From d5120c1d22a8eea3d3bfda17ea1ad9670f27ab16 Mon Sep 17 00:00:00 2001 From: Ivan Bushchik Date: Fri, 27 Oct 2023 12:29:45 +0300 Subject: [PATCH] Enable NGINX proxying on rubusidaeus MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Setup NGINX proxying for iva.bz and ивабус.рф Signed-off-by: Ivan Bushchik --- README.md | 5 +++-- machines/rubusidaeus/default.nix | 19 ++++++++++++++++++- secrets.nix | 1 + secrets/maas-address | Bin 0 -> 34 bytes 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 secrets/maas-address diff --git a/README.md b/README.md index ff6c144..5b60ad4 100644 --- a/README.md +++ b/README.md @@ -68,10 +68,11 @@ curl https://iva.bz/nix | sh - Setup services (which I host) - [x] ivabus.dev - - [ ] iva.bz - - [ ] ивабус.рф + - [x] iva.bz (proxying not-Nix env) + - [x] ивабус.рф (proxying not-Nix env) - Setup "secret" roles (I need them) - Setup router (in progress with `periculo`) +- Setup dotfiles properly with home-manager ## Copyright diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix index c958e39..8f02a58 100644 --- a/machines/rubusidaeus/default.nix +++ b/machines/rubusidaeus/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, secrets, ... }: let my = import ../..; @@ -54,6 +54,23 @@ in { defaultGateway = ipv4_gateway; # should set this things through let... }; + # Semi-static configuration, needs rethinking + services.nginx = { + virtualHosts."iva.bz" = { + locations."/".proxyPass = "http://${secrets.maas-address}:8081"; + enableACME = true; + addSSL = true; + serverAliases = [ "www.iva.bz" ]; + }; + virtualHosts."xn--80acbx2cl.xn--p1ai" = { + locations."/".proxyPass = "http://${secrets.maas-address}:8083"; + enableACME = true; + addSSL = true; + serverAliases = [ "ивабус.рф" ]; + }; + }; + + hardware.enableRedistributableFirmware = true; system.stateVersion = "23.05"; } diff --git a/secrets.nix b/secrets.nix index a85d20e..4171464 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,4 +7,5 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?" else { hashed-password = builtins.readFile ./secrets/hashed-password; + maas-address = builtins.readFile ./secrets/maas-address; } diff --git a/secrets/maas-address b/secrets/maas-address new file mode 100644 index 0000000000000000000000000000000000000000..9176fd496c974fbb7a53c4bfd97dd19d310d8f5b GIT binary patch literal 34 qcmZQ@_Y83kiVO&0(Dr@q7<6;p%)X