tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity
tlaternet-server/configuration/default.nix
Tristan Daniël Maat 458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution 
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.

This can result in connection issues, especially with containers that
don't support IPv6.
2021-05-16 01:34:03 +01:00

81 lines
1.7 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
imports = [
./services/gitea.nix
./services/minecraft.nix
./services/nextcloud.nix
./services/webserver.nix
./ids.nix
];
nix = {
# Enable flakes
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
# Enable remote builds from tlater
trustedUsers = [ "@wheel" ];
};
networking = {
hostName = "tlaternet";
usePredictableInterfaceNames = false;
useDHCP = false;
interfaces.eth0.useDHCP = true;
firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 ];
};
time.timeZone = "Europe/London";
users.users.tlater = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ ../keys/tlater.pub ];
};
services.openssh = {
enable = true;
allowSFTP = false;
passwordAuthentication = false;
permitRootLogin = "no";
ports = [ 2222 ];
startWhenNeeded = true;
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
clientMaxBodySize = "10G";
virtualHosts = let
host = port: extra:
{
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
} // extra;
in {
"tlater.net" = host 3002 { serverAliases = [ "www.tlater.net" ]; };
"gitea.tlater.net" = host 3000 { };
"nextcloud.tlater.net" = host 3001 { };
};
};
security.acme = {
email = "tm@tlater.net";
acceptTerms = true;
};
virtualisation.oci-containers.backend = "podman";
system.stateVersion = "20.09";
}
Reference in a new issue View git blame Copy permalink