mirror of
https://github.com/thegeneralist01/config.git
synced 2026-03-10 02:30:29 +01:00
services: add jellyfin, archivebox, custom dns
- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are not public. I have Split DNS enabled on them (in Tailscale), with the IP of the DNS server set to a private Tailscale IP of my home server; - CoreDNS (also on my home server) is used to resolve the two private domains' IPs to the home server itself; - nginx only listens to its machine's (home server's) Tailscale IP; - Therefore, all of it is hermetic!
This commit is contained in:
parent
8724801def
commit
572647d7c4
SSH key fingerprint:
SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
9 changed files with 194 additions and 11 deletions
18
hosts/thegeneralist-central/garage.nix
Normal file
18
hosts/thegeneralist-central/garage.nix
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
{ pkgs, ... }: {
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.oci-containers.containers.archivebox = {
|
||||
image = "ghcr.io/archivebox/archivebox:main";
|
||||
ports = [ "127.0.0.1:8000:8000" ];
|
||||
volumes = [
|
||||
"/mnt/usb/services/archivebox/data:/data"
|
||||
];
|
||||
environment = {
|
||||
ALLOWLIST_HOSTS = "localhost";
|
||||
CSRF_TRUSTED_ORIGINS = "https://archive.thegeneralist01.com,127.0.0.1:8000";
|
||||
REVERSE_PROXY_USER_HEADER = "X-Remote-User";
|
||||
REVERSE_PROXY_WHITELIST = "127.0.0.1/32,100.86.129.23/32";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.docker ];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue