Prep for reinstall

Bits that require SOPS to be working have been pulled out into other files. Once the install is complete, these will be included in the base config.
2026-03-28 09:57:43 -04:00 · 2024-06-15 15:12:21 -04:00 · 2024-06-15 15:12:21 -04:00 · a8e3b109ed
commit a8e3b109ed
parent 660bba6aea
4 changed files with 87 additions and 79 deletions
--- a/modules/hosts/nixos/hetznix01/nginx.nix
+++ b/modules/hosts/nixos/hetznix01/nginx.nix
@ -0,0 +1,50 @@
+{ ... }: let 
+  http_port = 80;
+  https_port = 443;
+in {
+  imports = [
+    ../../../system/common/linux/lets-encrypt.nix
+  ];
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    appendHttpConfig = ''
+      # Add HSTS header with preloading to HTTPS requests.
+      # Adding this header to HTTP requests is discouraged
+      map $scheme $hsts_header {
+          https   "max-age=31536000 always;";
+      }
+      add_header Strict-Transport-Security $hsts_header;
+    '';
+    virtualHosts = {
+      "hetznix01.technicalissues.us" = {
+        default = true;
+        listen = [
+          { port = http_port; addr = "0.0.0.0"; }
+          { port = https_port; addr = "0.0.0.0"; ssl = true; }
+        ];
+        enableACME = true;
+        acmeRoot = null;
+        addSSL = true;
+        forceSSL = false;
+        locations."/" = {
+          return = "200 '<h1>Hello world ;)</h1>'";
+          extraConfig = ''
+            add_header Content-Type text/html;
+          '';
+        };
+      };
+      "utk-eu.technicalissues.us" = {
+        listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
+        enableACME = true;
+        acmeRoot = null;
+        forceSSL = true;
+        locations."/".proxyWebsockets = true;
+        locations."/".proxyPass = "http://127.0.0.1:3001";
+      };
+    }; # end virtualHosts
+  }; # end nginx
+}