From 93fb64b2c6696b6bee03c7e7564c3a397d8bbce5 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Fri, 20 Feb 2026 19:37:22 +0100
Subject: [PATCH] [fanny] update proxy for local access and dyndns

---
 machines/fanny/configuration.nix | 62 ++++++++++++++++++++++++++++----
 1 file changed, 55 insertions(+), 7 deletions(-)

diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 3051782..bfbd70d 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -7,6 +7,7 @@ in
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets.wg_private = {};
   sops.secrets.shop_auth = {};
+  sops.secrets.njala_api_key = {};
 
   imports =
     [ # Include the results of the hardware scan.
@@ -149,6 +150,16 @@ in
     };
   };
 
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "malobeo@systemli.org";
+    defaults = {
+      dnsProvider = "njalla";
+      credentialsFile = config.sops.secrets.njala_api_key.path;
+      dnsPropagationCheck = false;
+    };
+  };
+
   services.nginx = {
     enable = true;
     virtualHosts."docs.malobeo.org" = {
@@ -160,9 +171,27 @@ in
       };
     };
 
-    virtualHosts."cloud.malobeo.org" = {
+    virtualHosts."cloud.hq.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
       locations."/" = {
-        proxyPass = "http://10.0.0.13";
+        proxyPass = "http://192.168.1.13";
+        extraConfig = ''
+          proxy_set_header Host $host;
+          client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
+          client_body_timeout 3600s;
+          send_timeout 3600s;
+          fastcgi_buffers 64 4K;
+        '';
+      };
+    };
+
+    virtualHosts."cloud.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://192.168.1.13";
         extraConfig = ''
           proxy_set_header Host $host;
           client_max_body_size ${inputs.self.nixosConfigurations.nextcloud.config.services.nextcloud.maxUploadSize};
@@ -191,12 +220,31 @@ in
       };
     };
 
-    virtualHosts."zines.malobeo.org" = {
-      # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
-      # then content of foo.txt put into sops
-      # basicAuthFile = config.sops.secrets.shop_auth.path;
+    virtualHosts."zines.hq.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
       locations."/" = {
-        proxyPass = "http://10.0.0.15:8080";
+        proxyPass = "http://192.168.1.15:8080";
+        extraConfig = ''
+          proxy_set_header Host $host;
+
+          client_body_in_file_only clean;
+          client_body_buffer_size 32K;
+          
+          client_max_body_size 50M;
+          
+          sendfile on;
+          send_timeout 300s;
+        '';
+      };
+    };
+
+    virtualHosts."zines.malobeo.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://192.168.1.15:8080";
         extraConfig = ''
           proxy_set_header Host $host;