dev.fron.io nixrc / 8b700ff
profiles(wireguard): unshadow ipv6 Tony Olagbaiye a month ago
2 changed file(s) with 23 addition(s) and 278 deletion(s). Raw diff Collapse all Expand all
14191419 },
14201420 "priv": {
14211421 "locked": {
1422 "narHash": "sha256-BAez5PId3CorMwhafpWwaWSK4lHeXNmSB4OlDSQ3Ji0=",
1422 "narHash": "sha256-x7ut0W7wIJB7aTMnh0E78FYkZaK3R6u8BltAwohEFRw=",
14231423 "ref": "default",
1424 "rev": "1ef050868075d113189e0d50fb9c0e508be50569",
1425 "revCount": 14,
1424 "rev": "270e9e3e37b2c0ad14ed60a305edfe2db641fb24",
1425 "revCount": 16,
14261426 "type": "hg",
14271427 "url": "ssh://bao@delta/../../srv/hg/nixpriv"
14281428 },
2424 entryPoints = [ "http" "https" ];
2525 rule = "Host(`traefik.${domains.home}`)";
2626 service = "api@internal";
27 #middlewares = [ "auth" ];
28 #tls = {
29 # domains = [
30 # {
31 # main = "foobar";
32 # sans = [ "foobar" "foobar" ];
33 # }
34 # {
35 # main = "foobar";
36 # sans = [ "foobar" "foobar" ];
37 # }
38 # ];
39 # options = "foobar";
40 #};
4127 };
4228 auth-request = {
4329 entryPoints = [ "http" "https" ];
115101 dendrite-http-wellknown = dendrite-http // {
116102 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`) || Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
117103 service = "dendrite-wellknown";
118 middlewares = [ "matrix-wellknown" ];
104 middlewares = [ "matrix-wellknown" "no-cors" ];
119105 };
120106 dendrite-https-wellknown = dendrite-https // {
121107 rule = "(Host(`matrix.${domains.srvc}`) || Host(`m.${domains.srvc}`) || Host(`${domains.srvc}`)) && PathPrefix(`/.well-known/matrix`)";
122108 service = "dendrite-wellknown";
123 middlewares = [ "matrix-wellknown" ];
109 middlewares = [ "matrix-wellknown" "no-cors" ];
124110 };
125111 certauth = {
126112 entryPoints = [ "http" "https" ];
235221 { main = "media.${domains.home}"; }
236222 ];
237223 };
238 #Router1 = {
239 # entryPoints = [ "foobar" "foobar" ];
240 # middlewares = [ "foobar" "foobar" ];
241 # priority = 42;
242 # rule = "foobar";
243 # service = "foobar";
244 # tls = {
245 # certResolver = "foobar";
246 # domains = [
247 # {
248 # main = "foobar";
249 # sans = [ "foobar" "foobar" ];
250 # }
251 # {
252 # main = "foobar";
253 # sans = [ "foobar" "foobar" ];
254 # }
255 # ];
256 # options = "foobar";
257 # };
258 #};
259224 };
260225
261226 middlewares = {
271236 matrix-wellknown = {
272237 stripPrefix.prefixes = [ "/.well-known/matrix" ];
273238 };
274 #Middleware00 = { addPrefix = { prefix = "foobar"; }; };
275 #Middleware01 = {
276 # basicAuth = {
277 # headerField = "foobar";
278 # realm = "foobar";
279 # removeHeader = true;
280 # users = [ "foobar" "foobar" ];
281 # usersFile = "foobar";
282 # };
283 #};
284 #Middleware02 = {
285 # buffering = {
286 # maxRequestBodyBytes = 42;
287 # maxResponseBodyBytes = 42;
288 # memRequestBodyBytes = 42;
289 # memResponseBodyBytes = 42;
290 # retryExpression = "foobar";
291 # };
292 #};
293 #Middleware03 = {
294 # chain = { middlewares = [ "foobar" "foobar" ]; };
295 #};
296 #Middleware04 = { circuitBreaker = { expression = "foobar"; }; };
