Setup paperless host and reverse proxy for acme http challange

2023-09-25 01:35:11 +02:00 · 2023-09-25 01:35:11 +02:00 · c1e74a4494
commit c1e74a4494
parent a2855162eb
13 changed files with 184 additions and 3 deletions
--- a/config/hosts/web-public-1/configuration.nix
+++ b/config/hosts/web-public-1/configuration.nix
@ -0,0 +1,17 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {    
+    hostName = "web-public-1";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
--- a/config/hosts/web-public-1/default.nix
+++ b/config/hosts/web-public-1/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./configuration.nix
+    ./nginx.nix
+  ];
+}
--- a/config/hosts/web-public-1/nginx.nix
+++ b/config/hosts/web-public-1/nginx.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  imports = [
+    ./virtualHosts
+  ];
+
+  services.nginx = {
+    enable = true;
+  };
+}
--- a/config/hosts/web-public-1/virtualHosts/acme-challenge.nix
+++ b/config/hosts/web-public-1/virtualHosts/acme-challenge.nix
@ -0,0 +1,12 @@
+{ ... }:
+{
+  services.nginx.virtualHosts."paperless.grzb.de" = {
+    listen = [{ 
+      addr = "0.0.0.0";
+      port = 80;
+    }];
+    locations."^~ /.well-known/acme-challenge/" = {
+      proxyPass = "http://paperless.wg.grzb.de:80";
+    };
+  };
+}
--- a/config/hosts/web-public-1/virtualHosts/default.nix
+++ b/config/hosts/web-public-1/virtualHosts/default.nix
@ -0,0 +1,16 @@
+{ ... }:
+{
+  imports = [
+    ./acme-challenge.nix
+  ];
+
+  services.nginx.virtualHosts."_" = {
+    listen = [{
+        addr = "0.0.0.0";
+        port = 80;
+    }];
+    locations."/" = {
+			return = "301 https://$host$request_uri";
+		};
+  };
+}