nixserver: Add nginx reverse proxy for

flake.lock

@@ -44,11 +44,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1715930644,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "lastModified": 1722936497,
+        "narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "a6c743980e23f4cef6c2a377f9ffab506568413a",
         "type": "github"
       },
       "original": {
@@ -60,11 +60,11 @@
     "lf-icons": {
       "flake": false,
       "locked": {
-        "lastModified": 1715142021,
-        "narHash": "sha256-J58ZRN0nPqzzzkAENOQ6wbOdmGgk0ocp9JcTT0s7aa4=",
+        "lastModified": 1722900728,
+        "narHash": "sha256-jJhq6SkoJa0iciDJrTq7KVMbNyFE5XaDokXghun34qo=",
         "owner": "gokcehan",
         "repo": "lf",
-        "rev": "12e99fdb641565e3122ab62dce0b77e836aa69a4",
+        "rev": "b258d8fbf060e3db5f82825cf7c4186dfb10157f",
         "type": "github"
       },
       "original": {
@@ -124,11 +124,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1715961556,
-        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
+        "lastModified": 1722813957,
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
         "type": "github"
       },
       "original": {

hosts/nixserver/configuration.nix

@@ -102,6 +102,51 @@
     openFirewall = true;
   };
 
+  security.acme.acceptTerms = true;
+  security.acme.certs."owl.cam123.dev" = {
+    dnsResolver = "1.1.1.1:53";
+    dnsProvider = "cloudflare";
+    email = "cameron@cam123.dev";
+    environmentFile = "/var/acme/secrets/.env";
+    extraDomainNames = [ "jelly.cam123.dev" ];
+  };
+  
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "jelly.cam123.dev" = {
+        forceSSL = true;
+        useACMEHost = "owl.cam123.dev";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8096";
+          recommendedProxySettings = true;
+        };
+      };
+
+      "owl.cam123.dev" = {
+        forceSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+
+    containers.kitchenowl = {
+      image = "tombursch/kitchenowl:latest";
+      environmentFiles = [ /home/cameron/kitchenowl/.env ];
+      volumes = [ "/home/cameron/kitchenowl/data:/data" ];
+      ports = [ "8080:8080" ];
+    };
+  };
+
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];