Wateir/NixServerConfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat : Add of secret for roundcube and vaultwarden

Browse source
This commit is contained in:
Wateir 2025-12-24 17:18:24 +01:00
parent a59e409a49
commit 2f5c8be389
18 changed files with 116 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

19
module/nginx.nix
View file

@ -6,8 +6,8 @@ with lib;
services.nginx.enable = true;
services.nginx.virtualHosts = mkMerge [
(mkIf config.module.vaultwarden.enable {
"${config.module.hostName}-vault" = {
(mkIf config.services.vaultwarden.enable {
"${config.module.hostName}-${config.module.vaultwarden.subdomain}" = {
listen = [{ addr = "0.0.0.0"; port = config.module.vaultwarden.externalPort; }];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.module.vaultwarden.internalPort}";
@ -22,7 +22,7 @@ with lib;
})
(mkIf config.module.roundcube.enable {
"${config.module.hostName}-roundcube" = {
"${config.module.hostName}-${config.module.roundcube.subdomain}" = {
listen = [{ addr = "0.0.0.0"; port = config.module.roundcube.port; }];
root = "${pkgs.roundcube}/public_html";
locations."/" = {
@ -41,10 +41,16 @@ with lib;
};
})
(mkIf config.module.forgejo.enable {
"${config.module.hostName}-vault" = {
"${config.module.hostName}-${config.module.forgejo.subdomain}" = {
listen = [{ addr = "0.0.0.0"; port = config.module.forgejo.externalPort; }];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.module.forgejo.internalPort}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
})
@ -52,7 +58,8 @@ with lib;
];
networking.firewall.allowedTCPPorts = concatLists [
(if config.module.vaultwarden.enable then [ config.module.vaultwarden.externalPort ] else [])
(if config.module.roundcube.enable then [ config.module.roundcube.port ] else [])
(if config.services.vaultwarden.enable then [ config.module.vaultwarden.externalPort ] else [])
(if config.services.roundcube.enable then [ config.module.roundcube.port ] else [])
(if config.services.forgejo.enable then [ config.module.forgejo.externalPort ] else [])
];
}