configure the reverse proxy on argonath

1 files changed, 32 insertions, 0 deletions

diff --git a/machines/nixos/x86_64-linux/argonath.nix b/machines/nixos/x86_64-linux/argonath.nix
index 14b698a..af70040 100644
--- a/machines/nixos/x86_64-linux/argonath.nix
+++ b/machines/nixos/x86_64-linux/argonath.nix
@@ -6,6 +6,7 @@
 }:
 {
   imports = [
+    ../../../profiles/acme.nix
     ../../../profiles/cgroups.nix
     ../../../profiles/defaults.nix
     ../../../profiles/hardware/do-droplet.nix
@@ -41,6 +42,37 @@
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "code.fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.60";
+        };
+      };
+      "fcuny.net" = {
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://10.100.0.60:8070";
+        };
+      };
+    };
+  };
+
   system.stateVersion = "25.05"; # Did you read the comment?
 
   home-manager = {