box: setup invidious on tailnet
tailnet: poke holes for work to rimgo and invidious
This commit is contained in:
parent
5f11c31055
commit
73d5c32427
@ -24,6 +24,8 @@ let
|
|||||||
tv = "100.118.196.38";
|
tv = "100.118.196.38";
|
||||||
ollama = "100.121.227.121";
|
ollama = "100.121.227.121";
|
||||||
display = "100.77.35.34";
|
display = "100.77.35.34";
|
||||||
|
rimgo = "100.121.77.91";
|
||||||
|
invidious = "100.71.57.99";
|
||||||
};
|
};
|
||||||
|
|
||||||
tagOwners = {
|
tagOwners = {
|
||||||
@ -59,7 +61,7 @@ let
|
|||||||
{
|
{
|
||||||
"action" = "accept";
|
"action" = "accept";
|
||||||
"src" = [ "tag:work" ];
|
"src" = [ "tag:work" ];
|
||||||
"dst" = [ "console:2222" "startpage:443" ];
|
"dst" = [ "console:2222" "startpage:443" "rimgo:443" "invidious:443" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
"action" = "accept";
|
"action" = "accept";
|
||||||
|
|||||||
@ -101,8 +101,6 @@ in
|
|||||||
graph_key = mkNginxSecret;
|
graph_key = mkNginxSecret;
|
||||||
bw_cert = mkNginxSecret;
|
bw_cert = mkNginxSecret;
|
||||||
bw_key = mkNginxSecret;
|
bw_key = mkNginxSecret;
|
||||||
invidious_cert = mkNginxSecret;
|
|
||||||
invidious_key = mkNginxSecret;
|
|
||||||
readarr_cert = mkNginxSecret;
|
readarr_cert = mkNginxSecret;
|
||||||
readarr_key = mkNginxSecret;
|
readarr_key = mkNginxSecret;
|
||||||
home_cert = mkNginxSecret;
|
home_cert = mkNginxSecret;
|
||||||
@ -266,6 +264,12 @@ in
|
|||||||
};
|
};
|
||||||
ts-reverse-proxy = {
|
ts-reverse-proxy = {
|
||||||
servers = {
|
servers = {
|
||||||
|
"invidious-service" = {
|
||||||
|
enable = true;
|
||||||
|
reverseName = "invidious";
|
||||||
|
reversePort = config.services.invidious.port;
|
||||||
|
reverseIP = config.services.invidious.address;
|
||||||
|
};
|
||||||
"rimgo-service" = {
|
"rimgo-service" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
reverseName = "rimgo";
|
reverseName = "rimgo";
|
||||||
@ -484,7 +488,7 @@ in
|
|||||||
host = lib.mkForce "127.0.0.1";
|
host = lib.mkForce "127.0.0.1";
|
||||||
port = 5432;
|
port = 5432;
|
||||||
};
|
};
|
||||||
domain = "invidious.bold.daemon";
|
domain = "invidious.otter-alligator.ts.net";
|
||||||
https_only = true;
|
https_only = true;
|
||||||
popular_enabled = false;
|
popular_enabled = false;
|
||||||
statistics_enabled = false;
|
statistics_enabled = false;
|
||||||
@ -898,17 +902,6 @@ in
|
|||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"invidious.bold.daemon" = {
|
|
||||||
forceSSL = true;
|
|
||||||
sslCertificateKey = "${config.sops.secrets.invidious_key.path}";
|
|
||||||
sslCertificate = "${config.sops.secrets.invidious_cert.path}";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${
|
|
||||||
toString config.services.invidious.port
|
|
||||||
}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
"box.otter-alligator.ts.net" = {
|
"box.otter-alligator.ts.net" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
|
sslCertificateKey = "/etc/nixos/secrets/box.otter-alligator.ts.net.key";
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user