nixserver: Add nginx reverse proxy for

2024-08-06 08:17:57 -06:00 · 2024-08-06 08:17:57 -06:00 · df7e96e628
commit df7e96e628
parent 7705d42a05
2 changed files with 54 additions and 9 deletions
--- a/flake.lock
+++ b/flake.lock
@ -44,11 +44,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1715930644,
-        "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
+        "lastModified": 1722936497,
+        "narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
+        "rev": "a6c743980e23f4cef6c2a377f9ffab506568413a",
        "type": "github"
      },
      "original": {
@ -60,11 +60,11 @@
    "lf-icons": {
      "flake": false,
      "locked": {
-        "lastModified": 1715142021,
-        "narHash": "sha256-J58ZRN0nPqzzzkAENOQ6wbOdmGgk0ocp9JcTT0s7aa4=",
+        "lastModified": 1722900728,
+        "narHash": "sha256-jJhq6SkoJa0iciDJrTq7KVMbNyFE5XaDokXghun34qo=",
        "owner": "gokcehan",
        "repo": "lf",
-        "rev": "12e99fdb641565e3122ab62dce0b77e836aa69a4",
+        "rev": "b258d8fbf060e3db5f82825cf7c4186dfb10157f",
        "type": "github"
      },
      "original": {
@ -124,11 +124,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1715961556,
-        "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
+        "lastModified": 1722813957,
+        "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
+        "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
        "type": "github"
      },
      "original": {
--- a/hosts/nixserver/configuration.nix
+++ b/hosts/nixserver/configuration.nix
@ -102,6 +102,51 @@
    openFirewall = true;
  };

+  security.acme.acceptTerms = true;
+  security.acme.certs."owl.cam123.dev" = {
+    dnsResolver = "1.1.1.1:53";
+    dnsProvider = "cloudflare";
+    email = "cameron@cam123.dev";
+    environmentFile = "/var/acme/secrets/.env";
+    extraDomainNames = [ "jelly.cam123.dev" ];
+  };
+  
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "jelly.cam123.dev" = {
+        forceSSL = true;
+        useACMEHost = "owl.cam123.dev";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8096";
+          recommendedProxySettings = true;
+        };
+      };
+
+      "owl.cam123.dev" = {
+        forceSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+          recommendedProxySettings = true;
+        };
+      };
+    };
+  };
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+
+    containers.kitchenowl = {
+      image = "tombursch/kitchenowl:latest";
+      environmentFiles = [ /home/cameron/kitchenowl/.env ];
+      volumes = [ "/home/cameron/kitchenowl/data:/data" ];
+      ports = [ "8080:8080" ];
+    };
+  };
+
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];