Compare commits

..

2 Commits

Author SHA1 Message Date
d31e18b824 finalize photoprism configuration 2024-10-27 23:55:42 -05:00
55cb186947 stupid wireguard configuration 2024-10-27 23:49:52 -05:00
5 changed files with 42 additions and 10 deletions

View File

@ -107,6 +107,8 @@
hostName = "copernicus";
firewall = {
enable = true;
interfaces = {
eno1 = {
allowedTCPPorts = [ 6000 ];
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
@ -115,6 +117,17 @@
{ from = 1714; to = 1764; } # KDE Connect
];
};
wg0 = {
# allow everything bound to the wg0 interface
allowedTCPPortRanges = [
{ from = 1; to = 35565; }
];
allowedUDPPortRanges = [
{ from = 1; to = 35565; }
];
};
};
};
};
programs.kdeconnect.enable = true;

View File

@ -4,10 +4,12 @@
services.photoprism = {
enable = true;
originalsPath = "/var/lib/photoprism/originals";
passwordFile = "/home/usr/wg-keys/photoprism-password";
settings = {
PHOTOPRISM_ADMIN_USER = "usr";
PHOTOPRISM_ADMIN_PASSWORD = "usr";
PHOTOPRISM_SITE_TITLE = "photos.beepboop.systems";
PHOTOPRISM_SITE_URL = "https://photos.beepboop.systems";
PHOTOPRISM_DEFAULT_LOCALE = "en";
};
};
}

View File

@ -13,8 +13,7 @@
peers = [
{ # netbox
publicKey = "0fOqAfsYO4HvshMPnlkKL7Z1RChq98hjDr0Q8o7OJFE=";
allowedIPs = [ "10.100.0.1" ]; # only server-bound traffic -- everything else
# should be routed via consumer isp
allowedIPs = [ "10.100.0.0/24" ]; # only stuff in the wg-subnet (10.100.0.*)
endpoint = "149.28.63.115:51820";
persistentKeepalive = 25;
}

View File

@ -17,6 +17,7 @@
./nginx.nix
./franklincce.nix
./wireguard.nix
./photoprism-bridge.nix
];
nix = {

View File

@ -0,0 +1,17 @@
{ lib, config, pkgs, ... }:
{
services.nginx.virtualHosts."photos.beepboop.systems" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.100.0.2:2342";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
'';
};
};
}