Commit 7033c8234ce1
Changed files (1)
systems
aix
systems/aix/extra.nix
@@ -5,9 +5,6 @@
...
}:
let
- # Rhea's VPN IP for TLS proxy backend
- rheaVpnIP = lib.head globals.machines.rhea.net.vpn.ips;
-
# Aix's local IP for DNS resolution
aixLocalIP = "192.168.1.75";
@@ -149,45 +146,5 @@ in
};
};
- # Nginx TCP/TLS pass-through to rhea's Traefik
- nginx = {
- enable = true;
-
- # Enable stream module for TCP/TLS proxying
- streamConfig = ''
- # Map SNI hostname to backend
- # All services go to rhea's Traefik, which routes internally
- map $ssl_preread_server_name $backend {
- navidrome.sbr.pm ${rheaVpnIP}:443;
- music.sbr.pm ${rheaVpnIP}:443;
- jellyfin.sbr.pm ${rheaVpnIP}:443;
- audiobookshelf.sbr.pm ${rheaVpnIP}:443;
- podcasts.sbr.pm ${rheaVpnIP}:443;
- immich.sbr.pm ${rheaVpnIP}:443;
- transmission.sbr.pm ${rheaVpnIP}:443;
- transmission-music.sbr.pm ${rheaVpnIP}:443;
- t.sbr.pm ${rheaVpnIP}:443;
- tm.sbr.pm ${rheaVpnIP}:443;
- default ${rheaVpnIP}:443;
- }
-
- # HTTPS proxy server
- server {
- listen 443;
- listen [::]:443;
-
- # Read SNI without terminating TLS
- ssl_preread on;
-
- # Forward to rhea's Traefik
- proxy_pass $backend;
-
- # Connection settings for streaming
- proxy_connect_timeout 5s;
- proxy_timeout 24h;
- proxy_buffer_size 16k;
- }
- '';
- };
};
}