fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JF: Fixed acme

Browse Source
This commit is contained in:
rasmus-kirk
2024-02-26 20:30:22 +01:00
parent c20ed40d60
commit 5bb8d16cb8
1 changed files with 43 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixarr/jellyfin/default.nix
+12 -7
View File
@@ -133,14 +133,16 @@ in {
openTcpPorts = [80 443]; openTcpPorts = [80 443];
}; };
services.nginx = mkIf (cfg.expose.https.enable || cfg.vpn.enable) { services.nginx = mkMerge [
(mkIf (cfg.expose.https.enable || cfg.vpn.enable) {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
})
virtualHosts."${builtins.replaceStrings ["\n"] [""] cfg.expose.https.domainName}" = mkIf cfg.expose.https.enable { (mkIf cfg.expose.https.enable {
virtualHosts."${builtins.replaceStrings ["\n"] [""] cfg.expose.https.domainName}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
@@ -149,7 +151,8 @@ in {
proxyPass = "http://127.0.0.1:${builtins.toString defaultPort}"; proxyPass = "http://127.0.0.1:${builtins.toString defaultPort}";
}; };
}; };
})
(mkIf cfg.vpn.enable {
virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable { virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable {
listen = [ listen = [
{ {
@@ -163,7 +166,8 @@ in {
proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
}; };
}; };
} // mkIf cfg.expose.vpn.enable { })
(mkIf cfg.expose.vpn.enable {
virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = { virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@@ -173,11 +177,12 @@ in {
proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
}; };
}; };
}; })
];
security.acme = mkIf cfg.expose.https.enable { security.acme = mkIf cfg.expose.https.enable {
acceptTerms = true; acceptTerms = true;
defaults.email = cfg.expose.acmeMail; defaults.email = cfg.expose.https.acmeMail;
}; };
util-nixarr.vpnnamespace.portMappings = [ util-nixarr.vpnnamespace.portMappings = [