Put attic behind a proxy
This commit is contained in:
parent
4e2354e570
commit
68bb79a2b6
|
@ -47,11 +47,13 @@
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
"https://devenv.cachix.org"
|
"https://devenv.cachix.org"
|
||||||
|
"https://cache.zweili.org/prod"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||||
|
"prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -141,7 +141,7 @@ in
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
"https://devenv.cachix.org"
|
"https://devenv.cachix.org"
|
||||||
"http://10.7.89.150:8080/prod"
|
"https://cache.zweili.org/prod"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
|
|
@ -10,6 +10,7 @@ let
|
||||||
cfg = config.services.az-attic-server;
|
cfg = config.services.az-attic-server;
|
||||||
cacheStorage = "/mnt/binary-cache";
|
cacheStorage = "/mnt/binary-cache";
|
||||||
atticPort = 8080;
|
atticPort = 8080;
|
||||||
|
atticDomain = "cache.zweili.org";
|
||||||
attic-garbage-collect = pkgs.writeShellScriptBin "attic-garbage-collect" ''
|
attic-garbage-collect = pkgs.writeShellScriptBin "attic-garbage-collect" ''
|
||||||
${
|
${
|
||||||
inputs.attic.packages.${system}.attic-server
|
inputs.attic.packages.${system}.attic-server
|
||||||
|
@ -42,14 +43,20 @@ in
|
||||||
attic-garbage-collect
|
attic-garbage-collect
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ atticPort ];
|
networking.firewall.allowedTCPPorts = [ 443 ];
|
||||||
|
|
||||||
|
services.az-nginx-proxy = {
|
||||||
|
enable = true;
|
||||||
|
domain = atticDomain;
|
||||||
|
port = atticPort;
|
||||||
|
};
|
||||||
services.atticd = {
|
services.atticd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
credentialsFile = config.age.secrets.atticEnv.path;
|
credentialsFile = config.age.secrets.atticEnv.path;
|
||||||
settings = {
|
settings = {
|
||||||
listen = "[::]:${toString atticPort}";
|
listen = "[::]:${toString atticPort}";
|
||||||
api-endpoint = "http://10.7.89.150:${toString atticPort}/";
|
api-endpoint = "https://${atticDomain}/";
|
||||||
allowed-hosts = [ ];
|
allowed-hosts = [ atticDomain ];
|
||||||
storage = {
|
storage = {
|
||||||
type = "local";
|
type = "local";
|
||||||
path = "${cacheStorage}";
|
path = "${cacheStorage}";
|
||||||
|
|
|
@ -44,6 +44,7 @@ in
|
||||||
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i rss.zweili.org } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i rss.zweili.org } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i rss-bridge.zweili.org } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i rss-bridge.zweili.org } !{ ssl_fc }
|
||||||
|
redirect scheme https code 301 if { hdr(host) -i cache.zweili.org } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
|
||||||
|
|
||||||
|
@ -62,6 +63,7 @@ in
|
||||||
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
||||||
use_backend rss_server if { req_ssl_sni -i rss.zweili.org }
|
use_backend rss_server if { req_ssl_sni -i rss.zweili.org }
|
||||||
use_backend rss_server if { req_ssl_sni -i rss-bridge.zweili.org }
|
use_backend rss_server if { req_ssl_sni -i rss-bridge.zweili.org }
|
||||||
|
use_backend cache_server if { req_ssl_sni -i cache.zweili.org }
|
||||||
use_backend proxy if { req_ssl_sni -i www.2li.ch }
|
use_backend proxy if { req_ssl_sni -i www.2li.ch }
|
||||||
use_backend proxy if { req_ssl_sni -i 2li.ch }
|
use_backend proxy if { req_ssl_sni -i 2li.ch }
|
||||||
|
|
||||||
|
@ -83,6 +85,9 @@ in
|
||||||
backend proxy
|
backend proxy
|
||||||
mode tcp
|
mode tcp
|
||||||
server server1 127.0.0.1:4433 check
|
server server1 127.0.0.1:4433 check
|
||||||
|
backend cache_server
|
||||||
|
mode tcp
|
||||||
|
server server1 10.7.89.150:443 check
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue