diff --git a/hosts/vinzenz-lpt2/nginx.nix b/hosts/vinzenz-lpt2/nginx.nix index c0715f0..302a271 100644 --- a/hosts/vinzenz-lpt2/nginx.nix +++ b/hosts/vinzenz-lpt2/nginx.nix @@ -1,30 +1,66 @@ -_: { - services.nginx = { - enable = true; +{ inputs, pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-blog.sock"; +in +{ + users.groups = { + anubis.members = [ "nginx" ]; + nginx.members = [ "anubis" ]; + }; + services = { + nginx = { + enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; - virtualHosts = { - "vinzenz-lpt2" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000/"; - proxyWebsockets = true; + virtualHosts = { + #"vinzenz-lpt2" = { + # locations."/" = { + # proxyPass = "http://127.0.0.1:3000/"; + # proxyWebsockets = true; + # }; + # + # serverAliases = [ "172.23.42.96" ]; + #}; + + "vinzenz-lpt2" = { + locations."/" = { + proxyPass = ("http://unix:" + anubis-domain-socket); + }; }; - serverAliases = [ "172.23.42.96" ]; + "vinzenz-lpt2-in-anubis" = { + root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; + listen = [ + { + addr = ("unix:" + blog-domain-socket); + } + ]; + }; + }; + }; + + #networking.firewall = { + # allowedTCPPorts = [ + # 80 + # 8001 + # 3000 + # ]; + # allowedUDPPorts = [ 2342 ]; + #}; + + anubis = { + instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + }; }; }; }; - - networking.firewall = { - allowedTCPPorts = [ - 80 - 8001 - 3000 - ]; - allowedUDPPorts = [ 2342 ]; - }; }