Add Nginx and pict-rs configurations for enhanced web service management

Introduced separate configuration files for Nginx and pict-rs, enabling a streamlined setup for web services. The Nginx configuration includes reverse proxy settings, automatic SSL certificate generation with Let's Encrypt, and fail2ban for security. The pict-rs configuration facilitates image service management with CORS support. Updated the shared configuration to import these new files, improving modularity and maintainability of the NixOS setup.
2025-10-08 17:19:39 +02:00 · 2025-10-08 17:19:39 +02:00 · ef87fc5906
commit ef87fc5906
parent 667912e732
3 changed files with 101 additions and 42 deletions
--- a/config/pict-rs.nix
+++ b/config/pict-rs.nix
@ -0,0 +1,53 @@
+# pict-rs configuration for NixOS
+# Import this file into your configuration.nix to run pict-rs on 0.0.0.0:6033
+
+{ domain, ... }:
+
+{
+  services.pict-rs = {
+    enable = true;
+    port = 6033;
+  };
+
+  # nginx reverse proxy configuration with CORS support
+  services.nginx.virtualHosts."img.${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:6033";
+      proxyWebsockets = true;
+      extraConfig = ''
+        client_max_body_size 50M;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_connect_timeout 30s;
+        proxy_send_timeout 30s;
+        proxy_read_timeout 30s;
+
+        # CORS headers for web app integration
+        add_header Access-Control-Allow-Origin "*" always;
+        add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With" always;
+        add_header Access-Control-Max-Age 86400 always;
+
+        # Handle preflight OPTIONS requests
+        if ($request_method = 'OPTIONS') {
+          add_header Access-Control-Allow-Origin "*";
+          add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS";
+          add_header Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With";
+          add_header Access-Control-Max-Age 86400;
+          add_header Content-Length 0;
+          add_header Content-Type text/plain;
+          return 204;
+        }
+      '';
+    };
+  };
+}
+
+
+# use # Upload a PNG file 
+# curl -X POST -F "images=@myimage.png" https://img.test.mydomain.com/image
+