diff --git a/README.md b/README.md index ff6c144..5b60ad4 100644 --- a/README.md +++ b/README.md @@ -68,10 +68,11 @@ curl https://iva.bz/nix | sh - Setup services (which I host) - [x] ivabus.dev - - [ ] iva.bz - - [ ] ивабус.рф + - [x] iva.bz (proxying not-Nix env) + - [x] ивабус.рф (proxying not-Nix env) - Setup "secret" roles (I need them) - Setup router (in progress with `periculo`) +- Setup dotfiles properly with home-manager ## Copyright diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix index c958e39..8f02a58 100644 --- a/machines/rubusidaeus/default.nix +++ b/machines/rubusidaeus/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, secrets, ... }: let my = import ../..; @@ -54,6 +54,23 @@ in { defaultGateway = ipv4_gateway; # should set this things through let... }; + # Semi-static configuration, needs rethinking + services.nginx = { + virtualHosts."iva.bz" = { + locations."/".proxyPass = "http://${secrets.maas-address}:8081"; + enableACME = true; + addSSL = true; + serverAliases = [ "www.iva.bz" ]; + }; + virtualHosts."xn--80acbx2cl.xn--p1ai" = { + locations."/".proxyPass = "http://${secrets.maas-address}:8083"; + enableACME = true; + addSSL = true; + serverAliases = [ "ивабус.рф" ]; + }; + }; + + hardware.enableRedistributableFirmware = true; system.stateVersion = "23.05"; } diff --git a/secrets.nix b/secrets.nix index a85d20e..4171464 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,4 +7,5 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?" else { hashed-password = builtins.readFile ./secrets/hashed-password; + maas-address = builtins.readFile ./secrets/maas-address; } diff --git a/secrets/maas-address b/secrets/maas-address new file mode 100644 index 0000000..9176fd4 Binary files /dev/null and b/secrets/maas-address differ