Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add Firefox Sync module and update DNS settings for sync.cloonar.com

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-06-01 17:01:12 +02:00
parent 4969520222
commit 365d15767b
5 changed files with 32 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fw/configuration.nix
View File

@@ -47,7 +47,7 @@
# ha customers
./modules/ha-customers
# ./modules/firefox-sync.nix
./modules/firefox-sync.nix
# home assistant
./modules/home-assistant

1
hosts/fw/modules/dnsmasq.nix
View File

@@ -125,6 +125,7 @@
"/web.hilgenberg-gmbh.de/91.107.197.169"
# gaming
"/foundry-vtt.cloonar.com/${config.networkPrefix}.97.5"
"/sync.cloonar.com/${config.networkPrefix}.97.5"
"/deconz.cloonar.multimedia/${config.networkPrefix}.97.22"

53
hosts/fw/modules/firefox-sync.nix
View File

@@ -1,6 +1,7 @@
{ config, pkgs, ... }:
let
domain = "sync.cloonar.com";
networkPrefix = config.networkPrefix;
in {
sops.secrets.firefox-sync = { };
@@ -14,45 +15,22 @@ in {
privateNetwork = true;
hostBridge = "server";
hostAddress = "${config.networkPrefix}.97.1";
localAddress = "${config.networkPrefix}.97.51/24";
localAddress = "${config.networkPrefix}.97.6/24";
bindMounts = {
"/run/secrets/firefox-sync" = {
hostPath = "/run/secrets/firefox-sync";
isReadOnly = true;
};
"/var/lib/acme/${domain}/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
isReadOnly = true;
};
};
config = { lib, config, pkgs, ... }: {
networking = {
hostName = "firefox-sync";
useHostResolvConf = false;
defaultGateway = {
address = "${config.networkPrefix}.97.1";
address = "${networkPrefix}.97.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "${config.networkPrefix}.97.1" ];
};
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem";
listen = [
{
addr = "0.0.0.0";
ssl = true;
port = 5000;
}
];
locations."/" = {
proxyPass = "http://localhost:5001/";
recommendedProxySettings = true;
};
nameservers = [ "${networkPrefix}.97.1" ];
};
services.mysql.package = pkgs.mariadb;
@@ -60,22 +38,31 @@ in {
enable = true;
singleNode = {
enable = true;
enableNginx = false;
hostname = domain;
url = "https://${domain}";
};
settings = {
port = 5001;
tokenserver.enable = true;
};
secrets = "/run/secrets/firefox-sync";
logLevel = "trace";
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
services.nginx = {
enable = true;
virtualHosts."${domain}" = {
forceSSL = false;
enableACME = false;
locations."/" = {
proxyPass = "http://localhost:5000/";
};
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
system.stateVersion = "23.05";
};

9
hosts/fw/modules/web/proxies.nix
View File

@@ -16,4 +16,13 @@
proxyWebsockets = true;
};
};
services.nginx.virtualHosts."sync.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://${config.networkPrefix}.97.6:80";
proxyWebsockets = true;
};
};
}