Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(Infini-SERVER): finish nginx/nitter setup

Browse source
This commit is contained in:
Infinidoge 2022-11-07 12:17:35 -05:00
parent 5fb50d467d
commit cdd6adf4a3
1 changed files with 43 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

53
hosts/Infini-SERVER/default.nix
View file

@ -1,4 +1,4 @@
{ suites, profiles, pkgs, lib, ... }: {
{ config, suites, profiles, pkgs, lib, ... }: {
imports = lib.flatten [
(with suites; [ base ])
@ -48,23 +48,51 @@
];
};
age.secrets."inx.moe.pem".owner = "nginx";
age.secrets."inx.moe.pem".group = "nginx";
age.secrets."inx.moe.key".owner = "nginx";
age.secrets."inx.moe.key".group = "nginx";
services = {
nginx = {
enable = true;
virtualHosts = {
"nitter.inx.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8000";
nginx =
let
cfg = config.services.nginx;
ssl = { sslCertificate = config.secrets."inx.moe.pem"; sslCertificateKey = config.secrets."inx.moe.key"; forceSSL = true; };
in
{
enable = true;
statusPage = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"*.inx.moe" = ssl // {
listen = lib.flatten
(map
(addr: [
{ inherit addr; port = 443; ssl = true; }
{ inherit addr; port = 80; ssl = false; }
])
cfg.defaultListenAddresses);
globalRedirect = "inx.moe";
};
"nitter.inx.moe" = ssl // {
locations."/" = {
proxyPass = "http://localhost:8000";
};
};
};
};
};
nitter = rec {
enable = true;
server = {
title = "Nitter | inx.moe";
port = 8000;
hostname = "nitter.inx.moe";
};
@ -76,4 +104,9 @@
};
};
};
networking.firewall = {
allowedUDPPorts = [ 80 443 ];
allowedTCPPorts = [ 80 443 ];
};
}