1
0
Fork 0

sail: Move more hosts away from CF

This commit is contained in:
Daniel Kempkens 2023-03-06 09:55:28 +01:00
parent 2ba78483db
commit 779371ac42
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
7 changed files with 25 additions and 65 deletions

View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, secret, ... }:
{
virtualisation.arion.projects.proxitok.settings = {
@ -38,24 +38,12 @@
];
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
virtualHosts."proxitok.only.internal" = {
listen = [
{
addr = "127.0.0.1";
port = 80;
}
];
forceSSL = false;
enableACME = false;
virtualHosts."tictac.daniel.sx" = {
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.proxitok-auth.path;
locations."/" = {
basicAuthFile = config.age.secrets.proxitok-auth.path;
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8005";
};

Binary file not shown.

View file

@ -29,7 +29,7 @@ in
(import ../nixos/mastodon.nix (args // { inherit secret; }))
../nixos/nitter.nix
(import ../nixos/nitter.nix (args // { inherit secret; }))
(import ../nixos/ntfy-sh.nix (args // { inherit secret; }))

View file

@ -39,23 +39,10 @@ in
};
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
virtualHosts."anonymous-overflow.only.internal" = {
listen = [
{
addr = "127.0.0.1";
port = 80;
}
];
virtualHosts."overflow.daniel.sx" = {
root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
forceSSL = false;
enableACME = false;
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.anonymous-overflow-auth.path;
locations."/" = {

View file

@ -6,4 +6,13 @@
recommendedBrotliSettings = true;
recommendedTlsSettings = true;
};
networking.firewall.interfaces =
let
nginxTCPPorts = [ 80 443 ];
in
{
"enp1s0".allowedTCPPorts = nginxTCPPorts;
"tailscale0".allowedTCPPorts = nginxTCPPorts;
};
}

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }:
{ pkgs, config, secret, ... }:
let
nitter-pkg = pkgs.nitter-unstable;
@ -52,22 +52,10 @@ in
};
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
virtualHosts."nitter.only.internal" = {
listen = [
{
addr = "127.0.0.1";
port = 80;
}
];
virtualHosts."${secret.nginx.hostnames.nitter}" = {
root = "${nitter-pkg}/share/nitter/public/";
forceSSL = false;
enableACME = false;
forceSSL = true;
useACMEHost = "daniel.sx";
locations."/" = {
tryFiles = "$uri @proxy";

View file

@ -41,21 +41,9 @@ in
};
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedBrotliSettings = true;
virtualHosts."rimgo.only.internal" = {
listen = [
{
addr = "127.0.0.1";
port = 80;
}
];
forceSSL = false;
enableACME = false;
virtualHosts."ringo.daniel.sx" = {
forceSSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.rimgo-auth.path;
locations."/" = {