clara/nix-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

basic nginx setup

Browse source
This commit is contained in:
CDaut 2025-10-31 15:26:08 +01:00
parent 800b243448
commit 7113bb629a
Signed by: clara
GPG key ID: 223391B52FAD4463
5 changed files with 116 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.sops.yaml
View file

@ -10,12 +10,13 @@ keys:
- &mastodon age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
- &paperless age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr
- &vikunja age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
- &nginx age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
creation_rules:
- path_regex: secrets\/all\/*
key_groups:
- pgp: [*clara]
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja]
age: [*wireguard, *mcserver, *zammad, *forgejo, *mastodon, *paperless, *vikunja, *nginx]
- path_regex: secrets\/wireguard\/*
key_groups:
- pgp: [*clara]

23
configs/containers/nginx_container.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, pkgs, config, ... }: {
deployment = {
targetHost = "10.0.0.2";
targetPort = 22;
targetUser = "root";
};
networking = {
hostName = "nginx";
interfaces.eth0 = {
ipAddress = "10.0.0.2";
prefixLength = 16;
};
defaultGateway = {
address = "10.0.0.254";
interface = "eth0";
};
};
imports = [
../container_config.nix
../services/nginx.nix
];
}

30
configs/services/nginx.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, pkgs, config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"pve.infra.cdaut.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "https://10.0.0.254:8006";
};
};
"corerouter.infra.cdaut.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.1:80";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "acme@cdaut.de";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

6
flake.nix
View file

@ -12,8 +12,6 @@
specialArgs = { inherit inputs; };
};
#mcserver = import ./configs/containers/mc_container.nix;
wireguard = import ./configs/containers/wg_container.nix;
zammad = import ./configs/containers/zammad_container.nix;
@ -22,9 +20,9 @@
mastodon = import ./configs/containers/mastodon_container.nix;
#paperless = import ./configs/containers/paperless_container.nix;
vikunja = import ./configs/containers/vikunja_container.nix;
nginx = import ./configs/containers/nginx_container.nix;
};
};
}

