[fanny] update proxy for local access and dyndns

2026-02-20 19:37:22 +01:00
parent a92336fb30
commit 93fb64b2c6
1 changed files with 55 additions and 7 deletions
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -7,6 +7,7 @@ in
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};
  sops.secrets.shop_auth = {};
+  sops.secrets.njala_api_key = {};

  imports =
    [ # Include the results of the hardware scan.
@@ -149,6 +150,16 @@ in
    };
  };

+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "malobeo@systemli.org";
+    defaults = {
+      dnsProvider = "njalla";
+      credentialsFile = config.sops.secrets.njala_api_key.path;
+      dnsPropagationCheck = false;
+    };
+  };
+
  services.nginx = {
    enable = true;
    virtualHosts."docs.malobeo.org" = {
@@ -160,9 +171,27 @@ in
      };
    };

-    virtualHosts."cloud.malobeo.org" = {
+    virtualHosts."cloud.hq.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
      locations."/" = {
-        proxyPass = "http://10.0.0.13";
+        proxyPass = "http://192.168.1.13";
+        extraConfig = ''
+          proxy_set_header Host $host;
+          client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
+          client_body_timeout 3600s;
+          send_timeout 3600s;
+          fastcgi_buffers 64 4K;
+        '';
+      };
+    };
+
+    virtualHosts."cloud.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://192.168.1.13";
        extraConfig = ''
          proxy_set_header Host $host;
          client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
@@ -191,12 +220,31 @@ in
      };
    };

-    virtualHosts."zines.malobeo.org" = {
-      # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
-      # then content of foo.txt put into sops
-      # basicAuthFile = config.sops.secrets.shop_auth.path;
+    virtualHosts."zines.hq.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
      locations."/" = {
-        proxyPass = "http://10.0.0.15:8080";
+        proxyPass = "http://192.168.1.15:8080";
+        extraConfig = ''
+          proxy_set_header Host $host;
+
+          client_body_in_file_only clean;
+          client_body_buffer_size 32K;
+          
+          client_max_body_size 50M;
+          
+          sendfile on;
+          send_timeout 300s;
+        '';
+      };
+    };
+
+    virtualHosts."zines.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://192.168.1.15:8080";
        extraConfig = ''
          proxy_set_header Host $host;