ahtlon/infrastructure
1
0
Fork 0
forked from malobeo/infrastructure
Code Pull Requests 5 Actions Activity

[fanny] update proxy for local access and dyndns

Browse Source
This commit is contained in:
kalipso
2026-02-20 19:37:22 +01:00
parent a92336fb30
commit 93fb64b2c6
1 changed files with 55 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
machines/fanny/configuration.nix
View File

@@ -7,6 +7,7 @@ in
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.wg_private = {}; sops.secrets.wg_private = {};
sops.secrets.shop_auth = {}; sops.secrets.shop_auth = {};
sops.secrets.njala_api_key = {};
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@@ -149,6 +150,16 @@ in
}; };
}; };
security.acme = {
acceptTerms = true;
defaults.email = "malobeo@systemli.org";
defaults = {
dnsProvider = "njalla";
credentialsFile = config.sops.secrets.njala_api_key.path;
dnsPropagationCheck = false;
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."docs.malobeo.org" = { virtualHosts."docs.malobeo.org" = {
@@ -160,9 +171,27 @@ in
}; };
}; };
virtualHosts."cloud.malobeo.org" = { virtualHosts."cloud.hq.malobeo.org" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = { locations."/" = {
proxyPass = "http://10.0.0.13"; proxyPass = "http://192.168.1.13";
extraConfig = ''
proxy_set_header Host $host;
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
client_body_timeout 3600s;
send_timeout 3600s;
fastcgi_buffers 64 4K;
'';
};
};
virtualHosts."cloud.malobeo.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.1.13";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize}; client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
@@ -191,12 +220,31 @@ in
}; };
}; };
virtualHosts."zines.malobeo.org" = { virtualHosts."zines.hq.malobeo.org" = {
# created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo' forceSSL = true;
# then content of foo.txt put into sops enableACME = true;
# basicAuthFile = config.sops.secrets.shop_auth.path; acmeRoot = null;
locations."/" = { locations."/" = {
proxyPass = "http://10.0.0.15:8080"; proxyPass = "http://192.168.1.15:8080";
extraConfig = ''
proxy_set_header Host $host;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 50M;
sendfile on;
send_timeout 300s;
'';
};
};
virtualHosts."zines.malobeo.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.1.15:8080";
extraConfig = '' extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;