diff --git a/configs/sputnik/configuration.nix b/configs/sputnik/configuration.nix index ae7fd56..77aea0c 100644 --- a/configs/sputnik/configuration.nix +++ b/configs/sputnik/configuration.nix @@ -38,5 +38,15 @@ iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0 ''; + # enable all subdomains to be reached to make nginx rules easier + services.dnsmasq = with lib; { + enable = true; + extraConfig = '' + ${concatStringsSep "\n" + (flip mapAttrsToList config.module.cluster.services.tinc."private".hosts + (name: attrs: "address=/.${name}.private/${attrs.tincIp}"))} + ''; + }; + } diff --git a/configs/sputnik/nginx.nix b/configs/sputnik/nginx.nix index 19e4865..5803790 100644 --- a/configs/sputnik/nginx.nix +++ b/configs/sputnik/nginx.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 4443 ]; + networking.firewall.allowedUDPPorts = [ 80 443 4443 ]; services.nginx = { enable = true; @@ -130,6 +131,56 @@ }; }; + "nextcloud.ingolf-wagner.de" = { + listen = [ + { + addr = "0.0.0.0"; + port = 4443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + ]; + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://nextcloud.workhorse.private"; + extraConfig = '' + sub_filter "http://nextcloud.ingolf-wagner.de" "https://nextcloud.ingolf-wagner.de"; + # used for view/edit office file via Office Online Server + client_max_body_size 0; + ''; + }; + }; + + "nextcloud.gaykraft.com" = { + listen = [ + { + addr = "0.0.0.0"; + port = 4443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + ]; + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://nextcloud.workhorse.private"; + extraConfig = '' + sub_filter "http://nextcloud.gaykraft.com" "https://nextcloud.gaykraft.com"; + # used for view/edit office file via Office Online Server + client_max_body_size 0; + ''; + }; + }; + "seafile.gaykraft.com" = { listen = [ { diff --git a/configs/workhorse/configuration.nix b/configs/workhorse/configuration.nix index 189dde8..943fa31 100644 --- a/configs/workhorse/configuration.nix +++ b/configs/workhorse/configuration.nix @@ -24,6 +24,7 @@ ./transmission.nix ./weechat.nix ./wetten.nix + ./nextcloud.nix ]; diff --git a/configs/workhorse/nextcloud.nix b/configs/workhorse/nextcloud.nix new file mode 100644 index 0000000..4058a04 --- /dev/null +++ b/configs/workhorse/nextcloud.nix @@ -0,0 +1,12 @@ +{ + services.nextcloud = { + enable = true; + autoUpdateApps.enable = true; + config.adminpassFile = toString ; + #home = "/home/nextcloud"; + nginx.enable = true; + hostName = "nextcloud.workhorse.private"; + logLevel = 0; + config.extraTrustedDomains = [ "nextcloud.gaykraft.com" ]; + }; +}