about summary refs log tree commit diff
path: root/hosts/tahoe
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-04-13 11:24:02 -0700
committerFranck Cuny <franck@fcuny.net>2022-04-13 11:24:02 -0700
commit1636706b98afceb1b073c25b52a904f267c61910 (patch)
tree30a8943fc2473c8e568c09bf3e098664023cb998 /hosts/tahoe
parentfish: only start sway when sway is installed (diff)
downloadworld-1636706b98afceb1b073c25b52a904f267c61910.tar.gz
nginx: add nginx as a reverse proxy
This will ultimately replace traefik.
Diffstat (limited to '')
-rw-r--r--hosts/tahoe/services.nix15
1 files changed, 14 insertions, 1 deletions
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 75a6ee2..8846eae 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -18,7 +18,20 @@ in {
       stateDir = "/var/lib/gitea";
     };
     rclone = { enable = true; };
-    traefik = { enable = true; };
+    traefik = { enable = false; };
+    nginx = {
+      enable = true;
+      acme = { credentialsFile = secrets."acme/dns-key".path; };
+      sso = {
+        authKeyFile = secrets."sso/auth-key".path;
+        users = {
+          fcuny = {
+            passwordHashFile = secrets."sso/fcuny/password-hash".path;
+          };
+        };
+        groups = { root = [ "fcuny" ]; };
+      };
+    };
     transmission = { enable = true; };
     metrics-exporter = { enable = true; };
     backup = {