mirror of
https://github.com/ivabus/nixos
synced 2024-11-10 02:25:18 +03:00
Enable NGINX proxying on rubusidaeus
Setup NGINX proxying for iva.bz and ивабус.рф Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
parent
7d4f264fc5
commit
d5120c1d22
|
@ -68,10 +68,11 @@ curl https://iva.bz/nix | sh
|
|||
|
||||
- Setup services (which I host)
|
||||
- [x] ivabus.dev
|
||||
- [ ] iva.bz
|
||||
- [ ] ивабус.рф
|
||||
- [x] iva.bz (proxying not-Nix env)
|
||||
- [x] ивабус.рф (proxying not-Nix env)
|
||||
- Setup "secret" roles (I need them)
|
||||
- Setup router (in progress with `periculo`)
|
||||
- Setup dotfiles properly with home-manager
|
||||
|
||||
## Copyright
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, secrets, ... }:
|
||||
|
||||
let
|
||||
my = import ../..;
|
||||
|
@ -54,6 +54,23 @@ in {
|
|||
defaultGateway = ipv4_gateway; # should set this things through let...
|
||||
};
|
||||
|
||||
# Semi-static configuration, needs rethinking
|
||||
services.nginx = {
|
||||
virtualHosts."iva.bz" = {
|
||||
locations."/".proxyPass = "http://${secrets.maas-address}:8081";
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
serverAliases = [ "www.iva.bz" ];
|
||||
};
|
||||
virtualHosts."xn--80acbx2cl.xn--p1ai" = {
|
||||
locations."/".proxyPass = "http://${secrets.maas-address}:8083";
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
serverAliases = [ "ивабус.рф" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -7,4 +7,5 @@ in if (canaryHash != expectedHash && config.my.features.secrets) then
|
|||
abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?"
|
||||
else {
|
||||
hashed-password = builtins.readFile ./secrets/hashed-password;
|
||||
maas-address = builtins.readFile ./secrets/maas-address;
|
||||
}
|
||||
|
|
BIN
secrets/maas-address
Normal file
BIN
secrets/maas-address
Normal file
Binary file not shown.
Loading…
Reference in a new issue