From e97d0c52da0d2e6bdfd4d66d25511ae834543dea Mon Sep 17 00:00:00 2001 From: FredzyW Date: Tue, 16 Apr 2024 09:11:48 +0200 Subject: [PATCH] Nginx added --- moduler/common/nginx.nix | 104 +++++++++++++++++++++++++++------------ 1 file changed, 73 insertions(+), 31 deletions(-) diff --git a/moduler/common/nginx.nix b/moduler/common/nginx.nix index 10009b8..78c02b0 100644 --- a/moduler/common/nginx.nix +++ b/moduler/common/nginx.nix @@ -1,17 +1,8 @@ - { pkgs, lib, ... }: { networking.firewall = { allowedTCPPorts = [ 80 443 ]; }; -virtualisation.oci-containers = { - containers = { - "gitea" = { - image = "gitea/gitea:1.15.6-rootless"; - ports = [ "3030:3000" ]; - }; - }; - }; services.nginx = { enable = true; @@ -21,29 +12,80 @@ virtualisation.oci-containers = { recommendedProxySettings = true; recommendedTlsSettings = true; - # Only allow PFS-enabled ciphers with AES256 - # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - # Add any further config to match your needs, e.g.: - virtualHosts = let - base = locations: { - inherit locations; - - addSSL = true; - sslCertificateKey = "/home/fw/nix-config/.lego/certificates/wastring.com.key"; - sslCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.crt"; - # sslTrustedCertificate = "/home/fw/nix-config/.lego/certificates/wastring.com.issuer.crt"; + virtualHosts = { + "git.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:3009"; + proxyWebsockets = true; + }; }; - proxy = port: base { - "/" = { - proxyPass = "http://172.17.0.1:" + toString(port) + "/"; - proxyWebsockets = true; - }; + "cal.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:5232"; + proxyWebsockets = true; + }; }; - in { - # Define example.com as reverse-proxied service on 127.0.0.1:3000 - "git.wastring.com" = proxy 3030 // { default = true; }; - }; + "warden.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8083"; + proxyWebsockets = true; + }; + }; + "home.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8085"; + proxyWebsockets = true; + }; + }; + "search.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8060"; + proxyWebsockets = true; + }; + }; + "docs.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8003"; + proxyWebsockets = true; + }; + }; + "bilder.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:2283"; + proxyWebsockets = true; + }; + }; + "wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8085"; + proxyWebsockets = true; + }; + }; + }; }; - } +