sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

resolve intranet services on rx4
All checks were successful
Flake check / flake-check (pull_request) Successful in 20s
Details
Build hosts / build-hosts (pull_request) Successful in 23s
Details

Browse source
This commit is contained in:
sid 2026-05-05 13:19:08 +02:00
parent e50f7e1111
commit 907dcf9011
2 changed files with 40 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

41
hosts/rx4/services/nginx.nix
View file

@ -13,6 +13,18 @@ in
inputs.synix.nixosModules.nginx
];
security.acme = {
certs."sid-internal" = {
domain = constants.services.vaultwarden.fqdn;
extraDomainNames = [
constants.services.netdata.fqdn
constants.services.webdav.fqdn
];
server = "https://${constants.ca-fqdn}:8443/acme/acme/directory";
group = "nginx";
};
};
systemd.tmpfiles.rules = [
"d /var/www 0755 gitea-runner ${cfg.group} -"
];
@ -23,8 +35,8 @@ in
services.nginx = {
enable = true;
openFirewall = false;
forceSSL = false;
openFirewall = true;
forceSSL = true;
virtualHosts = {
"${constants.services.docs.fqdn}" = {
@ -32,6 +44,31 @@ in
root = "/var/www/doc";
};
};
"${constants.services.netdata.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
proxyWebsockets = true;
};
};
"${constants.services.vaultwarden.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.vaultwarden.port}";
};
};
"${constants.services.webdav.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.webdav.port}";
proxyWebsockets = true;
};
};
};
};
}

1
hosts/sid/services/step-ca.nix
View file

@ -26,6 +26,7 @@ in
key = config.sops.secrets."step-ca/intermediate-key".path;
dnsNames = [
constants.ca-fqdn
constants.hosts.rx4.ip
constants.hosts.sid.ip
];
logger = {