changedetection.io

author: Gregor Kleen <gkleen@yggdrasil.li> 2025-12-09 10:27:01 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2025-12-09 10:27:01 +0100
commit: 5d879efa0c9ed73d7f6f19acebb87843c86a46e2 (patch)
tree: 22f4302c5adcb8dfc76d86f6656fae542746c5a4 /hosts/surtr/changedetection-io.nix
parent: c2c76862d348b4a32a0292bad0b954672c9e162d (diff)
download: nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.gz
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.bz2
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.xz
nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.zip
1 files changed, 66 insertions, 0 deletions
diff --git a/hosts/surtr/changedetection-io.nix b/hosts/surtr/changedetection-io.nix
new file mode 100644
index 00000000..bfdedee1
--- /dev/null
+++ b/hosts/surtr/changedetection-io.nix
@@ -0,0 +1,66 @@
+{ config, ... }:
+{
+  config = {
+    security.acme.rfc2136Domains = {
+      "changedetection.yggdrasil.li" = {
+        restartUnits = ["nginx.service"];
+      };
+    };
+    services.nginx = {
+      upstreams."changedetection-io" = {
+        servers = {
+          "[2a03:4000:52:ada:4:1::]:5001" = {};
+        };
+        extraConfig = ''
+          keepalive 8;
+        '';
+      };
+      virtualHosts = {
+        "changedetection.yggdrasil.li" = {
+          kTLS = true;
+          http3 = true;
+          forceSSL = true;
+          sslCertificate = "/run/credentials/nginx.service/changedetection.yggdrasil.li.pem";
+          sslCertificateKey = "/run/credentials/nginx.service/changedetection.yggdrasil.li.key.pem";
+          sslTrustedCertificate = "/run/credentials/nginx.service/changedetection.yggdrasil.li.chain.pem";
+          extraConfig = ''
+            charset utf-8;
+          '';
+          locations = {
+            "/".extraConfig = ''
+              proxy_pass http://changedetection-io;
+              proxy_http_version 1.1;
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection "upgrade";
+              proxy_redirect off;
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+              proxy_set_header X-Forwarded-Host $server_name;
+              proxy_set_header X-Forwarded-Proto $scheme;
+              client_max_body_size 0;
+              proxy_request_buffering off;
+              proxy_buffering off;
+            '';
+          };
+        };
+      };
+    };
+    systemd.services.nginx = {
+      serviceConfig = {
+        LoadCredential = [
+          "changedetection.yggdrasil.li.key.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/key.pem"
+          "changedetection.yggdrasil.li.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/fullchain.pem"
+          "changedetection.yggdrasil.li.chain.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/chain.pem"
+        ];
+      };
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2025-12-09 10:27:01 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2025-12-09 10:27:01 +0100
commit	5d879efa0c9ed73d7f6f19acebb87843c86a46e2 (patch)
tree	22f4302c5adcb8dfc76d86f6656fae542746c5a4 /hosts/surtr/changedetection-io.nix
parent	c2c76862d348b4a32a0292bad0b954672c9e162d (diff)
download	nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.gz nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.bz2 nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.tar.xz nixos-5d879efa0c9ed73d7f6f19acebb87843c86a46e2.zip

diff --git a/hosts/surtr/changedetection-io.nix b/hosts/surtr/changedetection-io.nix new file mode 100644 index 00000000..bfdedee1 --- /dev/null +++ b/hosts/surtr/changedetection-io.nix
@@ -0,0 +1,66 @@
	1	{ config, ... }:
	2
	3	{
	4	config = {
	5	security.acme.rfc2136Domains = {
	6	"changedetection.yggdrasil.li" = {
	7	restartUnits = ["nginx.service"];
	8	};
	9	};
	10
	11	services.nginx = {
	12	upstreams."changedetection-io" = {
	13	servers = {
	14	"[2a03:4000:52:ada:4:1::]:5001" = {};
	15	};
	16	extraConfig = ''
	17	keepalive 8;
	18	'';
	19	};
	20	virtualHosts = {
	21	"changedetection.yggdrasil.li" = {
	22	kTLS = true;
	23	http3 = true;
	24	forceSSL = true;
	25	sslCertificate = "/run/credentials/nginx.service/changedetection.yggdrasil.li.pem";
	26	sslCertificateKey = "/run/credentials/nginx.service/changedetection.yggdrasil.li.key.pem";
	27	sslTrustedCertificate = "/run/credentials/nginx.service/changedetection.yggdrasil.li.chain.pem";
	28	extraConfig = ''
	29	charset utf-8;
	30	'';
	31
	32	locations = {
	33	"/".extraConfig = ''
	34	proxy_pass http://changedetection-io;
	35
	36	proxy_http_version 1.1;
	37	proxy_set_header Upgrade $http_upgrade;
	38	proxy_set_header Connection "upgrade";
	39
	40	proxy_redirect off;
	41	proxy_set_header Host $host;
	42	proxy_set_header X-Real-IP $remote_addr;
	43	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	44	proxy_set_header X-Forwarded-Host $server_name;
	45	proxy_set_header X-Forwarded-Proto $scheme;
	46
	47	client_max_body_size 0;
	48	proxy_request_buffering off;
	49	proxy_buffering off;
	50	'';
	51	};
	52	};
	53	};
	54	};
	55
	56	systemd.services.nginx = {
	57	serviceConfig = {
	58	LoadCredential = [
	59	"changedetection.yggdrasil.li.key.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/key.pem"
	60	"changedetection.yggdrasil.li.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/fullchain.pem"
	61	"changedetection.yggdrasil.li.chain.pem:${config.security.acme.certs."changedetection.yggdrasil.li".directory}/chain.pem"
	62	];
	63	};
	64	};
	65	};
	66	}