297 #Middleware05 = {
298 # compress = { excludedContentTypes = [ "foobar" "foobar" ]; };
299 #};
300 #Middleware06 = { contentType = { autoDetect = true; }; };
301 #Middleware07 = {
302 # digestAuth = {
303 # headerField = "foobar";
304 # realm = "foobar";
305 # removeHeader = true;
306 # users = [ "foobar" "foobar" ];
307 # usersFile = "foobar";
308 # };
309 #};
310 #Middleware08 = {
311 # errors = {
312 # query = "foobar";
313 # service = "foobar";
314 # status = [ "foobar" "foobar" ];
315 # };
316 #};
317 #Middleware09 = {
318 # forwardAuth = {
319 # address = "foobar";
320 # authResponseHeaders = [ "foobar" "foobar" ];
321 # tls = {
322 # ca = "foobar";
323 # caOptional = true;
324 # cert = "foobar";
325 # insecureSkipVerify = true;
326 # key = "foobar";
327 # };
328 # trustForwardHeader = true;
329 # };
330 #};
331 #Middleware10 = {
332 # headers = {
333 # accessControlAllowCredentials = true;
334 # accessControlAllowHeaders = [ "foobar" "foobar" ];
335 # accessControlAllowMethods = [ "foobar" "foobar" ];
336 # accessControlAllowOrigin = "foobar";
337 # accessControlAllowOriginList = [ "foobar" "foobar" ];
338 # accessControlExposeHeaders = [ "foobar" "foobar" ];
339 # accessControlMaxAge = 42;
340 # addVaryHeader = true;
341 # allowedHosts = [ "foobar" "foobar" ];
342 # browserXssFilter = true;
343 # contentSecurityPolicy = "foobar";
344 # contentTypeNosniff = true;
345 # customBrowserXSSValue = "foobar";
346 # customFrameOptionsValue = "foobar";
347 # customRequestHeaders = {
348 # name0 = "foobar";
349 # name1 = "foobar";
350 # };
351 # customResponseHeaders = {
352 # name0 = "foobar";
353 # name1 = "foobar";
354 # };
355 # featurePolicy = "foobar";
356 # forceSTSHeader = true;
357 # frameDeny = true;
358 # hostsProxyHeaders = [ "foobar" "foobar" ];
359 # isDevelopment = true;
360 # publicKey = "foobar";
361 # referrerPolicy = "foobar";
362 # sslForceHost = true;
363 # sslHost = "foobar";
364 # sslProxyHeaders = {
365 # name0 = "foobar";
366 # name1 = "foobar";
367 # };
368 # sslRedirect = true;
369 # sslTemporaryRedirect = true;
370 # stsIncludeSubdomains = true;
371 # stsPreload = true;
372 # stsSeconds = 42;
373 # };
374 #};
375 #Middleware11 = {
376 # ipWhiteList = {
377 # ipStrategy = {
378 # depth = 42;
379 # excludedIPs = [ "foobar" "foobar" ];
380 # };
381 # sourceRange = [ "foobar" "foobar" ];
382 # };
383 #};
384 #Middleware12 = {
385 # inFlightReq = {
386 # amount = 42;
387 # sourceCriterion = {
388 # ipstrategy = {
389 # depth = 42;
390 # excludedIPs = [ "foobar" "foobar" ];
391 # };
392 # requestHeaderName = "foobar";
393 # requestHost = true;
394 # };
395 # };
396 #};
397 #Middleware13 = {
398 # passTLSClientCert = {
399 # info = {
400 # issuer = {
401 # commonName = true;
402 # country = true;
403 # domainComponent = true;
404 # locality = true;
405 # organization = true;
406 # province = true;
407 # serialNumber = true;
408 # };
409 # notAfter = true;
410 # notBefore = true;
411 # sans = true;
412 # serialNumber = true;
413 # subject = {
414 # commonName = true;
415 # country = true;
