From bcb3cba9fa07ce8429edd40019ca3795a1ec7de6 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Tue, 18 Mar 2025 13:44:09 +0530
Subject: kay/www: proxy http for angeloantony.com
---
os/kay/modules/acme.nix | 31 ++++++++++++++++++++++++-------
os/kay/modules/www.nix | 20 ++++++++++++++++++++
os/kay/secrets.yaml | 5 +++--
3 files changed, 47 insertions(+), 9 deletions(-)
(limited to 'os/kay')
diff --git a/os/kay/modules/acme.nix b/os/kay/modules/acme.nix
index 00819e7..86ae165 100644
--- a/os/kay/modules/acme.nix
+++ b/os/kay/modules/acme.nix
@@ -2,22 +2,39 @@
email = config.global.userdata.email;
domain = config.global.userdata.domain;
+ domain_angelo = "angeloantony.com";
+ secret_path_angelo = "misc/angelo_cloudflare_dns_api_token";
+
environmentFile =
pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'";
in {
+ sops.secrets.${secret_path_angelo} = {};
+
security.acme = {
acceptTerms = true;
defaults.email = email;
- certs.${domain} = {
- inherit domain;
- extraDomainNames = [ "*.${domain}" ];
+ certs = {
+ ${domain_angelo} = {
+ domain = domain_angelo;
+ extraDomainNames = [ "*.${domain_angelo}" ];
+
+ dnsProvider = "cloudflare";
+ credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets.${secret_path_angelo}.path;
+
+ group = config.services.nginx.group;
+ };
+
+ ${domain} = {
+ inherit domain;
+ extraDomainNames = [ "*.${domain}" ];
- dnsProvider = "rfc2136";
- dnsPropagationCheck = false; # local DNS server
+ dnsProvider = "rfc2136";
+ dnsPropagationCheck = false; # local DNS server
- inherit environmentFile;
- group = config.services.nginx.group;
+ inherit environmentFile;
+ group = config.services.nginx.group;
+ };
};
};
}
diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix
index 2ab70aa..3903396 100644
--- a/os/kay/modules/www.nix
+++ b/os/kay/modules/www.nix
@@ -2,6 +2,10 @@
let
domain = config.global.userdata.domain;
+
+ domain_angelo = "angeloantony.com";
+ ip_angelo = "10.0.1.6";
+
storage = "/hdd/users/sftp/shr";
in
{
@@ -94,6 +98,22 @@ in
};
};
+ ".${domain_angelo}" = defaultOpts // {
+ useACMEHost = domain_angelo;
+
+ extraConfig = ''
+ proxy_buffering off;
+ proxy_request_buffering off;
+ client_max_body_size 0;
+ '';
+
+ locations."/" = {
+ proxyWebsockets = true;
+ proxyPass =
+ "http://${ip_angelo}";
+ };
+ };
+
"${config.services.grafana.settings.server.domain}" = defaultOpts // {
extraConfig = ''
proxy_buffering off;
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index 9d8b634..7713d37 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -18,6 +18,7 @@ github-runner:
nocodb-registration-token: ENC[AES256_GCM,data:AKXoTMXsyuH+wQMsBvqjy6AdsbzVrFPe0KcSVfQ=,iv:h+rj8K2EswZlmd+AHnQ6aJ3sdy4Ku8y1EuVngE1Ifu0=,tag:Z66amJwbv61SBKUzLVrgxg==,type:str]
age-master-key: ENC[AES256_GCM,data:X9hF4Tlu/iki2VrkquYXyNZ22E+CJBN9oFXgzuZtzEMePnIHDON7XVmKvIm4FcPdRIUo7b085+QTSA5RKcslVMbix4BSyWwNLzA=,iv:r51gdhvXmVLGbZ3w0C+kGfRb3DqZaWH3AN6F8c9g+Po=,tag:EzJv7GHuHZofqpMF0ZlqIA==,type:str]
misc:
+ angelo_cloudflare_dns_api_token: ENC[AES256_GCM,data:Rh1L4dt0cg88XUpUWvSB74ubQlCl9ci8px8PZ/b6KjJVd+ZlmG5qWA==,iv:xXd2A11SA7DXDtiUdsAbBkgAzwabV2D7H8Q11UFWe/A=,tag:o3E7Ww9nQ2ba8z9GLShRjA==,type:str]
wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str]
default_password: ENC[AES256_GCM,data:6I3Z4Y1r8eTVvyc=,iv:0yMAY6JfsHEkKsrVAgPxb+3So4A5xvWV4ME1Oi33TvQ=,tag:/7dUtXPrVMNkERdxlk0FOw==,type:str]
nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str]
@@ -45,8 +46,8 @@ sops:
OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-03-09T17:11:35Z"
- mac: ENC[AES256_GCM,data:x44HygQEMeY/Qi0KWGzlVtvZaD3aDfBKgdSKMIOfc5rhsfvzMhezLOGxRjdJ63H1XP/j650hLRKwCgx5ceg0k+1GlbUIxnXCyzCeEFGTVdW3uELNrxZokv1AKPU7iOmR1Mn5/lLEM1Ehxjsjl8PNpOmLpxaRnoUkoq1Sc4NZSck=,iv:3Hpxt4nCvFE5iuMKaGQaE2z0MLNRd1MgKcu1mMpwSlI=,tag:ZLndddPnWdCnWkDSY8+dhA==,type:str]
+ lastmodified: "2025-03-18T07:20:05Z"
+ mac: ENC[AES256_GCM,data:n0/qgqNEZo61lprSqE5u98F1sqWrKCLF8MIA0kBg05MDoySsppowYyClYq8KE8HVwQFmRbdl3ATUJg3DMzwkqXTi3M9ZQvDkf+f01DXMw4D1ruSwBqnUxlxy65xcQB8xAHcbptgy5erNZXRX88MwtqZrgspzZAhpdkE3UTn9kEw=,iv:iybukQKeiPudtY5I79V1J3+ItzzNEkFDRONDh1tVJrk=,tag:l+V4FIlsK/7fg6chbvRuRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4
--
cgit v1.2.3