From 3454e7c8627bbf3227e77242238001433ecdd121 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Mon, 13 Feb 2023 20:15:10 +0100 Subject: [PATCH] libreddit: Proxy through nginx --- agenix/hosts/sail/config.nix | 6 ++++++ agenix/hosts/sail/libreddit/auth.age | 10 ++++++++++ secrets.nix | 2 ++ system/nixos/libreddit.nix | 23 +++++++++++++++++++++++ 4 files changed, 41 insertions(+) create mode 100644 agenix/hosts/sail/libreddit/auth.age diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index 43c9cf4..e3b1b0f 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -75,5 +75,11 @@ owner = "nginx"; group = "nginx"; }; + + libreddit-auth = { + file = ./libreddit/auth.age; + owner = "nginx"; + group = "nginx"; + }; }; } diff --git a/agenix/hosts/sail/libreddit/auth.age b/agenix/hosts/sail/libreddit/auth.age new file mode 100644 index 0000000..769371b --- /dev/null +++ b/agenix/hosts/sail/libreddit/auth.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g Kca/kAw3NelnfYaqjIdzKbqskpjGTc8T9+FfVt2u2iA +H2dK0+x9ikbXk6XclKwN7kqnM5hxmfrRbYY2XSvuc8w +-> ssh-ed25519 NbV4hw 1xdog4s7LvcvOg6C05OHVllNEzo9YDsX4/dMbweNmAY +wplB3IDQ4jaVDq35Z2P1590gMvfBafYfqUb/ch6kMAs +-> '=Q)e-grease Z yIg/F d9Xa +RMB7vsSuW/KwwwXdZxN5ew +--- l27qgWdPv4DuKVODegyMjXfBXjaJxee8+bmLTezYjxE +O{>-t=w™Uu%}s wf1+!C K M +t"}5qD \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 923c78c..d934a4b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -24,4 +24,6 @@ in "agenix/hosts/sail/nitter/config.age".publicKeys = sail; "agenix/hosts/sail/nitter/auth.age".publicKeys = sail; + + "agenix/hosts/sail/libreddit/auth.age".publicKeys = sail; } diff --git a/system/nixos/libreddit.nix b/system/nixos/libreddit.nix index 9ab9d01..790b7f6 100644 --- a/system/nixos/libreddit.nix +++ b/system/nixos/libreddit.nix @@ -1,3 +1,5 @@ +{ config, ... }: + { services.libreddit = { enable = true; @@ -5,4 +7,25 @@ address = "127.0.0.1"; port = 8002; }; + + services.nginx = { + enable = true; + virtualHosts."libreddit.only.internal" = { + listen = [ + { + addr = "127.0.0.1"; + port = 80; + } + ]; + + forceSSL = false; + enableACME = false; + basicAuthFile = config.age.secrets.libreddit-auth.path; + + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://127.0.0.1:8002"; + }; + }; + }; }