tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Resolve merge conflict

Browse source
This commit is contained in:
Théo Barnouin 2024-10-16 14:15:56 +02:00
commit 6d8ea1ede4
3 changed files with 38 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
flake.nix
View file

@ -95,6 +95,18 @@
inherit system; inherit system;
}; };
}; };
nginx = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
"${inputs.self}/services"
{
networking.hostName = "nginx";
services.vm_nginx = {
enable = true;
};
}
];
};
jellyfin = nixpkgs.lib.nixosSystem { jellyfin = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
@ -116,6 +128,18 @@
} }
]; ];
}; };
redis = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
"${inputs.self}/services"
{
networking.hostName = "redis";
services.vm_redis = {
enable = true;
};
}
];
};
grafana = nixpkgs.lib.nixosSystem { grafana = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [

10
services/minimalConfig/default.nix
View file

@ -1,12 +1,18 @@
{ config, pkgs, lib, inputs, ... }: { config, pkgs, lib, inputs, modulesPath, ... }:
{ {
nix = { nix = {
settings.experimental-features = [ "nix-command" "flakes" ]; settings.experimental-features = [ "nix-command" "flakes" ];
settings.trusted-users = [ "root" "@wheel" ]; settings.trusted-users = [ "root" "@wheel" ];
}; };
imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
networking = { networking = {
hostName = "${config.services.vm.hostname}";
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 9002 ]; allowedTCPPorts = [ 22 9002 ];

12
services/nginx/default.nix
View file

@ -55,16 +55,16 @@ in
https "max-age=31536000; includeSubdomains; preload"; https "max-age=31536000; includeSubdomains; preload";
} }
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services. # Enable CSP for your services.
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame # Disable embedding as a frame
add_header X-Frame-Options DENY; add_header X-Frame-Options SAMEORIGIN;
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
client_body_buffer_size 400M; client_body_buffer_size 400M;
@ -121,7 +121,7 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://192.168.1.25:9000"; proxyPass = "http://192.168.1.125:9000";
recommendedProxySettings = true; recommendedProxySettings = true;
proxyWebsockets = true; proxyWebsockets = true;
}; };