diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-11-22 09:03:58 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-11-22 09:03:58 -0800 |
| commit | 94182c778e1bfb911fe19a6d8470ed9783dc8435 (patch) | |
| tree | 7cd41ee7f434d0360b33e42d6ff0d18c079dcc44 /machines/nixos/x86_64-linux/do-rproxy.nix | |
| parent | configure the reverse proxy on argonath (diff) | |
| download | infra-94182c778e1bfb911fe19a6d8470ed9783dc8435.tar.gz | |
delete do-rproxy
This machine is replaced by argonath
Diffstat (limited to '')
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy.nix | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix deleted file mode 100644 index 70dd15e..0000000 --- a/machines/nixos/x86_64-linux/do-rproxy.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ config, adminUser, ... }: -{ - imports = [ - ../../../profiles/acme.nix - ../../../profiles/cgroups.nix - ../../../profiles/defaults.nix - ../../../profiles/disk/basic-vm.nix - ../../../profiles/hardware/do-droplet.nix - ../../../profiles/home-manager.nix - ../../../profiles/server.nix - ]; - - age.secrets.wireguard.file = ../../../secrets/do/wireguard.age; - - disko.devices.disk.disk1.device = "/dev/vda"; - - networking.hostName = "do-rproxy"; - - networking.wireguard = { - enable = true; - interfaces.wg0 = { - ips = [ "10.100.0.50/32" ]; - listenPort = 51871; - privateKeyFile = config.age.secrets.wireguard.path; - peers = [ - { - # vm-synology - publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - allowedIPs = [ "10.100.0.40/32" ]; - persistentKeepalive = 25; - } - { - # rivendell - publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; - allowedIPs = [ "10.100.0.60/32" ]; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ 51871 ]; - - system.stateVersion = "25.05"; # Did you read the comment? - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts = { - "code.fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations."/" = { - proxyPass = "http://10.100.0.60"; - }; - }; - "fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations."/" = { - proxyPass = "http://10.100.0.60:8070"; - }; - }; - }; - }; - - home-manager = { - users.${adminUser.name} = { - imports = [ - ../../../home/profiles/minimal.nix - ]; - }; - }; -} |