From 38b2fd0bcceeed8da7eb736ff3ecc25d0680fa3e Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 14 Apr 2025 12:35:48 +0200 Subject: [PATCH] [zineshop] proxyforward with auth --- machines/durruti/host_config.nix | 11 +++++++++++ machines/fanny/configuration.nix | 13 +++++++++++++ machines/fanny/secrets.yaml | 8 +++++--- machines/vpn/configuration.nix | 9 +++++++++ 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/machines/durruti/host_config.nix b/machines/durruti/host_config.nix index 1dbc6569..c037a9da 100644 --- a/machines/durruti/host_config.nix +++ b/machines/durruti/host_config.nix @@ -73,6 +73,17 @@ in }; }; + + services.nginx.virtualHosts."shop.malobeo.org" = { + forceSSL = true; + enableACME= true; + locations."/" = { + proxyPass = "http://10.0.0.10"; + extraConfig = '' + ''; + }; + }; + services.nginx.virtualHosts."status.malobeo.org" = { forceSSL = true; enableACME= true; diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 40faf294..0609d084 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -5,6 +5,7 @@ in { sops.defaultSopsFile = ./secrets.yaml; sops.secrets.wg_private = {}; + sops.secrets.shop_auth = {}; imports = [ # Include the results of the hardware scan. @@ -144,6 +145,18 @@ in ''; }; }; + + virtualHosts."shop.malobeo.org" = { + # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo' + # then content of foo.txt put into sops + basicAuthFile = config.sops.secrets.shop_auth.path; + locations."/" = { + proxyPass = "http://10.0.0.15:8080"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; services.tor = { diff --git a/machines/fanny/secrets.yaml b/machines/fanny/secrets.yaml index 37dfc121..fba35acc 100644 --- a/machines/fanny/secrets.yaml +++ b/machines/fanny/secrets.yaml @@ -1,4 +1,6 @@ wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str] +shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str] +shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-14T12:41:07Z" - mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str] + lastmodified: "2025-04-14T10:34:55Z" + mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str] pgp: - created_at: "2025-02-11T18:32:49Z" enc: |- @@ -65,4 +67,4 @@ sops: -----END PGP MESSAGE----- fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix index 6caeed1d..6eb1d22d 100644 --- a/machines/vpn/configuration.nix +++ b/machines/vpn/configuration.nix @@ -66,6 +66,15 @@ with lib; ''; }; }; + + virtualHosts."shop.malobeo.org" = { + locations."/" = { + proxyPass = "http://10.100.0.101"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; }; system.stateVersion = "22.11"; # Did you read the comment?