From df7e96e62824101e99fd995141010d43a5499b99 Mon Sep 17 00:00:00 2001 From: Cameron Reed Date: Tue, 6 Aug 2024 08:17:57 -0600 Subject: [PATCH] nixserver: Add nginx reverse proxy for --- flake.lock | 18 ++++++------- hosts/nixserver/configuration.nix | 45 +++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 10f77d5..6e0694c 100644 --- a/flake.lock +++ b/flake.lock @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1715930644, - "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", + "lastModified": 1722936497, + "narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=", "owner": "nix-community", "repo": "home-manager", - "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", + "rev": "a6c743980e23f4cef6c2a377f9ffab506568413a", "type": "github" }, "original": { @@ -60,11 +60,11 @@ "lf-icons": { "flake": false, "locked": { - "lastModified": 1715142021, - "narHash": "sha256-J58ZRN0nPqzzzkAENOQ6wbOdmGgk0ocp9JcTT0s7aa4=", + "lastModified": 1722900728, + "narHash": "sha256-jJhq6SkoJa0iciDJrTq7KVMbNyFE5XaDokXghun34qo=", "owner": "gokcehan", "repo": "lf", - "rev": "12e99fdb641565e3122ab62dce0b77e836aa69a4", + "rev": "b258d8fbf060e3db5f82825cf7c4186dfb10157f", "type": "github" }, "original": { @@ -124,11 +124,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1715961556, - "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", + "lastModified": 1722813957, + "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", + "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", "type": "github" }, "original": { diff --git a/hosts/nixserver/configuration.nix b/hosts/nixserver/configuration.nix index e984321..266e9c3 100755 --- a/hosts/nixserver/configuration.nix +++ b/hosts/nixserver/configuration.nix @@ -102,6 +102,51 @@ openFirewall = true; }; + security.acme.acceptTerms = true; + security.acme.certs."owl.cam123.dev" = { + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + email = "cameron@cam123.dev"; + environmentFile = "/var/acme/secrets/.env"; + extraDomainNames = [ "jelly.cam123.dev" ]; + }; + + + services.nginx = { + enable = true; + virtualHosts = { + "jelly.cam123.dev" = { + forceSSL = true; + useACMEHost = "owl.cam123.dev"; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + recommendedProxySettings = true; + }; + }; + + "owl.cam123.dev" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + recommendedProxySettings = true; + }; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; + + containers.kitchenowl = { + image = "tombursch/kitchenowl:latest"; + environmentFiles = [ /home/cameron/kitchenowl/.env ]; + volumes = [ "/home/cameron/kitchenowl/data:/data" ]; + ports = [ "8080:8080" ]; + }; + }; + # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];