diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-10-24 09:02:29 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-10-24 09:02:29 -0700 |
| commit | e55b8ee0f7073b46fb343a97ee744a95ec40d2ed (patch) | |
| tree | 329c992647f1c420cbf87cec4cca206474f98b39 /machines/nixos/x86_64-linux/do-rproxy/profiles | |
| parent | move a few more things back as profiles (diff) | |
| download | infra-e55b8ee0f7073b46fb343a97ee744a95ec40d2ed.tar.gz | |
simplify hosts management
Diffstat (limited to 'machines/nixos/x86_64-linux/do-rproxy/profiles')
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix | 149 |
1 files changed, 0 insertions, 149 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix deleted file mode 100644 index 5c30175..0000000 --- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: -{ - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; - - security.acme = { - acceptTerms = true; - defaults.email = "franck@fcuny.net"; - certs = { - "code.fcuny.net" = { - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1"; - reloadServices = [ "nginx.service" ]; - credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; - }; - "go.fcuny.net" = { - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1"; - reloadServices = [ "nginx.service" ]; - credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; - }; - "id.fcuny.net" = { - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1"; - reloadServices = [ "nginx.service" ]; - credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; - }; - "fcuny.net" = { - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1"; - reloadServices = [ "nginx.service" ]; - credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; - }; - }; - }; - - services.nginx = - let - accounts = [ - { - user = "franck@fcuny.net"; - realm = "fcuny.net"; - } - ]; - webfingerConfig = { - "= /.well-known/webfinger" = { - extraConfig = '' - return 307 /__webfinger/$arg_resource; - ''; - }; - - "~ ^/__webfinger/(acct:[^/]+@[^/]+)" = { - root = pkgs.linkFarm "webfinger-entries" ( - lib.listToAttrs ( - map (acct: { - name = "acct:${acct.user}"; - value = pkgs.writeText "webfinger-${acct.user}" '' - { - "subject": "acct:${acct.user}", - "links": [ - { - "rel": "http://openid.net/specs/connect/1.0/issuer", - "href": "https://id.fcuny.net/realms/${acct.realm}" - } - ] - } - ''; - }) accounts - ) - ); - - tryFiles = "/$1 =404"; - - extraConfig = '' - add_header Content-Type application/json; - ''; - }; - }; - in - { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts = { - "code.fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations."/" = { - proxyPass = "http://10.100.0.60:3000"; - }; - locations."/metrics" = { - proxyPass = "http://10.100.0.60:3000/metrics"; - extraConfig = '' - deny all; - access_log off; - ''; - }; - }; - "go.fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations."/" = { - proxyPass = "http://10.100.0.40:8070"; - }; - }; - "id.fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - locations = ( - { - "/" = { - proxyPass = "http://10.100.0.60:8080"; - }; - } - // webfingerConfig - ); - }; - "fcuny.net" = { - enableACME = true; - acmeRoot = null; - forceSSL = true; - - root = "${inputs.my-site.packages.x86_64-linux.default}/"; - - locations = { - "/".tryFiles = "$uri $uri/ $uri/index.html =404"; - } - // webfingerConfig; - - extraConfig = '' - error_page 404 /404; - ''; - }; - }; - }; -} |