63 lines
1.4 KiB
Nix
63 lines
1.4 KiB
Nix
{ config, pkgs, inputs, lib, ... }:
|
|
let
|
|
port = 8123;
|
|
path = "/data/nginx";
|
|
certPath = "${path}/cert.pem";
|
|
keyPath = "${path}/key.pem";
|
|
in {
|
|
imports = [ ../nginx.nix ./virtualisation.nix ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ port 1883 ];
|
|
services.mosquitto = {
|
|
enable = true;
|
|
listeners = [
|
|
{
|
|
port = 1883;
|
|
omitPasswordAuth = true;
|
|
users = {};
|
|
settings = {
|
|
allow_anonymous = true;
|
|
};
|
|
acl = [ "topic readwrite #" ];
|
|
}];
|
|
};
|
|
|
|
services.nginx = {
|
|
virtualHosts = {
|
|
"bolty.raptor-carp.ts.net" = {
|
|
forceSSL = true;
|
|
enableACME = false;
|
|
locations."/" = {
|
|
proxyPass = "http://10.0.0.244:8123";
|
|
proxyWebsockets = true;
|
|
};
|
|
sslCertificateKey = keyPath;
|
|
sslCertificate = certPath;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.nginx-tailscale-certs = {
|
|
script = ''
|
|
mkdir -p ${path}
|
|
cp -rv /var/lib/tailscale-certs/cert.pem ${certPath}
|
|
cp -rv /var/lib/tailscale-certs/key.pem ${keyPath}
|
|
chown -Rv nginx:nginx ${path}
|
|
'';
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ReloadPropagatedFrom = "tailscale-cert.service";
|
|
};
|
|
before = [ "nginx.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [
|
|
"network.target"
|
|
"network-online.target"
|
|
"tailscaled.service"
|
|
"tailscale-cert.service"
|
|
];
|
|
wants = [ "tailscale-cert.service" ];
|
|
};
|
|
|
|
}
|