j00lz
/
strato-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
strato-infra/nixos/machines/nginx/default.nix

62 lines
1.7 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
proxy = path: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = path;
proxyWebsockets = true;
};
};
bigProxy = path: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = path;
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
k8sProxy = proxy "http://kubernetes.lxd:80/";
in {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "nginx";
system.stateVersion = "21.11";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
package = pkgs.nginxMainline;
virtualHosts."asraphiel.dev" = {
forceSSL = true;
http2 = true;
enableACME = true;
root = "/etc/main";
};
virtualHosts."git.asraphiel.dev" = proxy "http://gitea.lxd:3000/";
virtualHosts."vault.asraphiel.dev" = proxy "http://vault.lxd:8200/";
virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/";
virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/";
virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
virtualHosts."vaultwarden.asraphiel.dev" = proxy "http://vaultwarden.lxd:8000/";
virtualHosts."whoami.asraphiel.dev" = k8sProxy;
};
security.acme.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true;
environment.etc."main/index.html" = {
enable = true;
source = ./index.html;
};
}
Reference in New Issue View Git Blame Copy Permalink