hosts: dmz: nix-serve: add reverse proxy

2024-05-31 20:42:16 +02:00 · 2024-05-31 20:42:16 +02:00 · 2b30c68a54
commit 2b30c68a54
parent cb7412e749
1 changed files with 12 additions and 5 deletions
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@ -4,33 +4,40 @@
    services = {
      hydra = {
        enable = true;
-        hydraURL = "hydra.home.opel-online.de";
+        hydraURL = "https://hydra.home.opel-online.de";
        listenHost = "localhost";
        notificationSender = "hydra@localhost";
        useSubstitutes = true;
+        minimumDiskFree = 30;
      };
      nix-serve = {
          enable = true;
          port = 5001;
+          bindAddress = "127.0.0.1";
          secretKeyFile = config.age.secrets."keys/nixsign".path;
      };
      nginx = {
        enable = true;
        virtualHosts = {
-          "${config.services.hydra.hydraURL}" = {
+          "hydra.home.opel-online.de" = {
            enableACME = true;
            forceSSL = true;
            locations."/".proxyPass = "http://localhost:3000";
          };
+          "cache.home.opel-online.de" = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/".proxyPass = "http://localhost:5001";
+          };
        };
      };
    };

    security.acme = {
-      defaults.email = "webmaster@kabtop.de";
-      #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      acceptTerms = true;
-      certs.${config.services.hydra.hydraURL} = {
+      defaults = {
+        email = "webmaster@kabtop.de";
+        #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
        dnsProvider = "netcup";
        environmentFile = config.age.secrets."services/acme/opel-online".path;
        webroot = null;