mirror of
https://github.com/ivabus/nixos
synced 2024-11-10 02:25:18 +03:00
Enable NGINX proxying on rubusidaeus
Setup NGINX proxying for iva.bz and ивабус.рф Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
7d4f264fc5
commit
d5120c1d22
|
@ -68,10 +68,11 @@ curl https://iva.bz/nix | sh
|
||||||
|
|
||||||
- Setup services (which I host)
|
- Setup services (which I host)
|
||||||
- [x] ivabus.dev
|
- [x] ivabus.dev
|
||||||
- [ ] iva.bz
|
- [x] iva.bz (proxying not-Nix env)
|
||||||
- [ ] ивабус.рф
|
- [x] ивабус.рф (proxying not-Nix env)
|
||||||
- Setup "secret" roles (I need them)
|
- Setup "secret" roles (I need them)
|
||||||
- Setup router (in progress with `periculo`)
|
- Setup router (in progress with `periculo`)
|
||||||
|
- Setup dotfiles properly with home-manager
|
||||||
|
|
||||||
## Copyright
|
## Copyright
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, secrets, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
my = import ../..;
|
my = import ../..;
|
||||||
|
@ -54,6 +54,23 @@ in {
|
||||||
defaultGateway = ipv4_gateway; # should set this things through let...
|
defaultGateway = ipv4_gateway; # should set this things through let...
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Semi-static configuration, needs rethinking
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts."iva.bz" = {
|
||||||
|
locations."/".proxyPass = "http://${secrets.maas-address}:8081";
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
serverAliases = [ "www.iva.bz" ];
|
||||||
|
};
|
||||||
|
virtualHosts."xn--80acbx2cl.xn--p1ai" = {
|
||||||
|
locations."/".proxyPass = "http://${secrets.maas-address}:8083";
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
serverAliases = [ "ивабус.рф" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,4 +7,5 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
|
||||||
abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?"
|
abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?"
|
||||||
else {
|
else {
|
||||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||||
|
maas-address = builtins.readFile ./secrets/maas-address;
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/maas-address
Normal file
BIN
secrets/maas-address
Normal file
Binary file not shown.
Loading…
Reference in a new issue