416 # domainComponent = true;
417 # locality = true;
418 # organization = true;
419 # province = true;
420 # serialNumber = true;
421 # };
422 # };
423 # pem = true;
424 # };
425 #};
426 #Middleware14 = {
427 # rateLimit = {
428 # average = 42;
429 # burst = 42;
430 # period = 42;
431 # sourceCriterion = {
432 # ipstrategy = {
433 # depth = 42;
434 # excludedIPs = [ "foobar" "foobar" ];
435 # };
436 # requestHeaderName = "foobar";
437 # requestHost = true;
438 # };
439 # };
440 #};
441 #Middleware16 = {
442 # redirectScheme = {
443 # permanent = true;
444 # port = "foobar";
445 # scheme = "foobar";
446 # };
447 #};
448 #Middleware17 = { replacePath = { path = "foobar"; }; };
449 #Middleware18 = {
450 # replacePathRegex = {
451 # regex = "foobar";
452 # replacement = "foobar";
453 # };
454 #};
455 #Middleware19 = { retry = { attempts = 42; }; };
456 #Middleware20 = {
457 # stripPrefix = {
458 # forceSlash = true;
459 # prefixes = [ "foobar" "foobar" ];
460 # };
461 #};
462 #Middleware21 = {
463 # stripPrefixRegex = { regex = [ "foobar" "foobar" ]; };
464 #};
239 no-cors = {
240 headers.accesscontrolalloworigin = "*";
241 };
465242 };
466243
467244 services = {
468245 auth.loadBalancer = {
469 #healthCheck = {
470 # followRedirects = true;
471 # headers = {
472 # name0 = "foobar";
473 # name1 = "foobar";
474 # };
475 # hostname = "foobar";
476 # interval = "foobar";
477 # path = "foobar";
478 # port = 42;
479 # scheme = "foobar";
480 # timeout = "foobar";
481 #};
482246 passHostHeader = true;
483247 responseForwarding = { flushInterval = "100ms"; };
484248 servers = [
605369 { url = "http://10.11.0.2:6767"; }
606370 ];
607371 };
608 #mirror-sample.mirroring = {
609 # maxBodySize = 42;
610 # mirrors = [
611 # { name = "http://127.0.0.1:8384"; percent = 42; }
612 # ];
613 # service = "foobar";
614 #};
615 #weighted-sample.weighted = {
616 # services = [
617 # { name = "foobar"; weight = 42; }
618 # ];
619 # sticky.cookie = {
620 # httpOnly = true;
621 # name = "foobar";
622 # sameSite = "foobar";
623 # secure = true;
624 # };
625 #};
626372 };
627373 };
628374
822568 trustedIPs = [ "127.0.0.1" "${hosts.wireguard.ipv4.zeta}/8" ];
823569 };
824570 #http = {
825 # #middlewares = [ "auth@file" "strip@file" ];
826 # #tls = {
827 # # certResolver = "foobar";
828 # # domains = [
829 # # {
830 # # main = "foobar";
831 # # sans = [ "foobar" "foobar" ];
832 # # }
833 # # {
834 # # main = "foobar";
835 # # sans = [ "foobar" "foobar" ];
836 # # }
837 # # ];
838 # # options = "foobar";
839 # #};
571 # middlewares = [ "auth@file" "strip@file" ];
572 # tls = {
573 # certResolver = "foobar";
574 # domains = [
575 # {
576 # main = "foobar";
577 # sans = [ "foobar" "foobar" ];
578 # }
579 # {
580 # main = "foobar";
581 # sans = [ "foobar" "foobar" ];
582 # }
583 # ];
584 # options = "foobar";
585 # };
840586 #};
841587 proxyProtocol = {
842588 insecure = true;
907653 providers = {
908654 providersThrottleDuration = 10;
909655
910 #docker.exposedByDefault = false;
911656 file = {
912657 debugLogGeneratedTemplate = true;
913658 #directory = "foobar";