Infra/pi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add ssl

Browse source
This commit is contained in:
Katharina Heidenreich 2026-03-15 20:42:53 +01:00
parent e3a3f16fd6
commit c3406d7df6
2 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
data/network.nix
View file

@ -64,10 +64,7 @@ rec {
ip = ips.pi; ip = ips.pi;
reverse_proxy = { reverse_proxy = {
port = 6167; port = 6167;
extraConfig = { ssl = true;
enableACME = true;
forceSSL = true;
};
}; };
domainOverride = "v2202603344638441294.bestsrv.de"; domainOverride = "v2202603344638441294.bestsrv.de";
}; };

9
services/nginx.nix
View file

@ -21,6 +21,13 @@ let
myExtraConfig = if service.reverse_proxy ? extraConfig myExtraConfig = if service.reverse_proxy ? extraConfig
then service.reverse_proxy.extraConfig then service.reverse_proxy.extraConfig
else {}; else {};
sslConfig = if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
then {
enableACME = true;
forceSSL = true;
listen = [ {addr = "0.0.0.0"; port = 443;} ];
}
else {};
in in
{ {
serverName = "${domain}"; serverName = "${domain}";
@ -30,7 +37,7 @@ let
allow ${network.network.subnet}; allow ${network.network.subnet};
deny all; deny all;
''; '';
} // serverAlias // myExtraConfig; } // serverAlias // sslConfig // myExtraConfig;
rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy; rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy); serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
fallback = { fallback = {