mirror of
https://github.com/harivansh-afk/nix.git
synced 2026-04-15 18:01:29 +00:00
c3fb0fc358
Break the monolithic 495-line configuration.nix into focused modules: - forgejo.nix: Forgejo service, git user, mirror sync timer - betternas.nix: control-plane + node agent services - vaultwarden.nix: Vaultwarden service - nginx.nix: ACME + all Nginx virtualHosts Remove sandbox-agent entirely (service, CORS proxy, package). Keep netty.harivan.sh vhost reserved for future use.
48 lines
1.1 KiB
Nix
48 lines
1.1 KiB
Nix
{
|
|
...
|
|
}:
|
|
let
|
|
sandboxDomain = "netty.harivan.sh";
|
|
forgejoDomain = "git.harivan.sh";
|
|
vaultDomain = "vault.harivan.sh";
|
|
betternasDomain = "api.betternas.com";
|
|
in
|
|
{
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "rathiharivansh@gmail.com";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
clientMaxBodySize = "512m";
|
|
|
|
# Reserved for future use - nothing listening on this port yet
|
|
virtualHosts.${sandboxDomain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:2470";
|
|
};
|
|
|
|
virtualHosts.${forgejoDomain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:19300";
|
|
};
|
|
|
|
virtualHosts.${vaultDomain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:8222";
|
|
};
|
|
|
|
virtualHosts.${betternasDomain} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/".proxyPass = "http://127.0.0.1:3100";
|
|
locations."/dav/".proxyPass = "http://127.0.0.1:8090";
|
|
};
|
|
};
|
|
}
|