daniel/dotfiles
1
0
Fork 0
Code Activity Actions

sail: Expose certain services only via SSL

Browse source
This commit is contained in:
Daniel Kempkens 2023-03-12 21:03:36 +01:00
parent 5114ab5d10
commit 5232858822
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 46 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
container/proxitok/default.nix
View file

@ -37,11 +37,10 @@
"d /etc/container-proxitok/cache 0755 33 33" "d /etc/container-proxitok/cache 0755 33 33"
]; ];
services.nginx = { services.nginx.virtualHosts."tictac.daniel.sx" = {
virtualHosts."tictac.daniel.sx" = {
http3 = true; http3 = true;
forceSSL = true; onlySSL = true;
useACMEHost = "daniel.sx"; useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.proxitok-auth.path; basicAuthFile = config.age.secrets.proxitok-auth.path;
@ -50,5 +49,4 @@
proxyPass = "http://127.0.0.1:8005"; proxyPass = "http://127.0.0.1:8005";
}; };
}; };
};
} }

6
system/nixos/anonymous-overflow.nix
View file

@ -38,12 +38,11 @@ in
}; };
}; };
services.nginx = { services.nginx.virtualHosts."overflow.daniel.sx" = {
virtualHosts."overflow.daniel.sx" = {
http3 = true; http3 = true;
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/"; root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
forceSSL = true; onlySSL = true;
useACMEHost = "daniel.sx"; useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path; basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
@ -60,5 +59,4 @@ in
proxyPass = "http://127.0.0.1:8003"; proxyPass = "http://127.0.0.1:8003";
}; };
}; };
};
} }

2
system/nixos/libreddit.nix
View file

@ -11,7 +11,7 @@
services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
http3 = true; http3 = true;
forceSSL = true; onlySSL = true;
useACMEHost = "daniel.sx"; useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.libreddit-auth.path; basicAuthFile = config.age.secrets.libreddit-auth.path;

6
system/nixos/nitter.nix
View file

@ -51,12 +51,11 @@ in
}; };
}; };
services.nginx = { services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
virtualHosts."${secret.nginx.hostnames.nitter}" = {
http3 = true; http3 = true;
root = "${nitter-pkg}/share/nitter/public/"; root = "${nitter-pkg}/share/nitter/public/";
forceSSL = true; onlySSL = true;
useACMEHost = "daniel.sx"; useACMEHost = "daniel.sx";
locations."/" = { locations."/" = {
@ -72,5 +71,4 @@ in
proxyPass = "http://127.0.0.1:8001"; proxyPass = "http://127.0.0.1:8001";
}; };
}; };
};
} }

6
system/nixos/rimgo.nix
View file

@ -40,11 +40,10 @@ in
}; };
}; };
services.nginx = { services.nginx.virtualHosts."ringo.daniel.sx" = {
virtualHosts."ringo.daniel.sx" = {
http3 = true; http3 = true;
forceSSL = true; onlySSL = true;
useACMEHost = "daniel.sx"; useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.rimgo-auth.path; basicAuthFile = config.age.secrets.rimgo-auth.path;
@ -53,5 +52,4 @@ in
proxyPass = "http://127.0.0.1:8006"; proxyPass = "http://127.0.0.1:8006";
}; };
}; };
};
} }