thegeneralist01/config-new
1
Fork 0
Code Issues Pull requests Activity

central: add personal website

Browse source
This commit is contained in:
TheGeneralist 2026-01-06 09:39:53 +01:00
parent 48eefdaa20
commit 27d347d3c8
Signed by: thegeneralist01
SSH key fingerprint: SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
5 changed files with 85 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/thegeneralist-central/archive/archivebox.nix
View file

@ -20,14 +20,14 @@
}; };
}; };
pywb = { # pywb = {
image = "docker.io/webrecorder/pywb"; # image = "docker.io/webrecorder/pywb";
ports = [ "127.0.0.1:8001:8001" ]; # ports = [ "127.0.0.1:8001:8001" ];
volumes = [ # volumes = [
"/mnt/usb/services/browsertrix/webrecorder/:/" # "/mnt/usb/services/browsertrix/webrecorder/:/"
"/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive" # "/mnt/usb/services/browsertrix/webrecorder/webarchive:/webarchive"
]; # ];
}; # };
}; };
environment.systemPackages = [ pkgs.docker ]; environment.systemPackages = [ pkgs.docker ];

BIN
hosts/thegeneralist-central/cert.pem.age
View file

Binary file not shown.

5
hosts/thegeneralist-central/credentials_personal.age Normal file
View file

@ -0,0 +1,5 @@
<EFBFBD>
<EFBFBD>
<EFBFBD>
<EFBFBD>
<EFBFBD>

100
hosts/thegeneralist-central/site.nix
View file

@ -1,31 +1,38 @@
{ config, pkgs, ... }: let { config, pkgs, ... }:
let
domain = "thegeneralist01.com"; domain = "thegeneralist01.com";
family_domain = builtins.getEnv "FAMILY_DOMAIN";
ssl = { ssl = {
quic = true; quic = true;
useACMEHost = domain; useACMEHost = domain;
}; };
in { in
imports = [ ./acme ./dns.nix ./jellyfin ]; {
imports = [
./acme
./dns.nix
./jellyfin
];
# Nginx # Nginx
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginxQuic; package = pkgs.nginxQuic;
enableQuicBPF = true; enableQuicBPF = true;
experimentalZstdSettings = true; experimentalZstdSettings = true;
recommendedUwsgiSettings = true; recommendedUwsgiSettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedBrotliSettings = true; recommendedBrotliSettings = true;
statusPage = true; statusPage = true;
validateConfigFile = true; validateConfigFile = true;
virtualHosts."${domain}" = ssl // { virtualHosts."${domain}" = ssl // {
root = "/var/www/${domain}"; root = "/var/www/${domain}";
locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404";
@ -43,13 +50,35 @@ in {
''; '';
}; };
virtualHosts."www.${domain}" = ssl // { virtualHosts."www.${domain}" = ssl // {
locations."/".return = "306 https://${domain}$request_uri"; locations."/".return = "306 https://${domain}$request_uri";
}; };
virtualHosts._ = ssl // { virtualHosts."${family_domain}" = {
locations."/".return = "307 https://${domain}/404"; root = "/var/www/${family_domain}";
locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404";
extraConfig = ''
if ($http_x_forwarded_proto = "http") {
return 301 https://${family_domain}$request_uri;
}
location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ {
expires 1d;
add_header Cache-Control "public";
}
error_page 404 /404.html;
'';
}; };
virtualHosts."www.${family_domain}" = {
locations."/".return = "306 https://${family_domain}$request_uri";
};
# virtualHosts._ = ssl // {
# locations."/".return = "307 https://${domain}/404";
# };
}; };
# Cloudflare # Cloudflare
@ -57,21 +86,34 @@ in {
age.secrets.cftcert.file = ./cert.pem.age; age.secrets.cftcert.file = ./cert.pem.age;
age.secrets.cftcredentials.file = ./credentials.age; age.secrets.cftcredentials.file = ./credentials.age;
age.secrets.cftcredentials_personal.file = ./credentials_personal.age;
services.cloudflared = { services.cloudflared = {
enable = true; enable = true;
certificateFile = config.age.secrets.cftcert.path; certificateFile = config.age.secrets.cftcert.path;
tunnels."site" = { tunnels = {
ingress = { "site" = {
"thegeneralist01.com" = "http://localhost:80"; ingress = {
"www.thegeneralist01.com" = "http://localhost:80"; "thegeneralist01.com" = "http://localhost:80";
"cache.thegeneralist01.com" = "http://localhost:80"; "www.thegeneralist01.com" = "http://localhost:80";
}; "cache.thegeneralist01.com" = "http://localhost:80";
default = "http_status:404"; };
default = "http_status:404";
credentialsFile = config.age.secrets.cftcredentials.path; credentialsFile = config.age.secrets.cftcredentials.path;
certificateFile = config.age.secrets.cftcert.path; certificateFile = config.age.secrets.cftcert.path;
};
"personal" = {
ingress = {
"${family_domain}" = "http://localhost:80";
"www.${family_domain}" = "http://localhost:80";
};
default = "http_status:404";
credentialsFile = config.age.secrets.cftcredentials_personal.path;
certificateFile = config.age.secrets.cftcert.path;
};
}; };
}; };
} }

1
secrets.nix
View file

@ -7,6 +7,7 @@ in {
"hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ];
"hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ];
"hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ];
"hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ];
"hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ];
"hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ];