mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-infect.git
synced 2025-02-16 14:24:42 +00:00
Fixed Jitsi certificate usage. Added memcached deployment for increased performance. Fixed upload of media files into Pleroma-OTP
This commit is contained in:
Illia Chub
parent
4f793fed27
commit
0599112b3a
97
nixos-infect
97
nixos-infect
|
|
@ -16,7 +16,7 @@ makeConf() {
|
|||
mkdir /etc/nixos/letsencrypt
|
||||
mkdir /etc/nixos/backup
|
||||
mkdir /etc/nixos/passmgr
|
||||
mkdir /etc/nixos/nginx
|
||||
mkdir /etc/nixos/webserver
|
||||
mkdir /etc/nixos/git
|
||||
mkdir /etc/nixos/nextcloud
|
||||
mkdir /etc/nixos/resources
|
||||
|
|
@ -50,7 +50,8 @@ makeConf() {
|
|||
./letsencrypt/acme.nix
|
||||
./backup/restic.nix
|
||||
./passmgr/bitwarden.nix
|
||||
./nginx/nginx.nix
|
||||
./webserver/nginx.nix
|
||||
./webserver/memcached.nix
|
||||
./nextcloud/nextcloud.nix
|
||||
./resources/limits.nix
|
||||
./videomeet/jitsi.nix
|
||||
|
|
@ -197,16 +198,7 @@ EOF
|
|||
loginAccounts = {
|
||||
"$LUSER@$DOMAIN" = {
|
||||
hashedPassword = "$HASHED_PASSWORD";
|
||||
|
||||
#aliases = [
|
||||
# "mail@example.com"
|
||||
#];
|
||||
|
||||
# Make this user the catchAll address for domains blah.com and
|
||||
# example2.com
|
||||
catchAll = [
|
||||
"$DOMAIN"
|
||||
];
|
||||
catchAll = [ "$DOMAIN" ];
|
||||
sieveScript = ''
|
||||
require ["fileinto", "mailbox"];
|
||||
if header :contains "Chat-Version" "1.0"
|
||||
|
|
@ -216,18 +208,12 @@ EOF
|
|||
}
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# Extra virtual aliases. These are email addresses that are forwarded to
|
||||
# loginAccounts addresses.
|
||||
extraVirtualAliases = {
|
||||
# address = forward address;
|
||||
"admin@$DOMAIN" = "$LUSER@$DOMAIN";
|
||||
};
|
||||
|
||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||
# down nginx and opens port 80.
|
||||
certificateScheme = 1;
|
||||
certificateFile = "/var/lib/acme/$DOMAIN/fullchain.pem";
|
||||
keyFile = "/var/lib/acme/$DOMAIN/key.pem";
|
||||
|
|
@ -319,7 +305,7 @@ EOF
|
|||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/nginx/nginx.nix << EOF
|
||||
cat > /etc/nixos/webserver/nginx.nix << EOF
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
|
|
@ -331,7 +317,6 @@ EOF
|
|||
clientMaxBodySize = "1024m";
|
||||
|
||||
virtualHosts = {
|
||||
|
||||
"$DOMAIN" = {
|
||||
sslCertificate = "/var/lib/acme/$DOMAIN/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/$DOMAIN/key.pem";
|
||||
|
|
@ -362,6 +347,41 @@ EOF
|
|||
};
|
||||
};
|
||||
};
|
||||
"meet.$DOMAIN" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = "/var/lib/acme/ilchub.net/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/ilchub.net/key.pem";
|
||||
root = pkgs.jitsi-meet;
|
||||
extraConfig = ''
|
||||
ssi on;
|
||||
'';
|
||||
locations = {
|
||||
"@root_path" = {
|
||||
extraConfig = ''
|
||||
rewrite ^/(.*)$ / break;
|
||||
'';
|
||||
};
|
||||
"~ ^/([^/\\?&:'\"]+)$" = {
|
||||
tryFiles = "$uri @root_path";
|
||||
};
|
||||
"=/http-bind" = {
|
||||
proxyPass = "http://localhost:5280/http-bind";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
"=/external_api.js" = {
|
||||
alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
|
||||
};
|
||||
"=/config.js" = {
|
||||
alias = "${pkgs.jitsi-meet}/config.js";
|
||||
};
|
||||
"=/interface_config.js" = {
|
||||
alias = "${pkgs.jitsi-meet}/interface_config.js";
|
||||
};
|
||||
};
|
||||
};
|
||||
"password.$DOMAIN" = {
|
||||
sslCertificate = "/var/lib/acme/$DOMAIN/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/$DOMAIN/key.pem";
|
||||
|
|
@ -382,6 +402,26 @@ EOF
|
|||
};
|
||||
};
|
||||
};
|
||||
"chat.$DOMAIN" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = "/var/lib/acme/$DOMAIN/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/$DOMAIN/key.pem";
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "https://127.0.0.1:8448";
|
||||
};
|
||||
"/_matrix" = {
|
||||
proxyPass = "https://127.0.0.1:8448";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
'';
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
proxy_ssl_server_name on;
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
};
|
||||
"social.$DOMAIN" = {
|
||||
sslCertificate = "/var/lib/acme/$DOMAIN/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/$DOMAIN/key.pem";
|
||||
|
|
@ -399,6 +439,22 @@ EOF
|
|||
};
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/webserver/memcached.nix << EOF
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
services = {
|
||||
memcached = {
|
||||
enable = true;
|
||||
user = "memcached";
|
||||
listen = "127.0.0.1";
|
||||
port = "11211";
|
||||
maxMemory = 64;
|
||||
maxConnections = 1024;
|
||||
};
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/nixos/nextcloud/nextcloud.nix << EOF
|
||||
|
|
@ -554,7 +610,6 @@ EOF
|
|||
SHOW_JITSI_WATERMARK = false;
|
||||
SHOW_WATERMARK_FOR_GUESTS = false;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Reference in a new issue