[zineshop] proxyforward with auth

2025-04-14 12:35:48 +02:00
parent ae31ad99bb
commit 38b2fd0bcc
4 changed files with 38 additions and 3 deletions
--- a/machines/durruti/host_config.nix
+++ b/machines/durruti/host_config.nix
@@ -73,6 +73,17 @@ in
      };
    };

+
+    services.nginx.virtualHosts."shop.malobeo.org" = {
+      forceSSL = true;
+      enableACME= true;
+      locations."/" = {
+        proxyPass = "http://10.0.0.10";
+        extraConfig = ''
+        '';
+      };
+    };
+
    services.nginx.virtualHosts."status.malobeo.org" = {
      forceSSL = true;
      enableACME= true;
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -5,6 +5,7 @@ in
 {
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};
+  sops.secrets.shop_auth = {};

  imports =
    [ # Include the results of the hardware scan.
@@ -144,6 +145,18 @@ in
        '';
      };
    };
+
+    virtualHosts."shop.malobeo.org" = {
+      # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
+      # then content of foo.txt put into sops
+      basicAuthFile = config.sops.secrets.shop_auth.path;
+      locations."/" = {
+        proxyPass = "http://10.0.0.15:8080";
+        extraConfig = ''
+          proxy_set_header Host $host;
+        '';
+      };
+    };
  };

  services.tor = {
--- a/machines/fanny/secrets.yaml
+++ b/machines/fanny/secrets.yaml
@@ -1,4 +1,6 @@
 wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
+shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
+shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -23,8 +25,8 @@ sops:
            QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
            SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-14T12:41:07Z"
-    mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str]
+    lastmodified: "2025-04-14T10:34:55Z"
+    mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str]
    pgp:
        - created_at: "2025-02-11T18:32:49Z"
          enc: |-
@@ -65,4 +67,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.9.4
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -66,6 +66,15 @@ with lib;
        '';
      };
    };
+
+    virtualHosts."shop.malobeo.org" = {
+      locations."/" = {
+        proxyPass = "http://10.100.0.101";
+        extraConfig = ''
+          proxy_set_header Host $host;
+        '';
+      };
+    };
  };

  system.stateVersion = "22.11"; # Did you read the comment?