root/the_prg_server_configuration_old
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Why... why,,,

Browse source
This commit is contained in:
Root User 2026-02-13 21:09:34 +01:00
parent bf0f9f9a5a
commit a56a7b8115
Signed by: root
GPG key ID: 087F0A95E5766D72
1 changed files with 76 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

70
nix-system-configs/modules/system/traefik.nix
View file

@ -46,7 +46,8 @@ in {
# Configure Anubis service
services.anubis = {
instances."" = {
instances = {
"" = {
enable = true;
settings = {
# Bind to TCP instead of Unix socket for Docker-style integration
@ -79,6 +80,50 @@ in {
METRICS_BIND = "127.0.0.1:8091";
};
};
# Per-service Anubis instances (reverse-proxy mode) ---------------------------
forgejo = {
enable = true;
settings = {
BIND_NETWORK = "tcp";
BIND = "127.0.0.1:8092";
TARGET = "http://10.1.1.4:3000"; # Forgejo backend
DIFFICULTY = 20;
SERVE_ROBOTS_TXT = true;
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
METRICS_BIND_NETWORK = "tcp";
METRICS_BIND = "127.0.0.1:8095";
};
};
wavelog = {
enable = true;
settings = {
BIND_NETWORK = "tcp";
BIND = "127.0.0.1:8093";
TARGET = "http://10.1.1.249:8086"; # Wavelog backend
DIFFICULTY = 20;
SERVE_ROBOTS_TXT = true;
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
METRICS_BIND_NETWORK = "tcp";
METRICS_BIND = "127.0.0.1:8096";
};
};
partdb = {
enable = true;
settings = {
BIND_NETWORK = "tcp";
BIND = "127.0.0.1:8094";
TARGET = "http://10.1.1.249:8087"; # PartDB backend
DIFFICULTY = 20;
SERVE_ROBOTS_TXT = true;
WEBMASTER_EMAIL = "dtu.prg@gmail.com";
METRICS_BIND_NETWORK = "tcp";
METRICS_BIND = "127.0.0.1:8097";
};
};
};
};
services.traefik = {
@ -141,16 +186,6 @@ in {
}
];
# Define Anubis middleware
http.middlewares = {
anubis = {
forwardAuth = {
address = "http://127.0.0.1:8090/.within.website/x/cmd/anubis/api/check";
trustForwardHeader = true;
};
};
};
http.routers = {
#anubis-api = {
# rule = "Host(`anubis.prg-radio.org`) && PathPrefix(`/.within.website/x/cmd/anubis/api`)";
@ -173,7 +208,6 @@ in {
rule = "Host(`git.prg-radio.org`)";
service = "forgejo";
entryPoints = ["websecure"];
middlewares = ["anubis"]; # Add Anubis protection
tls = {};
};
@ -190,22 +224,20 @@ in {
rule = "Host(`wavelog.prg-radio.org`)";
service = "wavelog";
entryPoints = ["websecure"];
middlewares = ["anubis"]; # Add Anubis protection
tls = {};
};
# Protected service: PartDB (remove middleware)
# Protected service: PartDB
partdb = {
rule = "Host(`partdb.prg-radio.org`)";
service = "partdb";
middlewares = ["anubis"]; # Add Anubis protection
entryPoints = ["websecure"];
tls = {};
};
};
http.services = {
# Anubis service
# Anubis service (challenge UI / redirect endpoint)
anubis.loadBalancer = {
servers = [
{url = "http://127.0.0.1:8090";}
@ -215,7 +247,7 @@ in {
forgejo.loadBalancer = {
servers = [
{url = "http://10.1.1.4:3000";}
{url = "http://127.0.0.1:8092";}
];
};
matrix.loadBalancer = {
@ -225,13 +257,13 @@ in {
};
wavelog.loadBalancer = {
servers = [
{url = "http://10.1.1.249:8086";}
{url = "http://127.0.0.1:8093";}
];
};
partdb.loadBalancer = {
servers = [
{url = "http://10.1.1.249:8087";}
{url = "http://127.0.0.1:8094";}
];
};
};