From 8fc518d4224f8e0370ecf7424b9188917ef56183 Mon Sep 17 00:00:00 2001 From: s-prechtl Date: Sat, 8 Nov 2025 20:04:43 +0100 Subject: [PATCH] feat: nginx reverse proxy that shi --- hosts/goingmerry/configuration.nix | 4 +-- hosts/hitsugibune/configuration.nix | 1 + hosts/hitsugibune/llm.nix | 30 ++++++++++++++----- hosts/hitsugibune/mail.nix | 8 +++-- hosts/hitsugibune/nextcloud.nix | 5 ---- hosts/hitsugibune/nginx.nix | 12 ++++++++ hosts/hitsugibune/nvidia.nix | 18 ++++++----- hosts/saberofxebec/configuration.nix | 13 ++++---- hosts/saberofxebec/disk-spindown.nix | 28 ++++++++++------- hosts/saberofxebec/hardware-configuration.nix | 4 +-- hosts/saberofxebec/intel.nix | 10 +++++-- hosts/saberofxebec/nvidia.nix | 18 ++++++----- modules/nixos/greetd.nix | 5 +--- 13 files changed, 98 insertions(+), 58 deletions(-) create mode 100644 hosts/hitsugibune/nginx.nix diff --git a/hosts/goingmerry/configuration.nix b/hosts/goingmerry/configuration.nix index b8e6b60..61fba17 100644 --- a/hosts/goingmerry/configuration.nix +++ b/hosts/goingmerry/configuration.nix @@ -106,8 +106,8 @@ nixpkgs.config.allowUnfree = true; nixpkgs.config.android_sdk.accept_license = true; nixpkgs.config.permittedInsecurePackages = [ - "python3.13-ecdsa-0.19.1" - ]; + "python3.13-ecdsa-0.19.1" + ]; # List packages installed in system profile. To search, run: # $ nix search wget diff --git a/hosts/hitsugibune/configuration.nix b/hosts/hitsugibune/configuration.nix index 75fe51f..42ab33b 100644 --- a/hosts/hitsugibune/configuration.nix +++ b/hosts/hitsugibune/configuration.nix @@ -30,6 +30,7 @@ in { imports = [ ./hardware-configuration.nix + ./nginx.nix ./nextcloud.nix ./teamspeak.nix ./matrix.nix diff --git a/hosts/hitsugibune/llm.nix b/hosts/hitsugibune/llm.nix index b41e09f..d199620 100644 --- a/hosts/hitsugibune/llm.nix +++ b/hosts/hitsugibune/llm.nix @@ -1,5 +1,4 @@ -{...} : -{ +{config, ...}: { services.open-webui = { enable = true; openFirewall = true; @@ -7,9 +6,26 @@ }; services.ollama = { - enable = true; - acceleration = "cuda"; - loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ]; - -}; + enable = true; + host = "chattn.sprechtl.me"; + acceleration = "cuda"; + loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"]; + }; + + services.nginx = { + enable = true; + virtualHosts.${config.services.ollama.host} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "stefan@tague.at"; + }; } diff --git a/hosts/hitsugibune/mail.nix b/hosts/hitsugibune/mail.nix index d5668af..065634e 100644 --- a/hosts/hitsugibune/mail.nix +++ b/hosts/hitsugibune/mail.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { age.secrets.mail-admin = { file = ../../secrets/mail-admin.age; owner = "virtualMail"; @@ -8,7 +12,7 @@ mailserver = { enable = true; fqdn = "mail.sprechtl.me"; - domains = [ "sprechtl.me" ]; + domains = ["sprechtl.me"]; # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' diff --git a/hosts/hitsugibune/nextcloud.nix b/hosts/hitsugibune/nextcloud.nix index 306d08c..760472e 100644 --- a/hosts/hitsugibune/nextcloud.nix +++ b/hosts/hitsugibune/nextcloud.nix @@ -57,9 +57,4 @@ enableACME = true; }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "stefan@tague.at"; - }; } diff --git a/hosts/hitsugibune/nginx.nix b/hosts/hitsugibune/nginx.nix new file mode 100644 index 0000000..24ad5bd --- /dev/null +++ b/hosts/hitsugibune/nginx.nix @@ -0,0 +1,12 @@ +{...}: { + services.nginx = { + recommendedProxySettings = true; + recommendedTlsSettings = true; + enable = true; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "stefan@tague.at"; + }; +} diff --git a/hosts/hitsugibune/nvidia.nix b/hosts/hitsugibune/nvidia.nix index 0cac856..5231f80 100644 --- a/hosts/hitsugibune/nvidia.nix +++ b/hosts/hitsugibune/nvidia.nix @@ -1,9 +1,12 @@ -{config, lib, ...