From 2810ed2ffdd7fb52dd84051784475837f7de55ff Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Tue, 28 Jan 2025 22:17:34 -0500 Subject: [PATCH] Streaming across Tailscale for the win --- modules/hosts/nixos/hetznix01/default.nix | 2 ++ .../nixos/hetznix01/post-install/nginx.nix | 18 ++++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/hosts/nixos/hetznix01/default.nix b/modules/hosts/nixos/hetznix01/default.nix index 820e3c2..0be1fcb 100644 --- a/modules/hosts/nixos/hetznix01/default.nix +++ b/modules/hosts/nixos/hetznix01/default.nix @@ -29,7 +29,9 @@ 443 # https to local Nginx 465 # SMTP with TLS 587 # SMTP with STARTTLS + 8333 # Bitcoin Core 8448 # Matrix Synapse + 9735 # LND ]; # firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. diff --git a/modules/hosts/nixos/hetznix01/post-install/nginx.nix b/modules/hosts/nixos/hetznix01/post-install/nginx.nix index f5366ba..31305c4 100644 --- a/modules/hosts/nixos/hetznix01/post-install/nginx.nix +++ b/modules/hosts/nixos/hetznix01/post-install/nginx.nix @@ -2,6 +2,7 @@ domain = "technicalissues.us"; http_port = 80; https_port = 443; + private_btc = "100.83.153.7"; in { services.nginx = { @@ -19,6 +20,19 @@ in { } add_header Strict-Transport-Security $hsts_header; ''; + streamConfig = '' + server { + listen 0.0.0.0:8333; + listen [::]:8333; + proxy_pass ${private_btc}:8333; + } + + server { + listen 0.0.0.0:9735; + listen [::]:9735; + proxy_pass ${private_btc}:9735; + } + ''; virtualHosts = { "hetznix01.${domain}" = { serverAliases = [ @@ -70,9 +84,9 @@ in { acmeRoot = null; forceSSL = true; # basicAuthFile = config.sops.secrets.owntracks_basic_auth.path; - # Albyhub container + # Albyhub via Tailscale locations."/" = { - proxyPass = "http://127.0.0.1:8080"; + proxyPass = "http://${private_btc}:59000"; proxyWebsockets = true; }; };