feat: nginx reverse proxy that shi

2025-11-08 20:04:43 +01:00 · 2025-11-08 20:04:43 +01:00 · 8fc518d422
commit 8fc518d422
parent 411755a47e
13 changed files with 98 additions and 58 deletions
--- a/hosts/hitsugibune/configuration.nix
+++ b/hosts/hitsugibune/configuration.nix
@ -30,6 +30,7 @@
 in {
  imports = [
    ./hardware-configuration.nix
    ./nginx.nix
    ./nextcloud.nix
    ./teamspeak.nix
    ./matrix.nix
--- a/hosts/hitsugibune/llm.nix
+++ b/hosts/hitsugibune/llm.nix
@ -1,5 +1,4 @@
-{...} :
+{config, ...}: {
 {
  services.open-webui = {
    enable = true;
    openFirewall = true;
@ -8,8 +7,25 @@
  services.ollama = {
    enable = true;
    host = "chattn.sprechtl.me";
    acceleration = "cuda";
-  loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ];
+    loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
  };
-};
+  services.nginx = {
    enable = true;
    virtualHosts.${config.services.ollama.host} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:8080";
        proxyWebsockets = true;
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "stefan@tague.at";
  };
 }
--- a/hosts/hitsugibune/mail.nix
+++ b/hosts/hitsugibune/mail.nix
@ -1,4 +1,8 @@
-{ config, pkgs, ... }: {
+{
  config,
  pkgs,
  ...
 }: {
  age.secrets.mail-admin = {
    file = ../../secrets/mail-admin.age;
    owner = "virtualMail";
@ -8,7 +12,7 @@
  mailserver = {
    enable = true;
    fqdn = "mail.sprechtl.me";
-    domains = [ "sprechtl.me" ];
+    domains = ["sprechtl.me"];
    # A list of all login accounts. To create the password hashes, use
    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
--- a/hosts/hitsugibune/nextcloud.nix
+++ b/hosts/hitsugibune/nextcloud.nix
@ -57,9 +57,4 @@
      enableACME = true;
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "stefan@tague.at";
  };
 }
--- a/hosts/hitsugibune/nginx.nix
+++ b/hosts/hitsugibune/nginx.nix
@ -0,0 +1,12 @@
 {...}: {
  services.nginx = {
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    enable = true;
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "stefan@tague.at";
  };
 }
--- a/hosts/hitsugibune/nvidia.nix
+++ b/hosts/hitsugibune/nvidia.nix
@ -1,5 +1,8 @@
 {config, lib, ...}:
 {
  config,
  lib,
  ...
 }: {
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "nvidia-x11"
@ -14,7 +17,6 @@
  services.xserver.videoDrivers = ["nvidia"];
  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;
--- a/hosts/saberofxebec/configuration.nix
+++ b/hosts/saberofxebec/configuration.nix
@ -120,7 +120,8 @@ in {
        "/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro"
      ];
      extraOptions = [
-        "--network" "host"
+        "--network"
        "host"
        "--dns=192.168.0.201"
      ];
--- a/hosts/saberofxebec/disk-spindown.nix
+++ b/hosts/saberofxebec/disk-spindown.nix
@ -1,14 +1,20 @@
-{lib, pkgs, ...}: {
+{
-# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
+  lib,
-services.udev.extraRules = 
+  pkgs,
-  let
+  ...
 }: {
  # Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
  services.udev.extraRules = let
    mkRule = as: lib.concatStringsSep ", " as;
    mkRules = rs: lib.concatStringsSep "\n" rs;
-  in mkRules ([( mkRule [
+  in
    mkRules [
      (mkRule [
        ''ACTION=="add|change"''
        ''SUBSYSTEM=="block"''
        ''KERNEL=="sd[a-z]"''
        ''ATTR{queue/rotational}=="1"''
        ''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
-  ])]);
+      ])
    ];
 }
--- a/hosts/saberofxebec/hardware-configuration.nix
+++ b/hosts/saberofxebec/hardware-configuration.nix
@ -16,7 +16,7 @@
  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-intel"];
  boot.extraModulePackages = [];
-  boot.supportedFilesystems = [ "ntfs" ];
+  boot.supportedFilesystems = ["ntfs"];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee";
@ -26,7 +26,7 @@
  fileSystems."/media" = {
    device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe";
    fsType = "ntfs-3g";
-    options = [ "rw" ];
+    options = ["rw"];
  };
  fileSystems."/boot" = {
--- a/hosts/saberofxebec/intel.nix
+++ b/hosts/saberofxebec/intel.nix
@ -1,5 +1,9 @@
-{config, pkgs, ...}: {
+{
-  services.xserver.videoDrivers = [ "modesetting" ];
+  config,
  pkgs,
  ...
 }: {
  services.xserver.videoDrivers = ["modesetting"];
  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
@ -7,5 +11,5 @@
      vpl-gpu-rt # Enable QSV
    ];
  };
-  environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
+  environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";};
 }
--- a/hosts/saberofxebec/nvidia.nix
+++ b/hosts/saberofxebec/nvidia.nix
@ -1,5 +1,8 @@
 {config, lib, ...}:
 {
  config,
  lib,
  ...
 }: {
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      "nvidia-x11"
@ -14,7 +17,6 @@
  services.xserver.videoDrivers = ["nvidia"];
  hardware.nvidia = {
    # Modesetting is required.
    modesetting.enable = true;
--- a/modules/nixos/greetd.nix
+++ b/modules/nixos/greetd.nix
@ -1,7 +1,4 @@
-{
+{pkgs, ...}: {
  pkgs,
  ...
 }: {
  services.greetd = {
    enable = true;