}: { + config, + lib, + ... +}: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nvidia-x11" - "nvidia-settings" + "nvidia-x11" + "nvidia-settings" ]; # Enable OpenGL hardware.graphics = { @@ -14,13 +17,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -30,9 +32,9 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; diff --git a/hosts/saberofxebec/configuration.nix b/hosts/saberofxebec/configuration.nix index 7ed941a..d8dad2a 100644 --- a/hosts/saberofxebec/configuration.nix +++ b/hosts/saberofxebec/configuration.nix @@ -116,11 +116,12 @@ in { "7575:7575" ]; volumes = [ - "/var/lib/homarr/:/appdata" + "/var/lib/homarr/:/appdata" "/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro" ]; extraOptions = [ - "--network" "host" + "--network" + "host" "--dns=192.168.0.201" ]; @@ -180,10 +181,10 @@ in { Username = "Spr3eZ"; Password_PBKDF2 = "@ByteArray(rSRSjyLjKHX4KeDHgtx8qA==:EdZC27+FdG0aFtqVtEsiuqQAA6NROdBRXVSySD6ktgBY7k9ORrq8Kgo2uIkXvAWssmMIFb+C3RZS2PMWAt/Ihw==)"; }; - Scheduler = { - end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)''; - start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)''; - }; + Scheduler = { + end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)''; + start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)''; + }; }; AutoRun = { OnTorrentAdded.Enabled = true; diff --git a/hosts/saberofxebec/disk-spindown.nix b/hosts/saberofxebec/disk-spindown.nix index b114638..6e066e0 100644 --- a/hosts/saberofxebec/disk-spindown.nix +++ b/hosts/saberofxebec/disk-spindown.nix @@ -1,14 +1,20 @@ -{lib, pkgs, ...}: { -# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet. -services.udev.extraRules = - let +{ + lib, + pkgs, + ... +}: { + # Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet. + services.udev.extraRules = let mkRule = as: lib.concatStringsSep ", " as; mkRules = rs: lib.concatStringsSep "\n" rs; - in mkRules ([( mkRule [ - ''ACTION=="add|change"'' - ''SUBSYSTEM=="block"'' - ''KERNEL=="sd[a-z]"'' - ''ATTR{queue/rotational}=="1"'' - ''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"'' - ])]); + in + mkRules [ + (mkRule [ + ''ACTION=="add|change"'' + ''SUBSYSTEM=="block"'' + ''KERNEL=="sd[a-z]"'' + ''ATTR{queue/rotational}=="1"'' + ''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"'' + ]) + ]; } diff --git a/hosts/saberofxebec/hardware-configuration.nix b/hosts/saberofxebec/hardware-configuration.nix index 57e6ac8..f4242ad 100644 --- a/hosts/saberofxebec/hardware-configuration.nix +++ b/hosts/saberofxebec/hardware-configuration.nix @@ -16,7 +16,7 @@ boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; - boot.supportedFilesystems = [ "ntfs" ]; + boot.supportedFilesystems = ["ntfs"]; fileSystems."/" = { device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee"; @@ -26,7 +26,7 @@ fileSystems."/media" = { device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe"; fsType = "ntfs-3g"; - options = [ "rw" ]; + options = ["rw"]; }; fileSystems."/boot" = { diff --git a/hosts/saberofxebec/intel.nix b/hosts/saberofxebec/intel.nix index d9e8ca2..94bb8f6 100644 --- a/hosts/saberofxebec/intel.nix +++ b/hosts/saberofxebec/intel.nix @@ -1,5 +1,9 @@ -{config, pkgs, ...}: { - services.xserver.videoDrivers = [ "modesetting" ]; +{ + config, + pkgs, + ... +}: { + services.xserver.videoDrivers = ["modesetting"]; hardware.graphics = { enable = true; extraPackages = with pkgs; [ @@ -7,5 +11,5 @@ vpl-gpu-rt # Enable QSV ]; }; - environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; + environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";}; } diff --git a/hosts/saberofxebec/nvidia.nix b/hosts/saberofxebec/nvidia.nix index 519ea57..936e0df 100644 --- a/hosts/saberofxebec/nvidia.nix +++ b/hosts/saberofxebec/nvidia.nix @@ -1,9 +1,12 @@ -{config, lib, ...}: { + config, + lib, + ... +}: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nvidia-x11" - "nvidia-settings" + "nvidia-x11" + "nvidia-settings" ]; # Enable OpenGL hardware.graphics = { @@ -14,13 +17,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -30,9 +32,9 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; diff --git a/modules/nixos/greetd.nix b/modules/nixos/greetd.nix index 137fc91..dd44d4b 100644 --- a/modules/nixos/greetd.nix +++ b/modules/nixos/greetd.nix @@ -1,7 +1,4 @@ -{ - pkgs, - ... -}: { +{pkgs, ...}: { services.greetd = { enable = true;