diff options
Diffstat (limited to 'services')
| -rw-r--r-- | services/akkoma/default.nix | 14 | ||||
| -rw-r--r-- | services/cgit.nix | 17 | ||||
| -rw-r--r-- | services/irc/gamja.nix | 2 | ||||
| -rw-r--r-- | services/miniflux.nix | 2 | ||||
| -rw-r--r-- | services/monitoring/default.nix | 2 | ||||
| -rw-r--r-- | services/pds.nix | 35 | ||||
| -rw-r--r-- | services/shiori.nix | 4 |
7 files changed, 67 insertions, 9 deletions
diff --git a/services/akkoma/default.nix b/services/akkoma/default.nix index 939e9be..101d805 100644 --- a/services/akkoma/default.nix +++ b/services/akkoma/default.nix @@ -108,4 +108,18 @@ in entrypoint = "/bin/fedifetcher-entry.sh"; }; }; + + services.nginx.virtualHosts."soc.rnrd.eu" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:${toString akkomaLocalPort}"; + }; + + extraConfig = '' + access_log /var/log/nginx/akkoma.access.log json_combined; + ''; + }; } diff --git a/services/cgit.nix b/services/cgit.nix index f8c2930..116a3de 100644 --- a/services/cgit.nix +++ b/services/cgit.nix @@ -51,4 +51,21 @@ in "-f" "/etc/lighttpd/cgit.conf" ]; }; + + services.nginx.virtualHosts."git.rnrd.eu" = { + enableACME = true; + forceSSL = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:3792"; + }; + + "/static/" = { + alias = "/srv/cgit/static/"; + }; + }; + extraConfig = '' + access_log /var/log/nginx/git.access.log json_combined; + ''; + }; } diff --git a/services/irc/gamja.nix b/services/irc/gamja.nix index 779b5b2..1c7c7f7 100644 --- a/services/irc/gamja.nix +++ b/services/irc/gamja.nix @@ -28,7 +28,7 @@ let in { # gamja is tailnet interal - services.nginx.virtualHosts.renard.locations = { + services.nginx.virtualHosts.tailnet.locations = { "/gamja" = { return = "301 $scheme://$host$request_uri/"; }; diff --git a/services/miniflux.nix b/services/miniflux.nix index 9b4f972..c2f864b 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -51,7 +51,7 @@ in }; }; - services.nginx.virtualHosts.renard.locations = { + services.nginx.virtualHosts.tailnet.locations = { "/miniflux" = { return = "301 $scheme://$host$request_uri/"; }; diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix index ecbb9c4..09bda40 100644 --- a/services/monitoring/default.nix +++ b/services/monitoring/default.nix @@ -75,7 +75,7 @@ in }; }; - services.nginx.virtualHosts.renard.locations = { + services.nginx.virtualHosts.tailnet.locations = { "/grafana" = { return = "301 $scheme://$host$request_uri/"; }; diff --git a/services/pds.nix b/services/pds.nix index 671dc6a..5f1c8e0 100644 --- a/services/pds.nix +++ b/services/pds.nix @@ -3,9 +3,10 @@ let inherit (pkgs) dockerTools glibc; inherit (auxiliaryPkgs) common; - inherit (auxiliaryPkgs.bluesky) pds pdsadmin; + inherit (config.age) secrets; + pdsLocalPort = 16419; pdsDir = "/srv/pds"; @@ -25,8 +26,9 @@ let in { - age.secrets.pds-secrets = { - file = ../secrets/pds-secrets.age; + age.secrets = { + pds-secrets.file = ../secrets/pds-secrets.age; + cloudflare-dns.file = ../secrets/cloudflare-dns.age; }; foundation.services.pds = { @@ -55,9 +57,34 @@ in LOG_ENABLED = "true"; }; - environmentFiles = [ config.age.secrets.pds-secrets.path ]; + environmentFiles = [ secrets.pds-secrets.path ]; workdir = "/pds"; entrypoint = "${pds}/bin/pds"; }; + + security.acme.certs."pds.rnrd.eu" = { + group = "nginx"; + domain = "*.pds.rnrd.eu"; + extraDomainNames = [ "pds.rnrd.eu" ]; + dnsProvider = "cloudflare"; + credentialFiles = { + CLOUDFLARE_DNS_API_TOKEN_FILE = secrets.cloudflare-dns.path; + }; + }; + + services.nginx.virtualHosts."pds.rnrd.eu" = { + serverAliases = [ "*.pds.rnrd.eu" ]; + forceSSL = true; + useACMEHost = "pds.rnrd.eu"; + + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:16419"; + }; + + extraConfig = '' + access_log /var/log/nginx/pds.access.log json_combined; + ''; + }; } diff --git a/services/shiori.nix b/services/shiori.nix index d57ebdc..cddefca 100644 --- a/services/shiori.nix +++ b/services/shiori.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, auxiliaryPkgs, ... }: +{ pkgs, auxiliaryPkgs, ... }: let inherit (pkgs) dockerTools; @@ -47,7 +47,7 @@ in cmd = [ "server" ]; }; - services.nginx.virtualHosts.renard.locations = { + services.nginx.virtualHosts.tailnet.locations = { "/shiori" = { return = "301 $scheme://$host$request_uri/"; }; |