||
chmod 0755 /run/mastodon-web
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
caddy = {
|
|
||||||
after = [ "copy-secrets-to-tmpfs.service" ];
|
|
||||||
requires = [ "copy-secrets-to-tmpfs.service" ];
|
|
||||||
serviceConfig.ReadWriteDirectories = lib.mkForce [
|
|
||||||
"/var/lib/caddy"
|
|
||||||
"/run/mastodon-web"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
network = {
|
network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -267,10 +268,24 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
services = {
|
||||||
|
mastodon-init-db = {
|
||||||
|
serviceConfig = {
|
||||||
|
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
|
||||||
|
};
|
||||||
tmpfiles.rules = [
|
tmpfiles.rules = [
|
||||||
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
|
"d /var/lib/mastodon 0755 mastodon mastodon -"
|
||||||
|
"Z /var/lib/mastodon 0755 mastodon mastodon -"
|
||||||
"Z /var/lib/postgresql 0755 postgres postgres -"
|
"Z /var/lib/postgresql 0755 postgres postgres -"
|
||||||
|
"d /var/cache/mastodon/precompile 0755 mastodon mastodon -"
|
||||||
|
"d /var/lib/mastodon/public-system 0755 mastodon mastodon -"
|
||||||
|
"d /var/lib/mastodon/public-system/accounts 0755 mastodon mastodon -"
|
||||||
|
"d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -"
|
||||||
|
"d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -"
|
||||||
|
"d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -335,7 +350,8 @@ in
|
||||||
name = "${serviceCfg.name}/${secret}";
|
name = "${serviceCfg.name}/${secret}";
|
||||||
value = {
|
value = {
|
||||||
owner = "root";
|
owner = "root";
|
||||||
mode = "0600";
|
group = "root";
|
||||||
|
mode = "0644";
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
[
|
[
|
||||||
|
|
@ -351,12 +367,15 @@ in
|
||||||
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
|
||||||
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
|
||||||
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
|
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
services.caddy.virtualHosts."${host}" = {
|
services.caddy.virtualHosts."${host}" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
reverse_proxy http://${serviceCfg.interface.ip}:80
|
reverse_proxy http://${serviceCfg.interface.ip}:80 {
|
||||||
|
header_up X-Forwarded-Proto {scheme}
|
||||||
|
header_up X-Real-IP {remote_host}
|
||||||
|
header_up X-Forwarded-For {remote_host}
|
||||||
|
}
|
||||||
|
|
||||||
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
|
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,43 +0,0 @@
|
||||||
{ flake, ... }:
|
|
||||||
let
|
|
||||||
inherit (flake.config.services.instances)
|
|
||||||
owncast
|
|
||||||
web
|
|
||||||
;
|
|
||||||
service = owncast;
|
|
||||||
localhost = web.localhost.address1;
|
|
||||||
host = service.domains.url0;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services = {
|
|
||||||
owncast = {
|
|
||||||
enable = true;
|
|
||||||
listen = localhost;
|
|
||||||
port = service.ports.port0;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
caddy = {
|
|
||||||
virtualHosts = {
|
|
||||||
"${host}" = {
|
|
||||||
extraConfig = ''
|
|
||||||
reverse_proxy ${localhost}:${toString service.ports.port0}
|
|
||||||
|
|
||||||
tls ${service.ssl.cert} ${service.ssl.key}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
service.ports.port0
|
|
||||||
service.ports.port1
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# OBS Server rtmp://192.168.50.140:1935/live
|
|
||||||
}
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue