nginx: init
This commit is contained in:
parent
8e494833f4
commit
914594651b
2 changed files with 26 additions and 13 deletions
14
flake.nix
14
flake.nix
|
@ -25,6 +25,11 @@
|
||||||
modules = [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ./hosts/mosquitto/configuration.nix ];
|
modules = [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ./hosts/mosquitto/configuration.nix ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixosConfigurations.nginx = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [ "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix" ./hosts/nginx/configuration.nix ];
|
||||||
|
};
|
||||||
|
|
||||||
deploy.nodes.bastion = {
|
deploy.nodes.bastion = {
|
||||||
hostname = "10.42.42.4";
|
hostname = "10.42.42.4";
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
|
@ -61,6 +66,15 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
deploy.nodes.nginx = {
|
||||||
|
hostname = "10.42.42.9";
|
||||||
|
fastConnection = true;
|
||||||
|
profiles.system = {
|
||||||
|
user = "root";
|
||||||
|
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.nginx;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,19 +26,18 @@
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [];
|
environment.systemPackages = with pkgs; [];
|
||||||
|
|
||||||
# Vault
|
services.nginx = {
|
||||||
networking.firewall.allowedTCPPorts = [ 8200 ];
|
|
||||||
|
|
||||||
services.vault = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
# bin version includes the UI
|
recommendedProxySettings = true;
|
||||||
package = pkgs.vault-bin;
|
recommendedTlsSettings = true;
|
||||||
address = "0.0.0.0:8200";
|
|
||||||
storageBackend = "file";
|
virtualHosts."ha.0x76.dev" = {
|
||||||
storagePath = "/var/lib/vault";
|
enableACME = true;
|
||||||
extraConfig = ''
|
forceSSL = true;
|
||||||
api_addr = "10.42.42.6:8200"
|
locations."/" = {
|
||||||
ui = true
|
proxyPass = "http://10.42.42.8:8123/";
|
||||||
'';
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
Loading…
Reference in a new issue