mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: prepare local mirror web-proxy to speed up internal service access

Browse source
This commit is contained in:
oddlama 2024-05-19 15:33:06 +02:00
parent 8148ce9f37
commit 3d12add14d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
22 changed files with 139 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/ward/guests/netbird.nix
View file

@ -47,8 +47,9 @@ in {
dashboard.settings.AUTH_AUTHORITY = "https://${sentinelCfg.networking.providedDomains.kanidm}/oauth2/openid/netbird";
management = {
singleAccountModeDomain = "internal.${config.repo.secrets.global.domains.me}";
dnsDomain = "internal.${config.repo.secrets.global.domains.me}";
singleAccountModeDomain = "home.lan";
disableAnonymousMetrics = true;
oidcConfigEndpoint = "https://${sentinelCfg.networking.providedDomains.kanidm}/oauth2/openid/netbird/.well-known/openid-configuration";
turnDomain = sentinelCfg.networking.providedDomains.coturn;
turnPort = sentinelCfg.services.coturn.tls-listening-port;

37
hosts/ward/guests/web-proxy.nix Normal file
View file

@ -0,0 +1,37 @@
{config, ...}: let
inherit (config.repo.secrets.local) acme;
in {
age.secrets.acme-cloudflare-dns-token = {
rekeyFile = config.node.secretsDir + "/acme-cloudflare-dns-token.age";
mode = "440";
group = "acme";
};
age.secrets.acme-cloudflare-zone-token = {
rekeyFile = config.node.secretsDir + "/acme-cloudflare-zone-token.age";
mode = "440";
group = "acme";
};
security.acme = {
acceptTerms = true;
defaults = {
credentialFiles = {
CF_DNS_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-dns-token.path;
CF_ZONE_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-zone-token.path;
};
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
reloadServices = ["nginx"];
};
inherit (acme) certs wildcardDomains;
};
#nodes.sentinel = {
# # port forward 80,443 (ward) to 80,443 (web-proxy)
#};
users.groups.acme.members = ["nginx"];
services.nginx.enable = true;
services.nginx.recommendedSetup = true;
}