services: hydra: fix reverse proxy and firewall

2024-05-31 19:46:43 +02:00 · 2024-05-31 19:46:43 +02:00 · e8f6f4e96f
commit e8f6f4e96f
parent 40fdd49224
2 changed files with 3 additions and 5 deletions
--- a/hosts/dmz/hardware-configuration.nix
+++ b/hosts/dmz/hardware-configuration.nix
@ -97,7 +97,7 @@
    firewall = {
      enable = true;
      allowedUDPPorts = [  ];
-      allowedTCPPorts = [  ];
+      allowedTCPPorts = [ 80 443 ];
    };
  };

--- a/modules/services/dmz/hydra.nix
+++ b/modules/services/dmz/hydra.nix
@ -20,9 +20,7 @@
          "${config.services.hydra.hydraURL}" = {
            enableACME = true;
            forceSSL = true;
-            listen = [ {
-                addr = "127.0.0.1"; port = 3000;
-            } ];
+            locations."/".proxyPass = "http://localhost:3000";
          };
        };
      };
@ -30,7 +28,7 @@

    security.acme = {
      defaults.email = "webmaster@kabtop.de";
-      defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      #defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
      acceptTerms = true;
      certs.${config.services.hydra.hydraURL} = {
        dnsProvider = "netcup";