109
secrets/all/secrets.yaml
View file

@ -4,87 +4,96 @@ sops:
- recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZlNQem5ZYVhSbzB5T2pU
ZHFreDNkVHBiRThteDBqcjhsYkQ5R3B6NGtBCkRlMlRoN3NxeGo1QVE0ZEdYRjNE
dGdtVHJiL2JHU3BmbVB5YWVyRWhSMVUKLS0tIEJDVzY2ZUN0ZDYvcFRQbVdSZnUv
bXZIQjJXZnlLb1M5UHBMSEdsZFBLZUEKgNoMGAblrQDCUcTHyK/9pE/84wJLR2cu
qgLuL9oPGT4jpPf/WWTVNgfwrBNBbrFoDjF0fe3WpukBrEHIRf+3KA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwaWFLVVVrallkZEJGZkJm
bFBaNzkrRkU4MFVJZUxiSGZWdldSVGJLV2tNCnhod0g5emhQdExiMjhmb3Jxa2c0
bStqbnN2UnE3S1RIbi9iU21ITWZ4NlUKLS0tIGVrYjFVbGNOUmFvSXFBQzNraW1T
bWdvTG90S1pvVHJ0NUFqd2FCemp5Sm8KuNksM73Cd9Z+ecMGpIAhJieozze37ThN
u8dLFFdnv2MWKqOvK99yNcUCvkKOY5VN2hCT+vfqt/9pek76eUaDog==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jlt47gkctq7vfrykqlyg9um5mypy872pvtfql7kkpvhnemlex4mq89a3a8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByTGVOZ2xqdEJlWitXaFc0
bGc1RkdLazNKV2gxcVdBRERGeXgwQUxRWEZrCitGYlRSNUFsc3dqUW04OCt5NEJH
N2JoSUFISGIxM3doRy9pdFBRRkEzOFEKLS0tIHJJbVh1RGZQb3krd2NyQ1J3TXpO
MytTbEt4QzlCdENCZlQyT000ZThuM2sKMEjebD+XvT5aLBxzoXRn6x9OKyr7g+en
zEgNDK6IHtypxB9goafmJlYLamESx5eYtwYtZyXNO5a5lKbZHCOe+Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbitVenBHYWswWlpKb3NG
SG5VVERDQkc2Um1GV1ZkN0xzeW1iWlpYR3pBClIvNWRqOFA1SjJPNENqWjVRaXZR
R3ZmSzJxcGhyNEN5eGk4SDdnTnFFcHMKLS0tIFA0cThkTGtxdjUvVjJKVGY2aU1n
WENOM0cxRmF2TlBmRXFqU3phU2tDSDAKOiT/zbpRRmiQstLAJw1Mip4eoZ/OuCAW
qeK7wczzwZOnAcfUOdgjjOBFy9prU/AdcfH0I3THASgrIG8xrmHSKg==
-----END AGE ENCRYPTED FILE-----
- recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ZldFNENrMVF3bXFmclhM
MldYYVB3ZmVPNVJmTDhBUE53NFlrYkUxK2lNCmRmOTJzM0VOcG1iQkh6dWRDd21h
bFRiSGwzS3doRkEvN1hWSTA4YmdSRlEKLS0tIFBxYTluNUY2WVFvYUZ3WWRXZ3Ft
MVJLR3pxWXZENjV2OG5XclpwcWlHU00Kl+EsQMZsU4AggLAckfdsbHYV05AH8isn
fHXLacbn8R3Gn/Y+055QAvx4vtDL82gI1EhZzOMOXOG8vPY4R/263Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHc0RiYkN1eFpCaTFlVmpW
TEtyRUh1Ty8zTlZOMmVDTkFVOEJVTHhmTEJjCjhsdjZKQ210am1acEQyZ3pleVJ1
ZlN5dWdqampvaWl2SnVsRFRFRGw5Vk0KLS0tIE1PV3RGMVZoMitDME00S1M4alZz
TEw1K2ZKaDBMQlhBcjRoSFc3Zk5MRjgKoktTEbB/HEKlcNiS8jYQ5GqqhoL6K2/J
sMW42vi1a4Dk/+dRAMsmVjhSZiROhSA+1XaMByLBCHOVSdFEcdNgGw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vd33efsea2509hm0dwmhkuu7mm2kgw6tsss6lmzsqfg7gat06qyqys3qfh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbWoyekZWSFMrVml3QktX
L055SDZUellDNkFxNXZrOStmdVoxaURYbWh3Cm95V3JSeCtqOVlCVkVOem1sMWpK
STd4aVRaTzhsamxpV3hVbjB0bTl6azQKLS0tIHF6eW83WHF4eE9yTEg3RUpKbU1h
YklpbjFLbGtVcndKOEN1dVdKWUo2clEK+QctIupLf2ecNMqWzIQFCfXmVmWzfQGU
