summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Biz/Cloud/Networking.nix10
-rw-r--r--Biz/Cloud/Ports.nix13
-rw-r--r--Biz/Cloud/Web.nix31
3 files changed, 40 insertions, 14 deletions
diff --git a/Biz/Cloud/Networking.nix b/Biz/Cloud/Networking.nix
index 5165280..fa41650 100644
--- a/Biz/Cloud/Networking.nix
+++ b/Biz/Cloud/Networking.nix
@@ -1,14 +1,7 @@
{ lib, config, ... }:
let
- ports = {
- ssh = 22;
- git = 9418;
- http = 80;
- https = 443;
- sabten = 8080;
- gemini = 1965;
- };
+ ports = import ./Ports.nix;
in {
networking = {
firewall = {
@@ -19,6 +12,7 @@ in {
ports.https
ports.sabten
ports.gemini
+ ports.radicale
];
};
nameservers = [
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix
new file mode 100644
index 0000000..66016ec
--- /dev/null
+++ b/Biz/Cloud/Ports.nix
@@ -0,0 +1,13 @@
+{
+ ssh = 22;
+ git = 9418;
+ http = 80;
+ https = 443;
+ sabten = 8080;
+ hoogle = 8008;
+ gemini = 1965;
+ devalloc = 8095;
+ radicale = 5232;
+ jellyfin = 8096;
+ dandel-rovbur = 8080;
+}
diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix
index 65968ce..2a47fc1 100644
--- a/Biz/Cloud/Web.nix
+++ b/Biz/Cloud/Web.nix
@@ -3,13 +3,25 @@
let
rootDomain = config.networking.domain;
bensIp = "199.26.245.64";
+ ports = import ./Ports.nix;
in
{
services = {
+ radicale = {
+ enable = true;
+ config = ''
+ [server]
+ hosts = 0.0.0.0:${toString ports.radicale}, [::]:${toString ports.radicale}
+ [auth]
+ type = htpasswd
+ htpasswd_filename = /etc/radicale/users
+ htpasswd_encryption = plain
+ '';
+ };
gmnisrv = {
enable = true;
settings = {
- listen = "0.0.0.0:1965 [::]:1965";
+ listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}";
":tls" = { store = "/var/lib/gmnisrv"; };
"bsima.me" = {
"root" = "/srv/www/ben";
@@ -90,31 +102,37 @@ in
};
"hoogle.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:8008";
+ locations."/".proxyPass = "http://${bensIp}:${toString ports.hoogle}";
forceSSL = true;
useACMEHost = rootDomain;
};
"tv.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096
+ locations."/".proxyPass = "http://${bensIp}:${toString ports.jellyfin}";
+ forceSSL = true;
+ useACMEHost = rootDomain;
+ };
+
+ "cal.${rootDomain}" = {
+ locations."/".proxyPass = "http://localhost:${toString ports.radicale}";
forceSSL = true;
useACMEHost = rootDomain;
};
"devalloc.io" = {
- locations."/".proxyPass = "http://${bensIp}:8095";
+ locations."/".proxyPass = "http://${bensIp}:${toString ports.devalloc}";
forceSSL = true;
useACMEHost = rootDomain;
};
"dandel-rovbur.${rootDomain}" = {
- locations."/".proxyPass = "http://${bensIp}:8080";
+ locations."/".proxyPass = "http://${bensIp}:${toString ports.dandel-rovbur}";
forceSSL = true;
useACMEHost = rootDomain;
};
"sabten.${rootDomain}" = {
- locations."/".proxyPass = "http://localhost:8080";
+ locations."/".proxyPass = "http://localhost:${toString ports.sabten}";
forceSSL = true;
useACMEHost = rootDomain;
};
@@ -147,5 +165,6 @@ in
"hoogle.${rootDomain}"
"dandel-rovbur.${rootDomain}"
"sabten.${rootDomain}"
+ "cal.${rootDomain}"
];#
}