Nginx updates

This commit is contained in:
Julius 2021-12-19 10:15:51 +01:00
parent 953ffb8d86
commit 5d98661202
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
4 changed files with 33 additions and 12 deletions

1
.gitattributes vendored
View file

@ -1,2 +1,3 @@
secrets.nix filter=git-crypt diff=git-crypt secrets.nix filter=git-crypt diff=git-crypt
secrets.yml filter=git-crypt diff=git-crypt secrets.yml filter=git-crypt diff=git-crypt
secrets.txt filter=git-crypt diff=git-crypt

View file

@ -40,10 +40,12 @@
# we only want nix hosts for this part, not all of the defined ones... # we only want nix hosts for this part, not all of the defined ones...
nixHosts = (builtins.filter ({ nix ? true, ... }: nix) hosts'); nixHosts = (builtins.filter ({ nix ? true, ... }: nix) hosts');
# We can't do partial application with //, so this solves it i guess...
merge = a: b: a // b;
# Convert a host from hosts.nix to something nixosConfigurations understands # Convert a host from hosts.nix to something nixosConfigurations understands
hostToConfig = z@{ hostname, nixname ? hostname, lxc ? true, ... }: hostToConfig = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
a: merge {
a // {
${nixname} = mkConfig { ${nixname} = mkConfig {
name = nixname; name = nixname;
lxc = lxc; lxc = lxc;
@ -52,14 +54,11 @@
# Same as above, but for the nodes part of deploy. # Same as above, but for the nodes part of deploy.
hostToDeploy = z@{ hostname, nixname ? hostname, lxc ? true, ... }: hostToDeploy = z@{ hostname, nixname ? hostname, lxc ? true, ... }:
a: merge { ${nixname} = mkDeploy nixname; };
a // {
${nixname} = mkDeploy nixname;
};
# And actually make the two sets. # And actually make the two sets.
configs = nixpkgs.lib.fold hostToConfig { } nixHosts; configs = nixpkgs.lib.foldr hostToConfig { } nixHosts;
nodes = nixpkgs.lib.fold hostToDeploy { } nixHosts; nodes = nixpkgs.lib.foldr hostToDeploy { } nixHosts;
in { in {
nixosConfigurations = configs; nixosConfigurations = configs;

View file

@ -18,7 +18,9 @@ in {
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
environment.systemPackages = with pkgs; [ ]; environment.systemPackages = with pkgs; [
gnupg
];
networking.firewall.enable = false; networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedTCPPorts = [ 3000 ];
@ -28,7 +30,6 @@ in {
environment.etc.giteaPass = { environment.etc.giteaPass = {
enable = true; enable = true;
text = "x"; text = "x";
user = "gitea2";
}; };
services.gitea = { services.gitea = {

View file

@ -3,12 +3,25 @@ let
proxy = url: { proxy = url: {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true;
locations."/" = { locations."/" = {
proxyPass = url; proxyPass = url;
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
k8s_proxy = proxy "http://10.42.20.5:80/"; k8s_proxy = proxy "http://10.42.20.5:80/";
big_proxy = url: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = url;
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
in { in {
imports = [ imports = [
# Import common config # Import common config
@ -42,6 +55,13 @@ in {
virtualHosts."git.voidcorp.nl" = proxy "http://gitea.voidlocal:3000/"; virtualHosts."git.voidcorp.nl" = proxy "http://gitea.voidlocal:3000/";
virtualHosts."www.galerievanslagmaat.nl" = {
forceSSL = true;
enableACME = true;
http2 = true;
globalRedirect = "galerievanslagmaat.nl";
};
virtualHosts."galerievanslagmaat.nl" = k8s_proxy; virtualHosts."galerievanslagmaat.nl" = k8s_proxy;
virtualHosts."staging.galerievanslagmaat.nl" = k8s_proxy; virtualHosts."staging.galerievanslagmaat.nl" = k8s_proxy;
virtualHosts."groenehartansichtkaarten.nl" = k8s_proxy; virtualHosts."groenehartansichtkaarten.nl" = k8s_proxy;
@ -49,7 +69,7 @@ in {
virtualHosts."vaultwarden.voidcorp.nl" = proxy "http://10.42.20.4:8000/"; virtualHosts."vaultwarden.voidcorp.nl" = proxy "http://10.42.20.4:8000/";
virtualHosts."s3.voidcorp.nl" = proxy "http://10.42.20.6:9000/"; virtualHosts."s3.voidcorp.nl" = big_proxy "http://10.42.20.6:9000/";
virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/"; virtualHosts."explore.s3.voidcorp.nl" = proxy "http://10.42.20.6:9001/";
virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/"; virtualHosts."registry.voidcorp.nl" = proxy "http://10.42.20.7:5000/";
virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/"; virtualHosts."grafana.voidcorp.nl" = proxy "http://10.42.20.9:3000/";