diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/mailserver.nix | 4 | ||||
| -rw-r--r-- | modules/mealie.nix | 9 | ||||
| -rw-r--r-- | modules/syncthing.nix | 9 | ||||
| -rw-r--r-- | modules/webserver.nix | 31 |
4 files changed, 27 insertions, 26 deletions
diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 90c17fa..3329d43 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -16,7 +16,7 @@ loginAccounts = { "mail@krinitsin.com" = { hashedPasswordFile = "/secret/mail@krinitsin.com"; - aliases = ["postmaster@krinitsin.com"]; + aliases = [ "postmaster@krinitsin.com" "christian@krinitsin.com" ]; }; "wladislaw@krinitsin.com" = { hashedPasswordFile = "/secret/wladislaw@krinitsin.com"; @@ -33,4 +33,6 @@ $config['smtp_pass'] = "%p"; ''; }; + + security.acme.certs."krinitsin.com".extraDomainNames = [ "webmail.krinitsin.com" ]; } diff --git a/modules/mealie.nix b/modules/mealie.nix index 74dcf57..5059c8f 100644 --- a/modules/mealie.nix +++ b/modules/mealie.nix @@ -9,6 +9,13 @@ in package = unstable.mealie; }; - networking.firewall.allowedTCPPorts = [ 9000 8080 ]; + services.nginx.virtualHosts."recipes.krinitsin.com" = { + forceSSL = true; + useACMEHost = "krinitsin.com"; + serverAliases = [ "rezepte.krinitsin.com" ]; + locations."/".proxyPass = "http://localhost:9000"; + }; + + security.acme.certs."krinitsin.com".extraDomainNames = [ "recipes.krinitsin.com" "rezepte.krinitsin.com" ]; } diff --git a/modules/syncthing.nix b/modules/syncthing.nix index 4458b42..c25c956 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -8,5 +8,12 @@ openDefaultPorts = true; }; - networking.firewall.allowedTCPPorts = [ 8384 ]; + services.nginx.virtualHosts."syncthing.krinitsin.com" = { + forceSSL = true; + useACMEHost = "krinitsin.com"; + locations."/".proxyPass = "https://localhost:8384"; + }; + + security.acme.certs."krinitsin.com".extraDomainNames = [ "syncthing.krinitsin.com" ]; + } diff --git a/modules/webserver.nix b/modules/webserver.nix index e8867d3..e61cb68 100644 --- a/modules/webserver.nix +++ b/modules/webserver.nix @@ -12,20 +12,12 @@ serverAliases = [ "www.krinitsin.com" ]; locations."/shopping/".basicAuthFile = "/secret/shopping_auth"; - locations."/shopping/api/".proxyPass = "http://krinitsin.com:5000"; - }; + locations."/shopping/api/" = { + proxyPass = "http://127.0.0.1:5000"; + basicAuthFile = "/secret/shopping_auth"; + }; - "recipes.krinitsin.com" = { - forceSSL = true; - useACMEHost = "krinitsin.com"; - serverAliases = [ "rezepte.krinitsin.com" ]; - locations."/".proxyPass = "http://localhost:9000"; - }; - - "syncthing.krinitsin.com" = { - forceSSL = true; - useACMEHost = "krinitsin.com"; - locations."/".proxyPass = "https://localhost:8384"; + locations."/mensa/api/".proxyPass = "http://127.0.0.1:5000"; }; }; }; @@ -33,19 +25,12 @@ security.acme = { acceptTerms = true; defaults.email = "christian@krinitsin.xyz"; - certs."krinitsin.com".extraDomainNames = [ "recipes.krinitsin.com" "rezepte.krinitsin.com" "webmail.krinitsin.com" "syncthing.krinitsin.com" ]; }; - - environment.systemPackages = with pkgs; [ - python312 - python312Packages.flask - ]; - - systemd.services.flask = { + systemd.services.flask-backend = { enable = true; - wantedBy = ["default.target"]; - serviceConfig.ExecStart = ''/run/current-system/sw/bin/flask --app /var/www/krinitsin.com/shopping/app.py run -h krinitsin.com''; + wantedBy = ["multi-user.target"]; + serviceConfig.ExecStart = ''/var/flask-backend/result/bin/app.py''; }; networking.firewall.allowedTCPPorts = [ 80 443 5000 ]; |