Add reverse proxies with nginx for pedro

2022-08-31 08:06:17 -04:00 · 2022-08-31 08:06:17 -04:00 · 9dc1167f9f
commit 9dc1167f9f
parent a552dcd540
2 changed files with 44 additions and 1 deletions
--- a/machines/pedro/configuration.nix
+++ b/machines/pedro/configuration.nix
@ -66,7 +66,10 @@
        8384 22000  # syncthing
        8080 8443 6789 8880 8843 27117  # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
        53 8088  # pihole
-        3000  # gitea
+        #3000  # gitea
        #8081  # vaultwarden
        #8000  # paperless
        80 443  # reverse proxy
      ];
      allowedUDPPorts = [
        22000 21027  # syncthing
@ -119,6 +122,14 @@
  security.rtkit.enable = true;  # recommended for pipewire
  # enable acme for certbot
  security.acme = {
    acceptTerms  = true;
    defaults = {
      email = "jacob.hinkle@gmail.com";
    };
  };
  virtualisation.oci-containers.containers = let
    serverIP = "192.168.88.21";
  in {
@ -138,6 +149,8 @@
      stateDir = "/serverdata/gitea";
    };
    nginx = import ./nginx.nix;
    # Enable the OpenSSH daemon.
    openssh.enable = true;
@ -164,6 +177,14 @@
      unifiPackage = pkgs.unifiStable;
    };
    vaultwarden = {
      enable = true;
      config = {
        domain = "http://pedro:8081";
        signupsAllowed = true;
      };
    };
    # Enable the X11 windowing system.
    xserver = {
      enable = true;
--- a/machines/pedro/nginx.nix
+++ b/machines/pedro/nginx.nix
@ -0,0 +1,22 @@
 {
  enable = true;
  recommendedProxySettings = true;
  virtualHosts = let
    simpleProxy ip {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
        proxy_buffering off;
      '';
      locations."/" = {
        proxyPass = "http://[::1]:${ip}";
        proxyWebsockets = true;
      };
    }
  in {
    "home.jhink.org" = simpleProxy 8123;
    "git.jhink.org" = simpleProxy 3000;
    "paperless.jhink.org" = simpleProxy 8000;
    "vault.jhink.org" = simpleProxy 8081;
  };
 }