OzBpKIHLg8B/dvFtmpl30xnWJvS7V/QbvK22kHnbI/t5ngbCeHVBew==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUFNuekl6cnBrb0h3cytV
V3Z4dnBuOGZ3SE5CNEp3V2Facisvb0tLUERnCjhuSU9MTnhnYThJQ0dIUzRmNzY5
S1gzaTMxQUhoTXFTU0NXdThPT25Tck0KLS0tIE1uNVJaaHl4V0RmQWR0TzZ1SW0w
ckZMdVlkWHEvL0RPL3pyeStPNmtiMk0KbIhfCRvpRv+vVrqVfLpjEKdSs68GJ2NE
gbdqKRlnyPe+uZNpZmgP2sNH9QdJvGpvrnxQPZ4j/s7aIFhvHSYY1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbS80S0ZjeXBKdU1KRTlU
WG44TDU1cTRPdnExZk5iYjFZTWdGRUpJbHk4Ck54anU1dXdseDFXQ2pyb09RKzBD
Q2xCcjUyZU5WdU5INmJNSHJZM2phTW8KLS0tIGJydkVUQnhjbGVyK3cwYTdsV3k5
Sm9hTUFHTVJiWEtuK21FaGlWaGxWRGcK3ppnyVtA0oY75KbURzMKpNn9QvtG/nQ/
IpRGO6XBDthO35ES402nw2PXBzQB5sss5dc2VTSwgK1M3vAwyHAd5Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Q3JoZ2lPN2s4L0MrcGtn
MjM5ZjdMRzRKVXU5azdmY2kzOTMzUkYzeFdFCk5qbDFGQUtReDNDWUhKWjRaZzQx
NEZqWTkvd29sY2NJSTRWcDJBTC8rd1UKLS0tIGFPS1g2OEdmYmZvRE9jZC9oNG9X
andaVldXZS9Jc3FOTWdvbUhVVUtONU0KThDBMfftZBn7WeoIBx5CTv/hJtjvbXLA
+6KmZSoG3VPMzqdOy61s8RbZqwKMzeWl1ydHIvKcyvo2BmJSAZ/6CA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zj3tzzcpyq5s66phlrf2g203am7vl6vxg2jlpr8vy6u385xljapqt0d2fr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eG1EbzZCZDI4ajdaV0VL
NjFJL1dVVjlVcGlQbUJGR2o3QnQyVjJya2tzCkhKM3Qrb1k3bjBtZkx3Uzc5dVdn
RHVnbDVNZkdJKzR2YmpFSFNRM2NzOGMKLS0tIFgwR0ZabVhyR0RiREpYMlhFNWN4
bDVaczBxVEMrUmxETmdsK0t4MHQrbFkKz2PeQZWcBRfzPafszHiQG8sOLE2/cKvD
ByIVnZNoOeC0SszjXQABmHYFpqkUU5S4tFG1tZyv2hlIYn3Iwx0iDw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRWMxSzR4eUJnMFpBOGRJ
RzRIczZxbUdjUHRoUU4zYytwcUlMZWE4Q1JZCklWNXh6WSthdXdZTHVoWHJjTlYr
Um5UMlM0TVBoTTEyaXlyYjVpbXVPYXcKLS0tIGVWRjhaZC9DaGgzOStaaU85ODlW
Zm5ZSDd3MGpFVmtZL0c0WWV1M0ZKT2cKOm+HUuHskz6RsQVsVW+OcRr90yBqeNa3
PlgWRJ05uh8XETJVoZTkcbvyw7ZWWJzPzYCus1lWg1W9xVcsJwAn4Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1h7yq7n8gcw35apr7jn8r66dwss4hfcdv0sf4ankfxquyavlrqukqhr0lrc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZWRPV3hzTGwzbGVDVG51
ZWYwVmM4d1BBVnozTGk4bG5abldVdW5tK0M4Cjl4b1N1STQyNHNGSFI3THlrZzAz
N2lzdmZ4YnNoV2RaeTNiTEhybjhFTnMKLS0tIDhIQW1QdHAxUFQ1YU9ZT2Jxd0tu
OFpNSU9nM1pHSG9SR0FmTERXMkFTV0UKAV1wVmoyNHiukTlElQRZVN3p7WBbYMNQ
Hx+2/3sA3nDE6XtMBRuHReGl6/SXoM6xN5944meMP2AriYblSorWfw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bjVmS1BIK2k5UFZBSnlv
UXNmKzBsNU4yUVgrS05ta0c2VloxME9rUEIwCkRYM3ozVDZxallXRDVpMXpXelQ3
cWMxbzllYXYwQ3BaVWxHTS94czFWUUEKLS0tICtObVczWlVSYlc2a1dib2Z5YVRx
TVl1TFk1bW9mNEN1ZURQdXZpVDNPWmcK2n2SyP1Hu+kQqJ8Qegu67olwBnAd8Bpz
2who1jOs6/y7JSuXFTLKTkr60atqpjMwHRJbzL/0/jkij0fyVwmgEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ypq3n3e7gnwqddq5dgkdsfm0wqagrm5pl5tkunzp44lcezsllumqsjz0hz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTzZGMUQybitqcFpkcmFL
