SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 16 Pull Requests 1 Projects Releases Wiki Activity

Compare commits

merge into: SelfPrivacy:flakes
Branches Tags
SelfPrivacy:flakes
SelfPrivacy:inex/test-autobackup
SelfPrivacy:inex/test-systemd-rebuild
SelfPrivacy:master
SelfPrivacy:pre-release
SelfPrivacy:flake-to-override-folder
SelfPrivacy:flake-to-override
SelfPrivacy:systemd-limits
SelfPrivacy:ldap
SelfPrivacy:api-redis
SelfPrivacy:pleroma-fixes
SelfPrivacy:development
SelfPrivacy:rolling-testing
...
pull from: SelfPrivacy:rolling-testing
Branches Tags
SelfPrivacy:flakes
SelfPrivacy:inex/test-autobackup
SelfPrivacy:inex/test-systemd-rebuild
SelfPrivacy:master
SelfPrivacy:pre-release
SelfPrivacy:flake-to-override-folder
SelfPrivacy:flake-to-override
SelfPrivacy:systemd-limits
SelfPrivacy:ldap
SelfPrivacy:api-redis
SelfPrivacy:pleroma-fixes
SelfPrivacy:development
SelfPrivacy:rolling-testing

16 Commits
flakes ... rolling-te

Author SHA1 Message Date
Inex Code d8b27cb4eb roll back the roll back 2022-02-16 11:07:25 +03:00
Inex Code df5aba5fa5 Revert "Merge pull request 'Fixed Jitsi functionality and Jitsi certificate resolution' (#14) from jitsi-fixes into master" 
This reverts commit dc767677d8, reversing
changes made to d4bb381693.
 2022-02-16 11:07:25 +03:00
Illia Chub 3497ddd0a2 Fixed Jitsi functionality and Jitsi certificate resolution 2022-02-16 11:07:25 +03:00
Illia Chub a448d4da5d Added missing dependencies 2022-02-16 10:40:43 +03:00
Illia Chub ed3a4d6a0c Resolved build issues with DNS-01 nad webroot enabled 2022-02-16 10:40:43 +03:00
Inex Code 059ce9fce2 Revert "Merge pull request 'Fixed Jitsi functionality and Jitsi certificate resolution' (#14) from jitsi-fixes into master" 
This reverts commit dc767677d8, reversing
changes made to d4bb381693.
 2022-02-16 10:40:43 +03:00
Illia Chub 471eb89795 Fixed Jitsi functionality and Jitsi certificate resolution 2022-02-16 10:40:43 +03:00
Inex Code 0784a1fe17 Merge branch 'master' into rolling-testing 2022-01-14 04:00:31 +03:00
Inex Code cab6153c5e Fix pleroma permissions 2021-12-16 16:51:43 +03:00
Inex Code 2f6e0cc7a1 Move to master branch 2021-12-16 14:34:01 +03:00
Inex Code e5ba447380 Merge branch 'master' into rolling-testing 2021-12-16 14:31:27 +03:00
Inex Code ab74b26a87 Overwrite nextcloud protocol to https 2021-12-06 10:43:24 +03:00
Inex Code bad5bb0e2e Make config files in /var rewritable by Nix 2021-12-02 23:30:53 +03:00
Inex Code aae56b1aa7 Update API to properly support b2 2021-12-02 18:16:16 +03:00
Inex Code 266d0c76b5 Merge branch 'system-configuration' into rolling-testing 2021-11-30 23:53:30 +03:00
Inex Code 760ea2c2a6 DO NOT MERGE: fetch rolling branch of nix-repo 2021-11-30 23:20:53 +03:00
4 changed files with 11 additions and 48 deletions
Show Stats Expand all files Collapse all files

4
configuration.nix
View File

@ -35,8 +35,8 @@ in
networking = {
hostName = config.services.userdata.hostname;
firewall = {
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
allowedUDPPorts = lib.mkForce [ 8443 ];
allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
allowedUDPPorts = lib.mkForce [ 8443 10000 ];
};
nameservers = [ "1.1.1.1" "1.0.0.1" ];
};

10
letsencrypt/acme.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
cfg = config.services.userdata;
in
@ -9,7 +9,7 @@ in
security.acme = {
acceptTerms = true;
email = "${cfg.username}@${cfg.domain}";
certs = {
certs = lib.mkForce {
"${cfg.domain}" = {
domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ];
@ -17,6 +17,12 @@ in
dnsProvider = "cloudflare";
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
};
"meet.${cfg.domain}" = {
domain = "meet.${cfg.domain}";
group = "acmerecievers";
dnsProvider = "cloudflare";
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
};
};
};
}

2
videomeet/jitsi.nix
View File

@ -6,7 +6,7 @@ in
services.jitsi-meet = {
enable = config.services.userdata.jitsi.enable;
hostName = "meet.${domain}";
nginx.enable = false;
nginx.enable = true;
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;

43
webserver/nginx.nix
View File

@ -89,49 +89,6 @@ in
};
};
};
"meet.${domain}" = {
forceSSL = true;
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
root = pkgs.jitsi-meet;
extraConfig = ''
ssi on;
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
expires 10m;
'';
locations = {
"@root_path" = {
extraConfig = ''
rewrite ^/(.*)$ / break;
'';
};
"~ ^/([^/\\?&:'\"]+)$" = {
tryFiles = "$uri @root_path";
};
"=/http-bind" = {
proxyPass = "http://localhost:5280/http-bind";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';
};
"=/external_api.js" = {
alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
};
"=/config.js" = {
alias = "${pkgs.jitsi-meet}/config.js";
};
"=/interface_config.js" = {
alias = "${pkgs.jitsi-meet}/interface_config.js";
};
};
};
"password.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";