Setup Commit

2026-05-17 16:06:46 -05:00 · 2026-05-17 16:06:46 -05:00 · 289b69d342
commit 289b69d342
23 changed files with 728 additions and 0 deletions
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -0,0 +1,55 @@
+{inputs, pkgs, config, ...}:
+
+{
+  sops.secrets."CF_DNS_API_TOKEN" = {
+    format = "json";
+    sopsFile = "${inputs.secrets}/nginx.json";
+  };
+
+  sops.secrets."CF_ZONE_API_TOKEN" = {
+    format = "json";
+    sopsFile = "${inputs.secrets}/nginx.json";
+  };
+
+  sops.templates."ACME.env".content = ''
+    CF_DNS_API_TOKEN="${config.sops.placeholder."CF_DNS_API_TOKEN"}"
+    CF_ZONE_API_TOKEN="${config.sops.placeholder."CF_ZONE_API_TOKEN"}"
+  '';
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      dnsProvider = "cloudflare";
+      environmentFile = config.sops.templates."ACME.env".path;
+      email = "nyxerinys5@gmail.com";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "vault.nyxerinys.dev" = {
+        addSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+
+        locations."/" = {
+          proxyPass = "http://10.5.0.2:83";
+          proxyWebsockets = true;
+        };
+      };
+      "git.nyxerinys.dev" = {
+        addSSL = true;
+        enableACME = true;
+        acmeRoot = null;
+
+        locations."/" = {
+          proxyPass = "http://10.5.0.2:3000";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}