diff options
-rw-r--r-- | nix/configuration.nix | 4 | ||||
-rw-r--r-- | nix/tazserve.nix | 30 |
2 files changed, 25 insertions, 9 deletions
diff --git a/nix/configuration.nix b/nix/configuration.nix index 7e9949ad79ef..c93bc65b0e40 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -13,10 +13,10 @@ curl emacs htop ]; - services.openssh.enable = true; - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; users.extraUsers.vincent = { isNormalUser = true; diff --git a/nix/tazserve.nix b/nix/tazserve.nix index 202614fb704b..53a94f6684f8 100644 --- a/nix/tazserve.nix +++ b/nix/tazserve.nix @@ -1,13 +1,19 @@ { pkgs, config, ... }: -with pkgs; let - blogSource = fetchgit { - url = "https://git.tazj.in/tazjin/tazblog.git"; - sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2"; - rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660"; +with pkgs; let blogSource = fetchgit { + url = "https://git.tazj.in/tazjin/tazblog.git"; + sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2"; + rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660"; +}; +tazblog = import ./tazblog { inherit blogSource; }; +blog = tazblog.tazblog; +blogConfig = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; }; - tazblog = import ./tazblog { inherit blogSource; }; - blog = tazblog.tazblog; +}; in { # Ensure that blog software is installed environment.systemPackages = [ @@ -31,4 +37,14 @@ in { requires = [ "tazblog-db.service" ]; wantedBy = [ "multi-user.target" ]; }; + + # Set up reverse proxy + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + + virtualHosts."tazj.in" = blogConfig; + virtualHosts."www.tazj.in" = blogConfig; + }; } |