meet: move service: VEGAS -> prophet
This commit is contained in:
parent
58560480e7
commit
7b065d47f0
4 changed files with 56 additions and 2 deletions
|
|
@ -27,7 +27,6 @@
|
||||||
./services/hyprspace
|
./services/hyprspace
|
||||||
./services/ipfs
|
./services/ipfs
|
||||||
./services/jokes
|
./services/jokes
|
||||||
./services/meet
|
|
||||||
./services/nextcloud
|
./services/nextcloud
|
||||||
./services/nfs
|
./services/nfs
|
||||||
./services/mail
|
./services/mail
|
||||||
|
|
|
||||||
39
hosts/prophet/modules/nginx/default.nix
Normal file
39
hosts/prophet/modules/nginx/default.nix
Normal file
|
|
@ -0,0 +1,39 @@
|
||||||
|
{ lib, config, tools, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (tools.meta) domain adminEmail;
|
||||||
|
in
|
||||||
|
with tools.nginx.vhosts;
|
||||||
|
with tools.nginx.mappers;
|
||||||
|
{
|
||||||
|
security.acme.email = adminEmail;
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
proxyResolveWhileRunning = false;
|
||||||
|
resolver = {
|
||||||
|
addresses = [ "127.0.0.1" ];
|
||||||
|
valid = "30s";
|
||||||
|
};
|
||||||
|
appendHttpConfig = ''
|
||||||
|
server_names_hash_bucket_size 128;
|
||||||
|
proxy_headers_hash_max_size 4096;
|
||||||
|
proxy_headers_hash_bucket_size 128;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.phpfpm.pools.www = {
|
||||||
|
inherit (config.services.nginx) user group;
|
||||||
|
settings = {
|
||||||
|
pm = "ondemand";
|
||||||
|
"pm.max_children" = 16;
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"listen.group" = config.services.nginx.group;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
systemd.services.nginx.after = [ "network-online.target" ];
|
||||||
|
}
|
||||||
|
|
@ -1,4 +1,10 @@
|
||||||
{ lib, tools, ... }:
|
{ config, lib, hosts, tools, ... }:
|
||||||
|
let
|
||||||
|
host = hosts.${config.networking.hostName};
|
||||||
|
inherit (host) interfaces;
|
||||||
|
|
||||||
|
isNAT = interfaces.primary ? addrPublic;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
services.jitsi-meet = {
|
services.jitsi-meet = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -24,4 +30,11 @@
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
boot.kernel.sysctl."net.core.rmem_max" = lib.mkForce 10485760;
|
boot.kernel.sysctl."net.core.rmem_max" = lib.mkForce 10485760;
|
||||||
|
|
||||||
|
environment.etc."jitsi/videobridge/sip-communicator.properties" = lib.optionalAttrs isNAT {
|
||||||
|
text = ''
|
||||||
|
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=${interfaces.primary.addr}
|
||||||
|
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=${interfaces.primary.addrPublic}
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
@ -6,10 +6,13 @@
|
||||||
# Hardware
|
# Hardware
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./modules/nginx
|
||||||
inputs.agenix.nixosModules.age
|
inputs.agenix.nixosModules.age
|
||||||
|
|
||||||
|
./services/meet
|
||||||
aspect.modules.ipfs
|
aspect.modules.ipfs
|
||||||
|
|
||||||
|
|
||||||
]
|
]
|
||||||
++ aspect.sets.server;
|
++ aspect.sets.server;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue