nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rpi4: reverse proxy basic auth services

Browse Source
This commit is contained in:
NullBite 2024-06-29 16:56:18 -04:00
parent 51b0e7c21b
commit 4cfde30c74
Signed by: nullbite
GPG Key ID: 6C4D545385D4925A
1 changed files with 43 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
hosts/rpi4/services.nix
View File

@ -66,14 +66,35 @@
''; '';
virtualHosts = let virtualHosts = let
mkReverseProxy = port: { useACMEHost = "protogen.io";
useACMEHost = "protogen.io"; mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, extraConfig ? {}, ... }:
forceSSL = true; lib.mkMerge [
locations."/" = { {
proxyPass = "http://127.0.0.1:${builtins.toString port}"; inherit useACMEHost;
proxyWebsockets = true; forceSSL = true;
}; locations."/" = {
}; proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${builtins.toString port}";
# proxyWebsockets = true;
# };
# };
mkAuthProxy = port: mkProxy { inherit port; auth = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in { in {
# TODO change all these with a vim macro when i learn how to extend submodules # TODO change all these with a vim macro when i learn how to extend submodules
"changedetection.protogen.io" = mkReverseProxy 5000; "changedetection.protogen.io" = mkReverseProxy 5000;
@ -84,15 +105,28 @@
"hass.protogen.io" = mkReverseProxy 8123; "hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880; "node.protogen.io" = mkReverseProxy 1880;
# z2m auth 8124 # z2m auth 8124
"z2m.protogen.io" = mkAuthProxy 8124;
"room.protogen.io" = mkReverseProxy 8096; "room.protogen.io" = mkReverseProxy 8096;
# deemix auth 8096 "deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087 # libreddit auth 8087
"libreddit.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082; "rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086; "blahaj.protogen.io" = mkReverseProxy 8086;
# octoprint (proxy_addr is 10.10.1.8) # octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = mkProxy { auth = true; upstream = "http://10.10.1.8:80"; };
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml) # searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"searx.protogen.io" = let
port = 8088;
in mkProxy { auth = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
basicAuthFile = lib.mkForce null;
basicAuth = lib.mkForce { };
});
};};
# nbt.sh alias proot.link 8090 # nbt.sh alias proot.link 8090
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
# admin.nbt.sh alias admin.proot.link 8091 auth # admin.nbt.sh alias admin.proot.link 8091 auth
"admin.nbt.sh" = mkProxy { auth = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
# create track map todo later # create track map todo later
"uptime.protogen.io" = mkReverseProxy 3001; "uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io"; "kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";