Add frontends

2025-12-06 08:07:45 +00:00 · 2024-12-10 13:31:39 +00:00 · 2024-12-10 13:31:39 +00:00 · 92528d7121
commit 92528d7121
parent 4b3808c042
8 changed files with 87 additions and 58 deletions
--- a/hosts/muho/configuration.nix
+++ b/hosts/muho/configuration.nix
@ -1,9 +1,8 @@
 { config, lib, pkgs, inputs, system, ... }:
 let cfg = config.mods;
-
 in {
  # Hardware
-  imports = [ ./hardware-configuration.nix ];
+  imports = [ ./hardware-configuration.nix ../ports.nix ];

  # System
  mods.user.name = "muon";
@ -11,6 +10,10 @@ in {
  networking.hostId = "56e55e83";
  mods.home.file = ./home.nix;

+  # Hosting
+  networking.firewall.allowedTCPPorts =
+    lib.attrsets.mapAttrsToList (name: value: value) cfg.server.nginx.ports;
+
  # Modules
  mods.desktop.enable = true;
  mods.desktop.gaming.enable = true;
@ -21,6 +24,8 @@ in {

  mods.server.photos.enable = true;
  mods.server.search.enable = true;
+  mods.server.videos.enable = true;
+  mods.server.reddit.enable = true;

  mods.tailscale.enable = true;
  mods.wireguard.id = 3;
--- a/hosts/mups/configuration.nix
+++ b/hosts/mups/configuration.nix
@ -9,7 +9,7 @@ let

 in {
  # Hardware
-  imports = [ ./hardware-configuration.nix ];
+  imports = [ ./hardware-configuration.nix ../ports.nix ];

  # System
  mods.user.name = "muon";
@ -42,16 +42,18 @@ in {
  boot.loader.grub.device = "/dev/vda";
  boot.initrd.checkJournalingFS = false;

-  # services.static-web-server = {
-  #   enable = true;
-  #   listen = "[::]:80";
-  #   root = "/var/www";
-  #   configuration = {
-  #     general = { 
-  #       directory-listing = true;
-  #     };
-  #   };
-  # };
+  services.static-web-server = {
+    enable = true;
+    listen = "[::]:8008";
+    root = "/var/www";
+    configuration = { general = { directory-listing = true; }; };
+  };
+  services.nginx.virtualHosts."muon.host" = {
+    enableACME = true;
+    forceSSL = true;
+    default = true;
+    locations."/" = { proxyPass = "http://localhost:8008"; };
+  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
--- a/hosts/ports.nix
+++ b/hosts/ports.nix
@ -0,0 +1,9 @@
+{ pkgs, lib, config, ... }: {
+  mods.server.nginx.ports = {
+    photos = 3001;
+
+    search = 8081;
+    videos = 8082;
+    reddit = 8083;
+  };
+}
--- a/modules/nixos/server/default.nix
+++ b/modules/nixos/server/default.nix
@ -11,5 +11,6 @@
    ./photoprism.nix
    ./search.nix
    ./nginx.nix
+    ./frontends.nix
  ];
 }
--- a/modules/nixos/server/frontends.nix
+++ b/modules/nixos/server/frontends.nix
@ -0,0 +1,41 @@
+{ pkgs, lib, config, ... }:
+let
+  cfg = config.mods.server;
+  ports = cfg.nginx.ports;
+in with lib; {
+  options.mods.server = {
+    videos = {
+      enable = mkEnableOption {
+        default = false;
+        description = "enables invidious server";
+      };
+    };
+
+    reddit = {
+      enable = mkEnableOption {
+        default = false;
+        description = "enables redlib server";
+      };
+    };
+  };
+
+  config = {
+    services.invidious = mkIf cfg.videos.enable {
+      enable = true;
+      address = "0.0.0.0";
+      port = ports.videos;
+
+      settings = {
+        db.user = "invidious";
+        db.dbname = "invidious";
+      };
+    };
+
+    services.redlib = mkIf cfg.reddit.enable {
+      enable = true;
+      openFirewall = true;
+      address = "0.0.0.0";
+      port = ports.reddit;
+    };
+  };
+}
--- a/modules/nixos/server/media.nix
+++ b/modules/nixos/server/media.nix
@ -1,10 +1,10 @@
 { pkgs, lib, config, ... }:
 let
  cfg = config.mods.server;
-  port = 2283;
+  port = cfg.nginx.ports.photos;
 in with lib; {
  options.mods.server = {
-    videos = {
+    movies = {
      enable = mkEnableOption {
        default = false;
        description = "enables jellyfin server";
@ -20,24 +20,12 @@ in with lib; {
  };

  config = {
-    services.jellyfin = mkIf cfg.videos.enable {
+    services.jellyfin = mkIf cfg.movies.enable {
      enable = true;
      openFirewall = true;
      user = "${config.mods.user.name}";
    };

-    # mods.server.nginx.ports.photos = port;
-    services.nginx.virtualHosts."photos.muon.host" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://10.0.0.3:${toString port}";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-        extraConfig =
-          # required when the server wants to use HTTP Authentication
-          "proxy_pass_header Authorization;";
-      };
-    };
    services.immich = mkIf cfg.photos.enable {
      enable = true;
      openFirewall = true;
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@ -71,18 +71,19 @@ in with lib; {
        proxy_pass_header Authorization;
      '';

-      # virtualHosts = let
-      #   base = locations: {
-      #     inherit locations;
+      virtualHosts = let
+        base = locations: {
+          inherit locations;

-      #     forceSSL = true;
-      #     enableACME = true;
-      #   };
-      #   proxy = port:
-      #     base { "/".proxyPass = "http://${cfg.ip}:${toString port}/"; };
-      # in mapAttrs' (name: port:
-      #   nameValuePair ("${name}.${cfg.domain}")
+          forceSSL = true;
+          enableACME = true;
+        };
+        proxy = port:
+          base { "/".proxyPass = "http://${cfg.ip}:${toString port}/"; };
+      in mapAttrs' (name: port:
+        nameValuePair ("${name}.${cfg.domain}")
        # (proxy port // { default = true; })) cfg.ports;
+        (proxy port)) cfg.ports;
    };
  };
 }
--- a/modules/nixos/server/search.nix
+++ b/modules/nixos/server/search.nix
@ -2,7 +2,7 @@
 let
  inherit (lib) types mkOption mkEnableOption;
  cfg = config.mods.server.search;
-  port = 8081;
+  port = config.mods.server.nginx.ports.search;
 in {
  options.mods.server.search = {
    enable = mkEnableOption {
@ -12,27 +12,9 @@ in {
  };

  config = {
-    # mods.server.nginx.ports.search = port;
-    services.nginx.virtualHosts."search.muon.host" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://10.0.0.3:${toString port}";
-        proxyWebsockets = true; # needed if you need to use WebSocket
-        extraConfig =
-          # required when the server wants to use HTTP Authentication
-          "proxy_pass_header Authorization;";
-      };
-    };
    services.searx = lib.mkIf cfg.enable {
      enable = true;

-      # runInUwsgi = true;
-      # uwsgiConfig = {
-      #   disable-logging = true;
-      #   http = ":${toString port}";
-      # };
-
      settings = {
        server.port = port;
        server.bind_address = "0.0.0.0";