From c78eb9cbc123e1392ffef5f4e88dffc6a9a0577d Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Thu, 16 Jan 2025 14:24:19 +0100
Subject: [PATCH] [fanny][vpn] open port 80, enable nginx

---
 machines/fanny/configuration.nix | 13 +++++++++++--
 machines/vpn/configuration.nix   |  8 ++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 211a8a29..8e330402 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -56,8 +56,17 @@ in
   services.malobeo.microvm.deployHosts = [ "infradocs" ];
 
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
-    locations."/".proxyPass = "http://10.0.0.11:9000";
+  networking = {
+    firewall = {
+      allowedTCPPorts = [ 80 ];
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/".proxyPass = "http://10.0.0.11:9000";
+    };
   };
 
   services.tor = {
diff --git a/machines/vpn/configuration.nix b/machines/vpn/configuration.nix
index d10f80ff..ec18fa51 100644
--- a/machines/vpn/configuration.nix
+++ b/machines/vpn/configuration.nix
@@ -12,6 +12,7 @@ with lib;
     nameservers = [ "1.1.1.1" ];
     firewall = {
       allowedUDPPorts = [ 51821 ];
+      allowedTCPPorts = [ 80 ];
     };
   };
 
@@ -27,8 +28,11 @@ with lib;
     privateKeyFile = config.sops.secrets.wg_private.path;
   };
 
-  services.nginx.virtualHosts."docs.malobeo.org" = {
-    locations."/".proxyPass = "http://10.100.0.101";
+  services.nginx = {
+    enable = true;
+    virtualHosts."docs.malobeo.org" = {
+      locations."/".proxyPass = "http://10.100.0.101";
+    };
   };
 
   system.stateVersion = "22.11"; # Did you read the comment?