Compare commits
5 Commits
d54c8a6853
...
b016e76f09
| Author | SHA1 | Date | |
|---|---|---|---|
| b016e76f09 | |||
| ac61842f29 | |||
| 2cd917d56d | |||
| 05d7d04052 | |||
| cb8a6c998d |
@ -52,6 +52,23 @@
|
|||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
appendHttpConfig = ''
|
||||||
|
server_names_hash_bucket_size 64;
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"default" = {
|
||||||
|
default = true;
|
||||||
|
rejectSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
return = ''200 "Some piece of infrastructure\n"'';
|
||||||
|
extraConfig = ''
|
||||||
|
types { } default_type "text/plain; charset=utf-8";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
|
|||||||
@ -22,6 +22,18 @@
|
|||||||
networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
|
networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
|
||||||
networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];
|
networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"chisel.clerie.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
addSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://[::1]:3765";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
clerie.nginx-port-forward = {
|
clerie.nginx-port-forward = {
|
||||||
enable = true;
|
enable = true;
|
||||||
tcpPorts."2022" = {
|
tcpPorts."2022" = {
|
||||||
@ -32,7 +44,7 @@
|
|||||||
|
|
||||||
clerie.chisel.enable = true;
|
clerie.chisel.enable = true;
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
networking.firewall.allowedUDPPorts = [];
|
networking.firewall.allowedUDPPorts = [];
|
||||||
|
|
||||||
clerie.monitoring = {
|
clerie.monitoring = {
|
||||||
|
|||||||
@ -9,9 +9,9 @@ in {
|
|||||||
options = {
|
options = {
|
||||||
clerie.akne = {
|
clerie.akne = {
|
||||||
enable = mkEnableOption "Makes fun stuff with the nixos acme module.";
|
enable = mkEnableOption "Makes fun stuff with the nixos acme module.";
|
||||||
selfSigneOnlyHostNames = mkOption {
|
selfSignedOnlyHostNames = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = {};
|
default = [];
|
||||||
description = "List of hostnames for which the acme client gets disabled. This hostnames use the self-signed certs instead.";
|
description = "List of hostnames for which the acme client gets disabled. This hostnames use the self-signed certs instead.";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -34,7 +34,21 @@ in {
|
|||||||
}
|
}
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
) cfg.selfSigneOnlyHostNames
|
) cfg.selfSignedOnlyHostNames
|
||||||
|
)
|
||||||
|
);
|
||||||
|
systemd.targets = with lib; listToAttrs (
|
||||||
|
flatten (
|
||||||
|
map (
|
||||||
|
name: [
|
||||||
|
(
|
||||||
|
nameValuePair "acme-finished-${name}" {
|
||||||
|
after = mkForce [ "acme-selfsigned-${name}.service" ];
|
||||||
|
requires = mkForce [ "acme-selfsigned-${name}.service" ];
|
||||||
|
}
|
||||||
|
)
|
||||||
|
]
|
||||||
|
) cfg.selfSignedOnlyHostNames
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@ -19,7 +19,7 @@ in {
|
|||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
|
ExecStart = "${pkgs.chisel}/bin/chisel server --host [::1] --port 3765 --authfile /var/src/secrets/chisel/users.json";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./policyrouting
|
./policyrouting
|
||||||
|
./akne
|
||||||
./anycast_healthchecker
|
./anycast_healthchecker
|
||||||
./chisel
|
./chisel
|
||||||
./gre-tunnel
|
./gre-tunnel
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user