nginx: init

flake.nix

@@ -25,6 +25,11 @@
       modules = [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ./hosts/mosquitto/configuration.nix ];
     };
 
+    nixosConfigurations.nginx = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ./hosts/nginx/configuration.nix ];
+    };
+
     deploy.nodes.bastion = {
       hostname = "10.42.42.4";
       fastConnection = true;
@@ -61,6 +66,15 @@
       };
     };
 
+    deploy.nodes.nginx = {
+      hostname = "10.42.42.9";
+      fastConnection = true;
+      profiles.system = {
+        user = "root";
+        path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.nginx;
+      };
+    };
+
     checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
   };
 }

hosts/nginx/configuration.nix

@@ -26,19 +26,18 @@
   # Additional packages
   environment.systemPackages = with pkgs; [];
 
-  # Vault
-  networking.firewall.allowedTCPPorts = [ 8200 ];
-
-  services.vault = {
+  services.nginx = {
     enable = true;
-    # bin version includes the UI
-    package = pkgs.vault-bin;
-    address = "0.0.0.0:8200";
-    storageBackend = "file";
-    storagePath = "/var/lib/vault";
-    extraConfig = ''
-      api_addr = "10.42.42.6:8200"
-      ui = true
-    '';
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."ha.0x76.dev" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://10.42.42.8:8123/";
+        proxyWebsockets = true;
+      };
+    };
   };
 }