j00lz
/
nixos-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Nginx updates

main
Julius 2021-12-19 10:15:51 +01:00
parent 953ffb8d86
commit 5d98661202
Signed by: j00lz
GPG Key ID: AF241B0AA237BBA2
4 changed files with 33 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@ -1,2 +1,3 @@
secrets.nix filter=git-crypt diff=git-crypt
secrets.yml filter=git-crypt diff=git-crypt
secrets.yml filter=git-crypt diff=git-crypt
secrets.txt filter=git-crypt diff=git-crypt

15
flake.nix
View File

@ -40,10 +40,12 @@
# we only want nix hosts for this part, not all of the defined ones...
nixHosts = (builtins.filter ({ nix ? true, ... }: nix) hosts');
# We can't do partial application with //, so this solves it i guess...
merge = a: b: a // b;
# Convert a host from hosts.nix to something nixosConfigurations understands
hostToConfig = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
a:
a // {
merge {
${nixname} = mkConfig {
name = nixname;
lxc = lxc;
@ -52,14 +54,11 @@
# Same as above, but for the nodes part of deploy.
hostToDeploy = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
a:
a // {
${nixname} = mkDeploy nixname;
};
merge { ${nixname} = mkDeploy nixname; };
# And actually make the two sets.
configs = nixpkgs.lib.fold hostToConfig { } nixHosts;
nodes = nixpkgs.lib.fold hostToDeploy { } nixHosts;
configs = nixpkgs.lib.foldr hostToConfig { } nixHosts;
nodes = nixpkgs.lib.foldr hostToDeploy { } nixHosts;
in {
nixosConfigurations = configs;

5
hosts/gitea/configuration.nix
View File

@ -18,7 +18,9 @@ in {
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
environment.systemPackages = with pkgs; [ ];
environment.systemPackages = with pkgs; [
gnupg
];
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [ 3000 ];
@ -28,7 +30,6 @@ in {
environment.etc.giteaPass = {
enable = true;
text = "x";
user = "gitea2";
};
services.gitea = {

22
hosts/nginx/configuration.nix
View File

@ -3,12 +3,25 @@ let
proxy = url: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = url;
proxyWebsockets = true;
};
};
k8s_proxy = proxy "http://10.42.20.5:80/";
big_proxy = url: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = url;
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
in {
imports = [
# Import common config
@ -42,6 +55,13 @@ in {
virtualHosts."git.voidcorp.nl" = proxy "http://gitea.voidlocal:3000/";
virtualHosts."www.galerievanslagmaat.nl" = {
forceSSL = true;
enableACME = true;
http2 = true;
globalRedirect = "galerievanslagmaat.nl";
};
virtualHosts."galerievanslagmaat.nl" = k8s_proxy;
virtualHosts."staging.galerievanslagmaat.nl" = k8s_proxy;
virtualHosts."groenehartansichtkaarten.nl" = k8s_proxy;
@ -49,7 +69,7 @@ in {
virtualHosts."vaultwarden.voidcorp.nl" = proxy "http://10.42.20.4:8000/";
virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/";
virtualHosts."s3.voidcorp.nl" = big_proxy "http://10.42.20.6:9000/";
virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/";
virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/";
virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";