From 2b30c68a540352c2ca223ec833dc85b979b716ea Mon Sep 17 00:00:00 2001
From: Kabbone <tobias@opel-online.de>
Date: Fri, 31 May 2024 20:42:16 +0200
Subject: [PATCH] hosts: dmz: nix-serve: add reverse proxy

---
 modules/services/dmz/hydra.nix | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/modules/services/dmz/hydra.nix b/modules/services/dmz/hydra.nix
index 039c69c..bf4cae6 100644
--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@@ -4,33 +4,40 @@
     services = {
       hydra = {
         enable = true;
-        hydraURL = "hydra.home.opel-online.de";
+        hydraURL = "https://hydra.home.opel-online.de";
         listenHost = "localhost";
         notificationSender = "hydra@localhost";
         useSubstitutes = true;
+        minimumDiskFree = 30;
       };
       nix-serve = {
           enable = true;
           port = 5001;
+          bindAddress = "127.0.0.1";
           secretKeyFile = config.age.secrets."keys/nixsign".path;
       };
       nginx = {
         enable = true;
         virtualHosts = {
-          "${config.services.hydra.hydraURL}" = {
+          "hydra.home.opel-online.de" = {
             enableACME = true;
             forceSSL = true;
             locations."/".proxyPass = "http://localhost:3000";
           };
+          "cache.home.opel-online.de" = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/".proxyPass = "http://localhost:5001";
+          };
         };
       };
     };
 
     security.acme = {
-      defaults.email = "webmaster@kabtop.de";
-      #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
       acceptTerms = true;
-      certs.${config.services.hydra.hydraURL} = {
+      defaults = {
+        email = "webmaster@kabtop.de";
+        #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
         dnsProvider = "netcup";
         environmentFile = config.age.secrets."services/acme/opel-online".path;
         webroot = null;