ahtlon/infrastructure
1
0
Fork 0
forked from kalipso/infrastructure
Code Pull Requests Activity

[zineshop] proxyforward with auth

Browse Source
This commit is contained in:
kalipso
2025-04-14 12:35:48 +02:00
parent ae31ad99bb
commit 38b2fd0bcc
4 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
machines/durruti/host_config.nix
View File

@@ -73,6 +73,17 @@ in
}; };
}; };
services.nginx.virtualHosts."shop.malobeo.org" = {
forceSSL = true;
enableACME= true;
locations."/" = {
proxyPass = "http://10.0.0.10";
extraConfig = ''
'';
};
};
services.nginx.virtualHosts."status.malobeo.org" = { services.nginx.virtualHosts."status.malobeo.org" = {
forceSSL = true; forceSSL = true;
enableACME= true; enableACME= true;

13
machines/fanny/configuration.nix
View File

@@ -5,6 +5,7 @@ in
{ {
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.wg_private = {}; sops.secrets.wg_private = {};
sops.secrets.shop_auth = {};
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@@ -144,6 +145,18 @@ in
''; '';
}; };
}; };
virtualHosts."shop.malobeo.org" = {
# created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
# then content of foo.txt put into sops
basicAuthFile = config.sops.secrets.shop_auth.path;
locations."/" = {
proxyPass = "http://10.0.0.15:8080";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
}; };
services.tor = { services.tor = {

8
machines/fanny/secrets.yaml
View File

@@ -1,4 +1,6 @@
wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str] wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -23,8 +25,8 @@ sops:
QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww== SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-14T12:41:07Z" lastmodified: "2025-04-14T10:34:55Z"
mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str] mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str]
pgp: pgp:
- created_at: "2025-02-11T18:32:49Z" - created_at: "2025-02-11T18:32:49Z"
enc: |- enc: |-
@@ -65,4 +67,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4 fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.4

9
machines/vpn/configuration.nix
View File

@@ -66,6 +66,15 @@ with lib;
''; '';
}; };
}; };
virtualHosts."shop.malobeo.org" = {
locations."/" = {
proxyPass = "http://10.100.0.101";
extraConfig = ''
proxy_set_header Host $host;
'';
};
};
}; };
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?