diff options
Diffstat (limited to '')
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix new file mode 100644 index 0000000..fc273b7 --- /dev/null +++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix @@ -0,0 +1,73 @@ +{ config, ... }: +{ + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "franck@fcuny.net"; + certs = { + "code.fcuny.net" = { + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1"; + reloadServices = [ "nginx.service" ]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; + }; + "go.fcuny.net" = { + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1"; + reloadServices = [ "nginx.service" ]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; + }; + "id.fcuny.net" = { + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1"; + reloadServices = [ "nginx.service" ]; + credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts = { + "code.fcuny.net" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.100.0.40:3000"; + }; + locations."/metrics" = { + proxyPass = "http://10.100.0.40:3000/metrics"; + extraConfig = '' + deny all; + access_log off; + ''; + }; + }; + "go.fcuny.net" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.100.0.40:8070"; + }; + }; + "id.fcuny.net" = { + enableACME = true; + acmeRoot = null; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.100.0.40:8080"; + }; + }; + }; + }; +} |