56 lines
1.5 KiB
Nix
56 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
containers.funkwhale = {
|
|
inherit pkgs;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.4";
|
|
autoStart = true;
|
|
config = { config, lib, pkgs, ... }: {
|
|
imports = [
|
|
../../../../modules
|
|
];
|
|
services.coredns = {
|
|
enable = true;
|
|
config = ''
|
|
.:53 {
|
|
forward . 1.1.1.1
|
|
}
|
|
'';
|
|
};
|
|
networking.firewall.enable = false;
|
|
services.funkwhale = {
|
|
enable = true;
|
|
apiIp = "192.168.100.4";
|
|
hostname = "funkwhale.hacc.media";
|
|
protocol = "https";
|
|
defaultFromEmail = "funkwhale@hacc.media";
|
|
api.djangoSecretKey = "TwsgANNKid+HZ0HwhR/FgTcxFIW6sZ8s4n7HxV6zPdU=";
|
|
};
|
|
services.nginx.virtualHosts."funkwhale.hacc.media" = {
|
|
enableACME = lib.mkForce false;
|
|
forceSSL = lib.mkForce false;
|
|
};
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."funkwhale.hacc.media" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.100.4";
|
|
extraConfig = ''
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Host $http_host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $http_connection;
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
}
|