asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

disable 3proxy, set http3 on virtual hosts

Browse Source
This commit is contained in:
Asmir A 2024-03-30 19:49:13 +01:00
parent b0c9edaddf
commit b07404b152
Signed by: asmir
GPG Key ID: 020C42B7A9ABA3E2
1 changed files with 7 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
magpie/configuration.nix
View File

@ -145,6 +145,7 @@
virtualHosts."project-cloud.net" = { virtualHosts."project-cloud.net" = {
quic = true; quic = true;
http3 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "${project-cloud.packages.${system}.default}/public"; root = "${project-cloud.packages.${system}.default}/public";
@ -152,12 +153,14 @@
virtualHosts.${config.services.nextcloud.hostName} = { virtualHosts.${config.services.nextcloud.hostName} = {
quic = true; quic = true;
http3 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
}; };
virtualHosts."miniflux.project-cloud.net" = { virtualHosts."miniflux.project-cloud.net" = {
quic = true; quic = true;
http3 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -167,6 +170,7 @@
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = { virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
quic = true; quic = true;
http3 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -176,6 +180,7 @@
virtualHosts."stats.project-cloud.net" = { virtualHosts."stats.project-cloud.net" = {
quic = true; quic = true;
http3 = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -230,24 +235,6 @@
ProtectSystem = lib.mkForce false; ProtectSystem = lib.mkForce false;
}; };
services._3proxy = {
enable = true;
services = [
{
type = "socks";
auth = ["strong"];
acl = [
{
rule = "allow";
users = ["3proxy_user"];
}
];
bindPort = 13128;
}
];
usersFile = config.sops.secrets."3proxy".path;
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "asmir.abdulahovic@gmail.com"; defaults.email = "asmir.abdulahovic@gmail.com";
@ -277,14 +264,9 @@
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
}; };
sops.secrets."3proxy" = {
sopsFile = ./secrets/3proxy.yaml;
};
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587 13128]; networking.firewall.allowedTCPPorts = [80 443 587];
networking.firewall.allowedUDPPorts = []; networking.firewall.allowedUDPPorts = [443];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false; networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.hostName = "magpie"; networking.hostName = "magpie";