mirror of
https://github.com/deltathetawastaken/dotfiles.git
synced 2025-12-06 07:16:37 +03:00
nginx work sep file
This commit is contained in:
Your Name
parent
cdb4c9c67f
commit
df106467ab
|
|
@ -796,11 +796,11 @@
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716080992,
|
"lastModified": 1716081545,
|
||||||
"narHash": "sha256-Izmwja4KDHh4ST9XgbYye4xOmStCoQycmkUyjRSXsoI=",
|
"narHash": "sha256-ypSvXHziqSlX/dafHm0SWS2TiaAEoswWr/0LrzPC8Xc=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "c395b0cf31b8fdea5c903af6338143feed848e77",
|
"rev": "33beddf3a50f2a15266f847e298b50ce54077ef8",
|
||||||
"revCount": 31,
|
"revCount": 33,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@github.com/deltathetawastaken/secrets.git"
|
"url": "ssh://git@github.com/deltathetawastaken/secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
154
hosts/intelnuc/nginx-work.nix
Normal file
154
hosts/intelnuc/nginx-work.nix
Normal file
|
|
@ -0,0 +1,154 @@
|
||||||
|
{ inputs, ... }:
|
||||||
|
{
|
||||||
|
services.nginx.enable = true;
|
||||||
|
services.nginx.virtualHosts."grafana" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
'';
|
||||||
|
|
||||||
|
serverName = "graf1.local";
|
||||||
|
serverAliases = [ "${inputs.secrets.work.graf-url}" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.graf-url};
|
||||||
|
'';
|
||||||
|
locations."/api/live/ws".extraConfig = ''
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_pass https://${inputs.secrets.work.graf-url};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."keycloak" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
'';
|
||||||
|
serverName = "${inputs.secrets.work.keycloak}";
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.keycloak};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."kibana" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
'';
|
||||||
|
serverName = "kibana.local ${inputs.secrets.work.kibana}";
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://${inputs.secrets.work.kibana};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."zabbix" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
'';
|
||||||
|
serverName = "zabbix.local";
|
||||||
|
serverAliases = [ "${inputs.secrets.work.zabbix-url}" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.zabbix};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."prox-1" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
proxy_ssl_verify off;
|
||||||
|
'';
|
||||||
|
serverName = "prox-1.local";
|
||||||
|
serverAliases = [ "${inputs.secrets.work.prox-1.name}" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.prox-1.ip};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."prox-2" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
proxy_ssl_verify off;
|
||||||
|
'';
|
||||||
|
serverName = "prox-2.local";
|
||||||
|
serverAliases = [ "${inputs.secrets.work.prox-2.name}" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.prox-2.ip};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."prox-3" = {
|
||||||
|
forceSSL = false;
|
||||||
|
listen = [
|
||||||
|
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
||||||
|
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
ssl_certificate /run/secrets/cert;
|
||||||
|
ssl_certificate_key /run/secrets/key;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
proxy_ssl_verify off;
|
||||||
|
'';
|
||||||
|
serverName = "prox-3.local";
|
||||||
|
serverAliases = [ "${inputs.secrets.work.prox-3.name}" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass https://${inputs.secrets.work.prox-3.ip};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
|
./nginx-work.nix
|
||||||
inputs.secrets.nixosModules.intelnuc
|
inputs.secrets.nixosModules.intelnuc
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -77,159 +78,6 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.enable = true;
|
|
||||||
services.nginx.virtualHosts."grafana" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
'';
|
|
||||||
|
|
||||||
serverName = "graf1.local";
|
|
||||||
serverAliases = [ "${inputs.secrets.work.graf-url}" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.graf-url};
|
|
||||||
'';
|
|
||||||
locations."/api/live/ws".extraConfig = ''
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_pass https://${inputs.secrets.work.graf-url};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."keycloak" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
'';
|
|
||||||
serverName = "${inputs.secrets.work.keycloak}";
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.keycloak};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."kibana" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
'';
|
|
||||||
serverName = "kibana.local ${inputs.secrets.work.kibana}";
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass http://${inputs.secrets.work.kibana};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."zabbix" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
'';
|
|
||||||
serverName = "zabbix.local";
|
|
||||||
serverAliases = [ "${inputs.secrets.work.zabbix-url}" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.zabbix};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."prox-1" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
proxy_ssl_verify off;
|
|
||||||
'';
|
|
||||||
serverName = "prox-1.local";
|
|
||||||
serverAliases = [ "${inputs.secrets.work.prox-1.name}" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.prox-1.ip};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."prox-2" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
proxy_ssl_verify off;
|
|
||||||
'';
|
|
||||||
serverName = "prox-2.local";
|
|
||||||
serverAliases = [ "${inputs.secrets.work.prox-2.name}" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.prox-2.ip};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."prox-3" = {
|
|
||||||
forceSSL = false;
|
|
||||||
listen = [
|
|
||||||
{port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
|
|
||||||
{port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
|
|
||||||
];
|
|
||||||
extraConfig = ''
|
|
||||||
ssl_certificate /run/secrets/cert;
|
|
||||||
ssl_certificate_key /run/secrets/key;
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
||||||
proxy_ssl_verify off;
|
|
||||||
'';
|
|
||||||
serverName = "prox-3.local";
|
|
||||||
serverAliases = [ "${inputs.secrets.work.prox-3.name}" ];
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass https://${inputs.secrets.work.prox-3.ip};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue