hosts/porter: add scholl service proxy

2022-12-05 20:45:00 +01:00 · 2022-12-05 20:45:00 +01:00 · 91e6a42ea3
commit 91e6a42ea3
parent 607fdde5fd
1 changed files with 23 additions and 9 deletions
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@ -23,17 +23,31 @@
  networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];

  services.nginx.enable = true;
-  services.nginx.virtualHosts = {
-    "chisel.clerie.de" = {
-      enableACME = true;
-      addSSL = true;
-      locations."/" = {
-        proxyPass = "http://[::1]:3765";
-        proxyWebsockets = true;
-      };
+  services.nginx.virtualHosts.default = lib.mkForce {};
+  services.nginx.virtualHosts."*.schule.clerie.de" = {
+    locations."/" = {
+      proxyPass = "http://schule.net.clerie.de";
    };
  };

+  services.sniproxy = {
+    enable = true;
+    config = ''
+      error_log {
+        filename /var/log/sniproxy/error.log
+      }
+      access_log {
+        filename /var/log/sniproxy/access.log
+      }
+      listen 443 {
+        proto tls
+      }
+      table {
+        ^.*\.schule\.clerie\.de$ [2001:638:904:ffcb::d]
+      }
+    '';
+  };
+
  clerie.nginx-port-forward = {
    enable = true;
    tcpPorts."2022" = {
@ -43,7 +57,7 @@
  };

  services.chisel-server = {
-    enable = true;
+    enable = false;
    host = "[::1]";
    port = 3765;
    authfile = "/var/src/secrets/chisel/users.json";