From fc6cf2962e36b00223dd6df7efcf97951d077d20 Mon Sep 17 00:00:00 2001 From: jaina heartles Date: Thu, 29 Feb 2024 13:08:22 -0800 Subject: [PATCH] Add *.home.heartles.xyz proxy --- configuration.nix | 6 ++++- heartles-xyz-proxy.nix | 54 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 heartles-xyz-proxy.nix diff --git a/configuration.nix b/configuration.nix index d282f04..216f926 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,5 +1,9 @@ { pkgs, ... }@inputs: { - imports = [ ./hardware-configuration.nix ./misskey-service.nix ]; + imports = [ + ./hardware-configuration.nix + ./misskey-service.nix + ./heartles-xyz-proxy.nix + ]; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; diff --git a/heartles-xyz-proxy.nix b/heartles-xyz-proxy.nix new file mode 100644 index 0000000..92a605c --- /dev/null +++ b/heartles-xyz-proxy.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + security.acme = { + acceptTerms = true; + defaults.email = "admin+acme@heartles.xyz"; + certs."STAR.home.heartles.xyz" = { + domain = "*.home.heartles.xyz"; + dnsProvider = "namecheap"; + credentialsFile = "/etc/nixos-secrets/namecheap-acme"; + group = "nginx"; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "*.home.heartles.xyz" = { + listen = [ + { + port = 443; + addr = "0.0.0.0"; + ssl = true; + } + { + port = 80; + addr = "0.0.0.0"; + } + { + port = 443; + addr = "[::]"; + ssl = true; + } + { + port = 80; + addr = "[::]"; + } + ]; + + useACMEHost = "STAR.home.heartles.xyz"; + forceSSL = true; + + locations."/" = { + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_name $host; + include /etc/nixos-secrets/nginx-proxy-pass-home.conf; + ''; + }; + }; + }; + }; +}