update: sputnik
This commit is contained in:
parent
bbe89f56fc
commit
74181f747f
6 changed files with 100 additions and 23 deletions
|
@ -1,7 +1,10 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs.git",
|
||||
"rev": "58f9c4c7d3a42c912362ca68577162e38ea8edfb",
|
||||
"date": "2020-11-18T12:49:40-05:00",
|
||||
"sha256": "1517dy07jf4zhzknqbgm617lgjxsn7a6k1vgq61c67f6h55qs5ij",
|
||||
"fetchSubmodules": false
|
||||
"rev": "a3a3dda3bacf61e8a39258a0ed9c924eeca8e293",
|
||||
"date": "2020-12-21T23:27:46+09:00",
|
||||
"path": "/nix/store/w6v7bln3aqbx4656fknf9q4w9wksk42r-nixpkgs",
|
||||
"sha256": "1ahn3srby9rjh7019b26n4rb4926di1lqdrclxfy2ff7nlf0yhd5",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
}
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs.git",
|
||||
"rev": "2deeb58f49480f468adca6b08291322de4dbce6b",
|
||||
"date": "2020-11-12T23:50:31+00:00",
|
||||
"sha256": "0fx2car6dcd1yz6jjkifcan0amwzhs3170h0r69k0wfwiaadpvjv",
|
||||
"fetchSubmodules": false
|
||||
"rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4",
|
||||
"date": "2020-12-09T15:09:49+01:00",
|
||||
"path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs",
|
||||
"sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53",
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
}
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
"url": "https://cgit.krebsco.de/nix-writers/",
|
||||
"rev": "fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1",
|
||||
"date": "2018-10-27T14:45:48+02:00",
|
||||
"path": "/nix/store/81f2li00frwb29kzk7wjw7b87l65s8bg-nix-writers",
|
||||
"sha256": "1iy207rcbz9nv9bf64025ypy38x8mwzl6snbmbrq347h6vvs0ksc",
|
||||
"fetchSubmodules": false
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
}
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
"url": "https://github.com/nix-community/nixos-generators.git",
|
||||
"rev": "ef1e4480cf8af45cfdeac597b2f1b1af33923e93",
|
||||
"date": "2019-01-18T10:41:01+01:00",
|
||||
"path": "/nix/store/61wmz4fvlyxnxhw9smkl897rhavj06ry-nixos-generators-ef1e448",
|
||||
"sha256": "0ymzp4pmpkjjjg5h8d45gv8avy4wh1dj0v238i2cz3jp3j489ik9",
|
||||
"fetchSubmodules": false
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
"leaveDotGit": false
|
||||
}
|
||||
|
|
|
@ -429,7 +429,7 @@ in {
|
|||
# };
|
||||
#};
|
||||
|
||||
hot = 22;
|
||||
hot = 23;
|
||||
cold = 14;
|
||||
|
||||
fyrtur_command = device: position: {
|
||||
|
|
|
@ -55,7 +55,38 @@ in {
|
|||
extraConfig = error.extraConfig;
|
||||
|
||||
locations = {
|
||||
"/" = { proxyPass = "http://workhorse.private:3000"; };
|
||||
"/" = {
|
||||
proxyPass = "http://workhorse.private:3000";
|
||||
extraConfig = ''
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
#
|
||||
# Custom headers and headers various browsers *should* be OK with but aren't
|
||||
#
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
#
|
||||
# Tell client that this pre-flight info is valid for 20 days
|
||||
#
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
if ($request_method = 'POST') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
||||
}
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
|
||||
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
|
||||
}
|
||||
'';
|
||||
};
|
||||
} // error.locations;
|
||||
};
|
||||
|
||||
|
@ -256,19 +287,53 @@ in {
|
|||
|
||||
services.sslh = {
|
||||
enable = true;
|
||||
listenAddress = "0.0.0.0";
|
||||
listenAddresses = [ "0.0.0.0" ];
|
||||
port = 443;
|
||||
verbose = false;
|
||||
verbose = true;
|
||||
transparent = true;
|
||||
appendConfig = # json
|
||||
''
|
||||
protocols:
|
||||
(
|
||||
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
|
||||
{ name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
|
||||
{ name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
|
||||
);
|
||||
'';
|
||||
# List of protocols
|
||||
#
|
||||
# Each protocol entry consists of:
|
||||
# name: name of the probe. These are listed on the command line (ssh -?), plus 'regex' and 'timeout'.
|
||||
# service: (optional) libwrap service name (see hosts_access(5))
|
||||
# host, port: where to connect when this probe succeeds
|
||||
# log_level: 0 to turn off logging
|
||||
# 1 to log each incoming connection
|
||||
# keepalive: Should TCP keepalive be on or off for that
|
||||
# connection (default is off)
|
||||
# fork: Should a new process be forked for this protocol?
|
||||
# (only useful for sslh-select)
|
||||
# tfo_ok: Set to true if the server supports TCP FAST OPEN
|
||||
#
|
||||
# Probe-specific options:
|
||||
# (sslh will try each probe in order they are declared, and
|
||||
# connect to the first that matches.)
|
||||
#
|
||||
# tls:
|
||||
# sni_hostnames: list of FQDN for that target
|
||||
# alpn_protocols: list of ALPN protocols for that target, see:
|
||||
# https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
|
||||
#
|
||||
# if both sni_hostnames AND alpn_protocols are specified, both must match
|
||||
#
|
||||
# if neither are set, it is just checked whether this is the TLS protocol or not
|
||||
#
|
||||
# Obviously set the most specific probes
|
||||
# first, and if you use TLS with no ALPN/SNI
|
||||
# set it as the last TLS probe
|
||||
# regex:
|
||||
# regex_patterns: list of patterns to match for
|
||||
# that target.
|
||||
#
|
||||
# You can specify several of 'regex' and 'tls'.
|
||||
appendConfig = ''
|
||||
protocols:
|
||||
(
|
||||
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222";},
|
||||
{ name: "tls"; host: "localhost"; port: "4443";},
|
||||
{ name: "tinc"; host: "localhost"; port: "655"; }
|
||||
);
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services."socat-proxy" = {
|
||||
|
|
Loading…
Reference in a new issue