sail: Move more hosts away from CF
This commit is contained in:
parent
2ba78483db
commit
779371ac42
7 changed files with 25 additions and 65 deletions
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, secret, ... }:
|
||||
|
||||
{
|
||||
virtualisation.arion.projects.proxitok.settings = {
|
||||
|
@ -38,24 +38,12 @@
|
|||
];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
|
||||
virtualHosts."proxitok.only.internal" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "127.0.0.1";
|
||||
port = 80;
|
||||
}
|
||||
];
|
||||
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
virtualHosts."tictac.daniel.sx" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
basicAuthFile = config.age.secrets.proxitok-auth.path;
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8005";
|
||||
};
|
||||
|
|
Binary file not shown.
|
@ -29,7 +29,7 @@ in
|
|||
|
||||
(import ../nixos/mastodon.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/nitter.nix
|
||||
(import ../nixos/nitter.nix (args // { inherit secret; }))
|
||||
|
||||
(import ../nixos/ntfy-sh.nix (args // { inherit secret; }))
|
||||
|
||||
|
|
|
@ -39,23 +39,10 @@ in
|
|||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
|
||||
virtualHosts."anonymous-overflow.only.internal" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "127.0.0.1";
|
||||
port = 80;
|
||||
}
|
||||
];
|
||||
|
||||
virtualHosts."overflow.daniel.sx" = {
|
||||
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
|
|
|
@ -6,4 +6,13 @@
|
|||
recommendedBrotliSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
};
|
||||
|
||||
networking.firewall.interfaces =
|
||||
let
|
||||
nginxTCPPorts = [ 80 443 ];
|
||||
in
|
||||
{
|
||||
"enp1s0".allowedTCPPorts = nginxTCPPorts;
|
||||
"tailscale0".allowedTCPPorts = nginxTCPPorts;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, config, secret, ... }:
|
||||
|
||||
let
|
||||
nitter-pkg = pkgs.nitter-unstable;
|
||||
|
@ -52,22 +52,10 @@ in
|
|||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
|
||||
virtualHosts."nitter.only.internal" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "127.0.0.1";
|
||||
port = 80;
|
||||
}
|
||||
];
|
||||
|
||||
virtualHosts."${secret.nginx.hostnames.nitter}" = {
|
||||
root = "${nitter-pkg}/share/nitter/public/";
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
|
||||
locations."/" = {
|
||||
tryFiles = "$uri @proxy";
|
||||
|
|
|
@ -41,21 +41,9 @@ in
|
|||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedBrotliSettings = true;
|
||||
|
||||
virtualHosts."rimgo.only.internal" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "127.0.0.1";
|
||||
port = 80;
|
||||
}
|
||||
];
|
||||
|
||||
forceSSL = false;
|
||||
enableACME = false;
|
||||
virtualHosts."ringo.daniel.sx" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "daniel.sx";
|
||||
basicAuthFile = config.age.secrets.rimgo-auth.path;
|
||||
|
||||
locations."/" = {
|
||||
|
|
Loading…
Reference in a new issue