mirror of
https://github.com/deltathetawastaken/dotfiles.git
synced 2025-12-06 07:16:37 +03:00
work nginx use ssl certs, add proxmox
This commit is contained in:
Your Name
parent
6e168ea407
commit
cdb4c9c67f
|
|
@ -286,12 +286,12 @@ let
|
|||
'';
|
||||
|
||||
hostsNoRemote = pkgs.writeText "hosts_no_remote" ''
|
||||
127.0.0.1 graf1.local graf2.local kibana.local
|
||||
127.0.0.1 graf1.local graf2.local kibana.local
|
||||
${inputs.secrets.work.zabbix} ${inputs.secrets.work.zabbix-url} zabbix.local
|
||||
'';
|
||||
|
||||
hostsRemote = pkgs.writeText "host_remote" ''
|
||||
100.92.15.128 graf1.local graf2.local kibana.local zabbix.local ${inputs.secrets.work.zabbix-url}
|
||||
100.92.15.128 graf1.local graf2.local kibana.local zabbix.local ${inputs.secrets.work.zabbix-url} ${inputs.secrets.work.graf-url} ${inputs.secrets.work.prox-1.name} ${inputs.secrets.work.prox-2.name} ${inputs.secrets.work.prox-3.name}
|
||||
'';
|
||||
|
||||
kittyWork = pkgs.writeScriptBin "kittywork" ''
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, inputs,... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware.nix
|
||||
|
|
@ -81,8 +80,19 @@
|
|||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts."grafana" = {
|
||||
forceSSL = false;
|
||||
listen = [{port = 80; addr="0.0.0.0"; ssl=false;}];
|
||||
serverName = "graf1.local ${inputs.secrets.work.graf-url}";
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
'';
|
||||
|
||||
serverName = "graf1.local";
|
||||
serverAliases = [ "${inputs.secrets.work.graf-url}" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -98,7 +108,16 @@
|
|||
|
||||
services.nginx.virtualHosts."keycloak" = {
|
||||
forceSSL = false;
|
||||
listen = [{port = 80; addr="0.0.0.0"; ssl=false;}];
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
'';
|
||||
serverName = "${inputs.secrets.work.keycloak}";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
|
|
@ -109,17 +128,35 @@
|
|||
|
||||
services.nginx.virtualHosts."kibana" = {
|
||||
forceSSL = false;
|
||||
listen = [{port = 80; addr="0.0.0.0"; ssl=false;}];
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
'';
|
||||
serverName = "kibana.local ${inputs.secrets.work.kibana}";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://${inputs.secrets.work.kibana};
|
||||
proxy_pass http://${inputs.secrets.work.kibana};
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."zabbix" = {
|
||||
forceSSL = false;
|
||||
listen = [{port = 80; addr="0.0.0.0"; ssl=false;}];
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
'';
|
||||
serverName = "zabbix.local";
|
||||
serverAliases = [ "${inputs.secrets.work.zabbix-url}" ];
|
||||
locations."/".extraConfig = ''
|
||||
|
|
@ -128,6 +165,70 @@
|
|||
proxy_pass https://${inputs.secrets.work.zabbix};
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."prox-1" = {
|
||||
forceSSL = false;
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
proxy_ssl_verify off;
|
||||
'';
|
||||
serverName = "prox-1.local";
|
||||
serverAliases = [ "${inputs.secrets.work.prox-1.name}" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://${inputs.secrets.work.prox-1.ip};
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."prox-2" = {
|
||||
forceSSL = false;
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
proxy_ssl_verify off;
|
||||
'';
|
||||
serverName = "prox-2.local";
|
||||
serverAliases = [ "${inputs.secrets.work.prox-2.name}" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://${inputs.secrets.work.prox-2.ip};
|
||||
'';
|
||||
};
|
||||
services.nginx.virtualHosts."prox-3" = {
|
||||
forceSSL = false;
|
||||
listen = [
|
||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||
];
|
||||
extraConfig = ''
|
||||
ssl_certificate /run/secrets/cert;
|
||||
ssl_certificate_key /run/secrets/key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
proxy_ssl_verify off;
|
||||
'';
|
||||
serverName = "prox-3.local";
|
||||
serverAliases = [ "${inputs.secrets.work.prox-3.name}" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_pass https://${inputs.secrets.work.prox-3.ip};
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue