diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | node/spoutnik.nix | 36 | ||||
| -rw-r--r-- | site/pluton.nix | 2 |
3 files changed, 39 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e61812f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +notes/ diff --git a/node/spoutnik.nix b/node/spoutnik.nix index 55df7d7..4aa6f91 100644 --- a/node/spoutnik.nix +++ b/node/spoutnik.nix @@ -24,5 +24,41 @@ ips = [ "10.42.0.2/16" ]; listenPort = 42136; }; + + # Nginx configuration: + + services.nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Add any further config to match your needs, e.g.: + virtualHosts = let + base = locations: { + inherit locations; + + forceSSL = true; + enableACME = true; + }; + proxy = addr: port: base { + "/".proxyPass = "http://" + addr + ":" + toString(port); + }; + in { + "axl.deuxfleurs.fr" = proxy "192.168.0.60" 80; + "warez.luxeylab.net" = proxy "192.168.0.50" 80; + }; + }; + + + # ACME: + + security.acme = { + acceptTerms = true; + email = "adrien@luxeylab.net"; + }; } diff --git a/site/pluton.nix b/site/pluton.nix index ec94018..10ef4a5 100644 --- a/site/pluton.nix +++ b/site/pluton.nix @@ -10,4 +10,6 @@ services.nomad.settings.datacenter = "pluton"; services.consul.extraConfig.bootstrap_expect = 1; services.nomad.settings.server.bootstrap_expect = 1; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; } |