diff options
| author | Linnnus <[email protected]> | 2023-09-30 14:53:27 +0200 |
|---|---|---|
| committer | Linnnus <[email protected]> | 2023-09-30 14:53:55 +0200 |
| commit | d7fc02342227fbd442f47e27fa12a42ff7998cd5 (patch) | |
| tree | 9f90238e85d4f271cdce6dfe26e8683add68f10f /modules | |
| parent | 039061095ad29da895479ea3dbd68e40689f5f72 (diff) | |
fix everything forever i hope
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/default.nix | 1 | ||||
| -rw-r--r-- | modules/linus.onl/default.nix | 20 | ||||
| -rw-r--r-- | modules/notifications.linus.onl/default.nix | 42 |
3 files changed, 48 insertions, 15 deletions
diff --git a/modules/default.nix b/modules/default.nix index 61ef9cc..3015d59 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,6 +4,7 @@ imports = [ ./linus.onl + ./notifications.linus.onl ./cloudflare-proxy ./graphics ]; diff --git a/modules/linus.onl/default.nix b/modules/linus.onl/default.nix index f65bf0b..617865c 100644 --- a/modules/linus.onl/default.nix +++ b/modules/linus.onl/default.nix @@ -12,15 +12,6 @@ in enable = mkEnableOption "${domain} static site"; useACME = mkEnableOption "built-in HTTPS stuff"; - - openFirewall = mkOption { - description = '' - Open holes in the firewall so clients on LAN can connect. You must - set up port forwarding if you want to play over WAN. - ''; - type = types.bool; - default = false; - }; }; config = mkIf cfg.enable { @@ -91,16 +82,15 @@ in wantedBy = [ "nginx.service" ]; }; - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ 80 ] ++ (optional cfg.useACME 443); - }; + # Register domain name with ddns. + services.cloudflare-dyndns.domains = [ domain ]; - # Serve the generated page using NGINX. + # Register virtual host. services.nginx = { - enable = true; - virtualHosts."${domain}" = { + # NOTE: 'forceSSL' will cause an infite loop, if the cloudflare proxy does NOT connect over HTTPS. enableACME = cfg.useACME; + forceSSL = cfg.useACME; root = "/var/www/${domain}"; }; }; diff --git a/modules/notifications.linus.onl/default.nix b/modules/notifications.linus.onl/default.nix new file mode 100644 index 0000000..443853f --- /dev/null +++ b/modules/notifications.linus.onl/default.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, config, ... }: + +let + inherit (lib) mkEnableOption mkOption types mkIf optional; + + domain = "notifications.linus.onl"; + + # TODO: Make option internal-port. + internal-port = 13082; + + cfg = config.my.modules."notifications.linus.onl"; +in +{ + options.my.modules."notifications.linus.onl" = { + enable = mkEnableOption "notifications.linus.onl static site"; + + useACME = mkEnableOption "built-in HTTPS stuff"; + }; + + config = mkIf cfg.enable { + my.services.push-notification-api = { + enable = true; + # host = "notifications.linus.onl"; + host = "0.0.0.0"; + port = internal-port; + openFirewall = false; # We're using NGINX reverse proxy. + }; + + # Register domain name. + services.cloudflare-dyndns.domains = [ "notifications.linus.onl" ]; + + # Serve the generated page using NGINX. + services.nginx.virtualHosts."notifications.linus.onl" = { + enableACME = cfg.useACME; + forceSSL = cfg.useACME; + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:${toString internal-port}"; + }; + }; + }; +} |