Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l yellow.r: add acme ssl to yellow.r, radar.r and sonar.r

Browse Source
This commit is contained in:
lassulus 2023-01-09 20:37:40 +01:00
parent 5443f40897
commit 2818476f71
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lass/1systems/yellow/config.nix
View File

@ -34,6 +34,12 @@ in {
}; };
}; };
security.acme.defaults.email = "spam@krebsco.de";
security.acme.acceptTerms = true;
security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
services.nginx = { services.nginx = {
enable = true; enable = true;
package = pkgs.nginx.override { package = pkgs.nginx.override {
@ -41,8 +47,10 @@ in {
fancyindex fancyindex
]; ];
}; };
virtualHosts.default = { virtualHosts."yellow.r" = {
default = true; default = true;
enableACME = true;
addSSL = true;
locations."/" = { locations."/" = {
root = "/var/download"; root = "/var/download";
extraConfig = '' extraConfig = ''
@ -137,18 +145,24 @@ in {
''; '';
}; };
virtualHosts."jelly.r" = { virtualHosts."jelly.r" = {
enableACME = true;
addSSL = true;
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_pass http://localhost:8096/; proxy_pass http://localhost:8096/;
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
''; '';
}; };
virtualHosts."radar.r" = { virtualHosts."radar.r" = {
enableACME = true;
addSSL = true;
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://localhost:7878"; proxyPass = "http://localhost:7878";
}; };
}; };
virtualHosts."sonar.r" = { virtualHosts."sonar.r" = {
enableACME = true;
addSSL = true;
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://localhost:8989"; proxyPass = "http://localhost:8989";
@ -227,6 +241,7 @@ in {
enable = true; enable = true;
tables.filter.INPUT.rules = [ tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic