diff --git a/nixosConfigurations/hetzner-vpn2/blog.nix b/nixosConfigurations/hetzner-vpn2/blog.nix deleted file mode 100644 index 4b29cb3..0000000 --- a/nixosConfigurations/hetzner-vpn2/blog.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; - anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; -in -{ - systemd.services = { - nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; - anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; - }; - - services = { - nginx.virtualHosts = { - "zerforschen.plus" = { - addSSL = true; - enableACME = true; - locations = { - "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; - "/".proxyPass = "http://unix:" + anubis-domain-socket; - }; - }; - - "blog-in-anubis" = { - root = pkgs.zerforschen-plus-content; - listen = [ - { - addr = "unix:" + blog-domain-socket; - } - ]; - }; - }; - - anubis.instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - METRICS_BIND = anubis-metrics-socket; - }; - }; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/default.nix b/nixosConfigurations/hetzner-vpn2/default.nix index cc53cb3..591dc20 100644 --- a/nixosConfigurations/hetzner-vpn2/default.nix +++ b/nixosConfigurations/hetzner-vpn2/default.nix @@ -2,8 +2,6 @@ imports = [ ./hardware.nix ./nginx.nix - ./headscale.nix - ./blog.nix ]; config = { diff --git a/nixosConfigurations/hetzner-vpn2/headscale.nix b/nixosConfigurations/hetzner-vpn2/headscale.nix deleted file mode 100644 index b7349bb..0000000 --- a/nixosConfigurations/hetzner-vpn2/headscale.nix +++ /dev/null @@ -1,23 +0,0 @@ -let - headscale-port = 8668; -in -{ - services = { - headscale = { - enable = true; - address = "localhost"; - port = headscale-port; - settings = { - dns.base_domain = "high-gravity.space"; - server_url = "https://headscale.zerforschen.plus"; - }; - }; - nginx.virtualHosts."uplink.darkest.space" = { - addSSL = true; - enableACME = true; - locations = { - "/".proxyPass = "http://localhost:" + headscale-port; - }; - }; - }; -} diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix index 7178b0d..aa399aa 100644 --- a/nixosConfigurations/hetzner-vpn2/nginx.nix +++ b/nixosConfigurations/hetzner-vpn2/nginx.nix @@ -1,19 +1,62 @@ +{ pkgs, ... }: +let + blog-domain-socket = "/run/nginx/blog.sock"; + anubis-domain-socket = "/run/anubis/anubis-main/anubis.sock"; + anubis-metrics-socket = "/run/anubis/anubis-main/anubis-metrics.sock"; +in { security.acme = { acceptTerms = true; defaults.email = "acme@zerforschen.plus"; }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; + systemd.services = { + nginx.serviceConfig.SupplementaryGroups = [ "anubis" ]; + anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ]; + }; + + services = { + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "zerforschen.plus" = { + addSSL = true; + enableACME = true; + locations = { + "/_metrics".proxyPass = "http://unix:" + anubis-metrics-socket + ":/metrics"; + "/".proxyPass = "http://unix:" + anubis-domain-socket; + }; + }; + + "blog-in-anubis" = { + root = pkgs.zerforschen-plus-content; + listen = [ + { + addr = "unix:" + blog-domain-socket; + } + ]; + }; + }; + }; + + anubis.instances.main = { + enable = true; + settings = { + BIND = anubis-domain-socket; + TARGET = "unix://" + blog-domain-socket; + METRICS_BIND = anubis-metrics-socket; + }; + }; }; networking.firewall.allowedTCPPorts = [ 80 443 + 5201 ]; }