sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request 'fix intranet ip resolution' (#44) from develop into master
Some checks failed
Deploy configs / deploy-configs (push) Failing after 24s
Details

Browse source 
Reviewed-on: #44
This commit is contained in:
sid 2026-05-05 13:21:32 +02:00
commit 4efa30095c
3 changed files with 43 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

41
hosts/rx4/services/nginx.nix
View file

@ -13,6 +13,18 @@ in
inputs.synix.nixosModules.nginx inputs.synix.nixosModules.nginx
]; ];
security.acme = {
certs."sid-internal" = {
domain = constants.services.vaultwarden.fqdn;
extraDomainNames = [
constants.services.netdata.fqdn
constants.services.webdav.fqdn
];
server = "https://${constants.ca-fqdn}:8443/acme/acme/directory";
group = "nginx";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/www 0755 gitea-runner ${cfg.group} -" "d /var/www 0755 gitea-runner ${cfg.group} -"
]; ];
@ -23,8 +35,8 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
openFirewall = false; openFirewall = true;
forceSSL = false; forceSSL = true;
virtualHosts = { virtualHosts = {
"${constants.services.docs.fqdn}" = { "${constants.services.docs.fqdn}" = {
@ -32,6 +44,31 @@ in
root = "/var/www/doc"; root = "/var/www/doc";
}; };
}; };
"${constants.services.netdata.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
proxyWebsockets = true;
};
};
"${constants.services.vaultwarden.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.vaultwarden.port}";
};
};
"${constants.services.webdav.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.webdav.port}";
proxyWebsockets = true;
};
};
}; };
}; };
} }

6
hosts/sid/services/coredns.nix
View file

@ -14,10 +14,10 @@
hosts { hosts {
${hosts.sid.ip} ${ca-fqdn} ${hosts.sid.ip} ${ca-fqdn}
${hosts.rx4.ip} ${services.netdata.fqdn}
${hosts.rx4.ip} ${services.vaultwarden.fqdn}
${hosts.rx4.ip} ${services.webdav.fqdn}
${hosts.rx4.ip} rx4.tail ${hosts.rx4.ip} rx4.tail
${hosts.sid.ip} ${services.netdata.fqdn}
${hosts.sid.ip} ${services.vaultwarden.fqdn}
${hosts.sid.ip} ${services.webdav.fqdn}
${hosts.sid.ip} sid.tail ${hosts.sid.ip} sid.tail
${hosts.vde.ip} vde.tail ${hosts.vde.ip} vde.tail
fallthrough fallthrough

1
hosts/sid/services/step-ca.nix
View file

@ -26,6 +26,7 @@ in
key = config.sops.secrets."step-ca/intermediate-key".path; key = config.sops.secrets."step-ca/intermediate-key".path;
dnsNames = [ dnsNames = [
constants.ca-fqdn constants.ca-fqdn
constants.hosts.rx4.ip
constants.hosts.sid.ip constants.hosts.sid.ip
]; ];
logger = { logger = {