From 8e457614c915e4e7cba354d51779d5112cfd3f35 Mon Sep 17 00:00:00 2001 From: sajenim Date: Tue, 19 Dec 2023 09:21:05 +0800 Subject: [PATCH] fix middlewares name, remove httpd, add nextcloud --- nixos/viridian/services/traefik/default.nix | 2 +- .../{middleware.nix => middlewares.nix} | 18 +++++++++++++++ nixos/viridian/services/traefik/routers.nix | 23 ++++++++++--------- nixos/viridian/services/traefik/services.nix | 6 ++--- 4 files changed, 34 insertions(+), 15 deletions(-) rename nixos/viridian/services/traefik/{middleware.nix => middlewares.nix} (78%) diff --git a/nixos/viridian/services/traefik/default.nix b/nixos/viridian/services/traefik/default.nix index 96f4a75..987237e 100644 --- a/nixos/viridian/services/traefik/default.nix +++ b/nixos/viridian/services/traefik/default.nix @@ -6,7 +6,7 @@ imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/web-servers/traefik.nix" ./routers.nix - ./middleware.nix + ./middlewares.nix ./services.nix ]; diff --git a/nixos/viridian/services/traefik/middleware.nix b/nixos/viridian/services/traefik/middlewares.nix similarity index 78% rename from nixos/viridian/services/traefik/middleware.nix rename to nixos/viridian/services/traefik/middlewares.nix index 9ef5cfa..c8ca73b 100644 --- a/nixos/viridian/services/traefik/middleware.nix +++ b/nixos/viridian/services/traefik/middlewares.nix @@ -42,6 +42,24 @@ # Even if an IP stays in the cache for a period of a month, it must be fetch again after a month. forceMonthlyUpdate = "true"; }; + # Secure headers for nextcloud + nextcloud-secure-headers = { + headers = { + hostsProxyHeaders = [ "X-Forwarded-Host" ]; + referrerPolicy = "same-origin"; + }; + }; + # Redirect HTTPS + https-redirect = { + redirectscheme.scheme = "https"; + }; + # Nextcloud chain + nextcloud-chain = { + chain.middlewares = [ + "https-redirect" + "nextcloud-secure-headers" + ]; + }; }; } diff --git a/nixos/viridian/services/traefik/routers.nix b/nixos/viridian/services/traefik/routers.nix index d85b0af..c649f1a 100644 --- a/nixos/viridian/services/traefik/routers.nix +++ b/nixos/viridian/services/traefik/routers.nix @@ -2,17 +2,6 @@ { services.traefik.dynamicConfigOptions.http.routers = { - httpd = { - rule = "Host(`sajenim.dev`)"; - entryPoints = [ - "websecure" - ]; - middlewares = [ - "geoblock" - ]; - service = "httpd"; - }; - microbin = { rule = "Host(`bin.kanto.dev`)"; entryPoints = [ @@ -155,6 +144,18 @@ ]; service = "jellyseerr"; }; + + nextcloud = { + rule = "Host(`nc.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + # "internal" + "nextcloud-chain" + ]; + service = "nextcloud"; + }; }; } diff --git a/nixos/viridian/services/traefik/services.nix b/nixos/viridian/services/traefik/services.nix index b242a33..643abab 100644 --- a/nixos/viridian/services/traefik/services.nix +++ b/nixos/viridian/services/traefik/services.nix @@ -2,9 +2,6 @@ { services.traefik.dynamicConfigOptions.http.services = { - httpd.loadBalancer.servers = [ - { url = "http://192.168.1.102:5624"; } - ]; microbin.loadBalancer.servers = [ { url = "http://192.168.1.102:8181"; } ]; @@ -41,6 +38,9 @@ jellyseerr.loadBalancer.servers = [ { url = "http://192.168.1.102:5055"; } ]; + nextcloud.loadBalancer.servers = [ + { url = "http://192.168.1.102:11000"; } + ]; }; }