From bc02ce251e27cd96fc9315fa50d5ff806e1cd699 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Wed, 13 Apr 2022 13:50:26 -0700
Subject: unifi: use nginx for reverse proxy

---
 modules/services/unifi/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'modules/services/unifi/default.nix')

diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix
index ee5ec6d..137e8ed 100644
--- a/modules/services/unifi/default.nix
+++ b/modules/services/unifi/default.nix
@@ -63,6 +63,20 @@ in {
       };
     };
 
+    services.nginx.virtualHosts."unifi.fcuny.xyz" = {
+      forceSSL = true;
+      useACMEHost = "unifi.fcuny.xyz";
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8443";
+        proxyWebsockets = true;
+      };
+    };
+
+    security.acme.certs."unifi.fcuny.xyz" = {
+      dnsProvider = "gcloud";
+      credentialsFile = secrets."acme/credentials".path;
+    };
+
     my.services.backup = { paths = [ "/var/lib/unifi" ]; };
   };
 }
-- 
cgit v1.2.3