dnZXOGZCbTJMazZOM3FObXVSZGdpY0xCcTB3CmhnVDJ0OGxOVU1YZzV2Y05tV01r
aDBVcTdaSU5neUNMa3kxTkxiaTd6NTQKLS0tIEJVS2JpT2pQeGNuWTRvYUZCQ1Q1
TWdOc0g3aEZRTTZCUXVVbCttWjNLcUkKUDAOEIGxztVtG+Y7hyZuedPTvCH25Nt2
ECZpPN+QeMtwQ21eFC9v95RLrY97SV9TD5DgzZim06hgAcQq1ST2gg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-08T15:38:19Z"
mac: ENC[AES256_GCM,data:IoqrJyCNad4/OFH6y24kYMwnkF3OWfsw77POg00btvw7FoPoaSJ76RySMs6hgWs202bDYSDi44OvbgCVeNPkhe9eyM0gwF0Gf0cE3wirc+qj2qfL9/lMOTZm02WymMglJf6xTcPo3BH00XryR7ptid9+WrB0S2aBVNlcXSBwpzY=,iv:aLI2SyUzWqp/4XFPhogq2vq/u47bs6Gmgc/PRMe+GmM=,tag:jVnW7EkqDRfQluGTiw0olA==,type:str]
pgp:
- created_at: "2025-10-19T17:09:58Z"
- created_at: "2025-10-30T11:25:33Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzwtBoBqH5ZOARAApJ6Ek/s3Ri9fGj0SpbUnYrqXQ7S2KA2sorVcqySH5K+d
Bro+YGdeFgIXgFWBBKIKkU0EA9mB+D04XQbWkmSvf7FfLYqQROlUvUGeOGIbnpA3
yXbaqqz2ix7wIOfkgS+m1xYyigmgnU5aBr7Bq/9oPaAusBi9KKZD3gIjhAKvQY50
g08Le2VTcYN0m2oC4QYPVspZiMl3h3b2xzBlZltglCJnATg0PQ4vj9X8DZr12s08
KJZgTBWma2YNCQ/pXytVvA7k2sEXxmdh/7cNEtWoMmWC/x1gjnPVf2z/Ys6+uoHY
2E2S+CFq/tFEk7pLXcUFmbQW09LRXSZSmgCDcH2uynWpCep+nSiKuUpzznhoqZNr
xljuh0tuDtmXVVfdmJonr//NzxYClEtqfrH5MYapLH2yPBE5v311/utogux9dBqd
OkGetGk8BYl2OgNJSNni0hYm0wxLyLdHDYmwyGSUEiZD5c3v8aHStDSv3rY0KQd4
TP5J+e1G01jdrdl0YLQqAkiQsnI7lrWIwbX19C+/wT9t9q5PG0H8PuHD7SENUDm5
FST45Wv4PAHNi53HnUTP7pHhSkVnMKKN/vqy1DolxMlEx5W7NrN3Fmw4GQGGAjPa
30GSlti8H7sBfwR79sLK9KLY1XsaM9J9ldFvg0wQib8O3vhCM9lobWp3rUlIW6PS
XgFIqpUBa3KHz4pw5gpB9LQ98V+smo6ZgwKXy2YsFdi9bvTE3PhycEl67A5awo3C
mzOqESujdSjKpyaxbTGutA7Sfhhv8XBY/RBtcCdbGRXD7SJc3qGX0wUCz5K+y9k=
=3N1+
hQIMAzwtBoBqH5ZOARAAqVknm2mmAFX7nYejdt0rla0inc3/3dnDzVgwoAmMplTH
eI+3Ri43KRz5ohNxKqC4OtalOLdPC4uYo6J+zTY13vkGqJKrryOhdpISv2CABop5
sHtykv1Qce2mFFn/MBHi6k75E8lyBV5WkTKhKEAi8CFRF53XeQdVk4omBhp5O1q2
gBO2jo5gR36fHo5xUxeEd1sHGpdYTeKA7YQa2NhuZkL7xoRww1/Olc6oah3wyNX9
aQHjqYbtbbt9W0VirdHk5FYQb4y1I3HYnbfzOC8e74Ae1ioGwgcS7wLHIChaDPuC
mKjtk/L+nFW+cLMZFykPN6+OHX2zNoNxgWP0u9RHtVxBPqrZixfMcdAA+5Oyab0h
7u4KKCBcRYpzW1kKXebLzXn56bpiySWVEjS+6JNUU7y4CgIK7iGYLVZTzkVpC2NA
Zva+bje3lEb6Emhu2HBoUtzEzk097BfOeQKCaep5hZHOzh8TombOQRBG1E7gGXDZ
HlQCOdCvJR73Xpl9vXBBSNyykUN6wPZtoJhbcRL/TtAA3wV+IhNJ2tNUxj8qaCVb
Q7zmNOU1OqcSBbXjIPs9zZGizA1mEKPGCwQULuztt7x83y9e1VK+EAs2hd7dc3V/
va96T17jgcvknhneen2LBgbwbaQLYljnl2nAyPWVlhnXonReN1XwPG9VrSOGsQvS
XgHwxNiW3AtttmLDIC4pWfFuL81dHmtuGyUxQrkVVbH6Q7zKGkKyFDAGu5IkvCRj
5TSuPUAkfITvdi8U2cgBcBfGUsah5hb1S1aFsNrgTxtvchENR/6lJu8/xatIrVE=
=xCKw
-----END PGP MESSAGE-----
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
unencrypted_suffix: _unencrypted