Enable NGINX proxying on rubusidaeus

Setup NGINX proxying for iva.bz and ивабус.рф

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>

README.md

@@ -68,10 +68,11 @@ curl https://iva.bz/nix | sh
 
 - Setup services (which I host)
   - [x] ivabus.dev
-  - [ ] iva.bz
-  - [ ] ивабус.рф
+  - [x] iva.bz (proxying not-Nix env)
+  - [x] ивабус.рф (proxying not-Nix env)
 - Setup "secret" roles (I need them)
 - Setup router (in progress with `periculo`)
+- Setup dotfiles properly with home-manager
 
 ## Copyright
 

machines/rubusidaeus/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, secrets, ... }:
 
 let
   my = import ../..;
@@ -54,6 +54,23 @@ in {
     defaultGateway = ipv4_gateway; # should set this things through let...
   };
 
+  # Semi-static configuration, needs rethinking
+  services.nginx = {
+    virtualHosts."iva.bz" = {
+      locations."/".proxyPass = "http://${secrets.maas-address}:8081";
+      enableACME = true;
+      addSSL = true;
+      serverAliases = [ "www.iva.bz" ];
+    };
+    virtualHosts."xn--80acbx2cl.xn--p1ai" = {
+      locations."/".proxyPass = "http://${secrets.maas-address}:8083";
+      enableACME = true;
+      addSSL = true;
+      serverAliases = [ "ивабус.рф" ];
+    };
+  };
+
+
   hardware.enableRedistributableFirmware = true;
   system.stateVersion = "23.05";
 }

secrets.nix

@@ -7,4 +7,5 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
   abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?"
 else {
   hashed-password = builtins.readFile ./secrets/hashed-password;
+  maas-address = builtins.readFile ./secrets/maas-address;
 }