machine/serverle: enable nginx with separate network config

2025-05-24 09:54:40 +02:00 · 2023-02-23 20:02:46 +01:00 · 2023-02-23 20:02:46 +01:00 · 6d0b676cce
commit 6d0b676cce
parent 7085003f2a
3 changed files with 39 additions and 4 deletions
--- a/machines/serverle/configuration.nix
+++ b/machines/serverle/configuration.nix
@ -4,6 +4,7 @@
    ./hardware-configuration.nix
    ./disks.nix
    ./dyndns.nix
    ./network.nix
    ./services.nix
    ./syncthing.nix
    ./system.nix
@ -21,10 +22,6 @@
    gnupg.sshKeyPaths = [ ];
  };
  networking.firewall.allowedTCPPorts = [
    8080 # aria
  ];
  # Nix
  nix.gc = {
    automatic = true;
--- a/machines/serverle/network.nix
+++ b/machines/serverle/network.nix
@ -0,0 +1,11 @@
 { config, lib, pkgs, ... }:
 {
  networking.firewall.allowedTCPPorts = [
    8080 # aria
  ];
  networking = {
    domain = "stunkymonkey.de";
    search = [ "stunkymonkey.de" ];
  };
 }
--- a/machines/serverle/services.nix
+++ b/machines/serverle/services.nix
@ -4,8 +4,12 @@ let
  secrets = config.sops.secrets;
 in
 {
  sops.secrets."acme/inwx" = { };
  sops.secrets."borgbackup/password" = { };
  sops.secrets."borgbackup/ssh_key" = { };
  sops.secrets."sso/auth-key" = { };
  sops.secrets."sso/felix/password-hash" = { };
  sops.secrets."sso/felix/totp-secret" = { };
  # List services that you want to enable:
  my.services = {
@ -23,5 +27,28 @@ in
    jellyfin = {
      enable = true;
    };
    # Dashboard
    homer = {
      enable = true;
    };
    # Webserver
    nginx = {
      enable = true;
      acme = {
        credentialsFile = secrets."acme/inwx".path;
      };
      sso = {
        authKeyFile = secrets."sso/auth-key".path;
        users = {
          felix = {
            passwordHashFile = secrets."sso/felix/password-hash".path;
            totpSecretFile = secrets."sso/felix/totp-secret".path;
          };
        };
        groups = {
          root = [ "felix" ];
        };
      };
    };
  };
 }