Put attic behind a proxy
This commit is contained in:
parent
4e2354e570
commit
68bb79a2b6
|
@ -47,11 +47,13 @@
|
|||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org"
|
||||
"https://devenv.cachix.org"
|
||||
"https://cache.zweili.org/prod"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
"prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -141,7 +141,7 @@ in
|
|||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org"
|
||||
"https://devenv.cachix.org"
|
||||
"http://10.7.89.150:8080/prod"
|
||||
"https://cache.zweili.org/prod"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
|
|
|
@ -10,6 +10,7 @@ let
|
|||
cfg = config.services.az-attic-server;
|
||||
cacheStorage = "/mnt/binary-cache";
|
||||
atticPort = 8080;
|
||||
atticDomain = "cache.zweili.org";
|
||||
attic-garbage-collect = pkgs.writeShellScriptBin "attic-garbage-collect" ''
|
||||
${
|
||||
inputs.attic.packages.${system}.attic-server
|
||||
|
@ -42,14 +43,20 @@ in
|
|||
attic-garbage-collect
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ atticPort ];
|
||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||
|
||||
services.az-nginx-proxy = {
|
||||
enable = true;
|
||||
domain = atticDomain;
|
||||
port = atticPort;
|
||||
};
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.age.secrets.atticEnv.path;
|
||||
settings = {
|
||||
listen = "[::]:${toString atticPort}";
|
||||
api-endpoint = "http://10.7.89.150:${toString atticPort}/";
|
||||
allowed-hosts = [ ];
|
||||
api-endpoint = "https://${atticDomain}/";
|
||||
allowed-hosts = [ atticDomain ];
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "${cacheStorage}";
|
||||
|
|
|
@ -44,6 +44,7 @@ in
|
|||
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i rss.zweili.org } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i rss-bridge.zweili.org } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i cache.zweili.org } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
|
||||
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
|
||||
|
||||
|
@ -62,6 +63,7 @@ in
|
|||
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
||||
use_backend rss_server if { req_ssl_sni -i rss.zweili.org }
|
||||
use_backend rss_server if { req_ssl_sni -i rss-bridge.zweili.org }
|
||||
use_backend cache_server if { req_ssl_sni -i cache.zweili.org }
|
||||
use_backend proxy if { req_ssl_sni -i www.2li.ch }
|
||||
use_backend proxy if { req_ssl_sni -i 2li.ch }
|
||||
|
||||
|
@ -83,6 +85,9 @@ in
|
|||
backend proxy
|
||||
mode tcp
|
||||
server server1 127.0.0.1:4433 check
|
||||
backend cache_server
|
||||
mode tcp
|
||||
server server1 10.7.89.150:443 check
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue