about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--nix/configuration.nix4
-rw-r--r--nix/tazserve.nix30
2 files changed, 25 insertions, 9 deletions
diff --git a/nix/configuration.nix b/nix/configuration.nix
index 7e9949ad79ef..c93bc65b0e40 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -13,10 +13,10 @@
     curl emacs htop
   ];
 
-
   services.openssh.enable = true;
 
-  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
 
   users.extraUsers.vincent = {
     isNormalUser = true;
diff --git a/nix/tazserve.nix b/nix/tazserve.nix
index 202614fb704b..53a94f6684f8 100644
--- a/nix/tazserve.nix
+++ b/nix/tazserve.nix
@@ -1,13 +1,19 @@
 { pkgs, config, ... }:
 
-with pkgs; let
-  blogSource = fetchgit {
-    url = "https://git.tazj.in/tazjin/tazblog.git";
-    sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
-    rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
+with pkgs; let blogSource = fetchgit {
+  url = "https://git.tazj.in/tazjin/tazblog.git";
+  sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
+  rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
+};
+tazblog = import ./tazblog { inherit blogSource; };
+blog = tazblog.tazblog;
+blogConfig = {
+  enableACME = true;
+  addSSL = true;
+  locations."/" = {
+    proxyPass = "http://127.0.0.1:8000";
   };
-  tazblog = import ./tazblog { inherit blogSource; };
-  blog = tazblog.tazblog;
+};
 in {
   # Ensure that blog software is installed
   environment.systemPackages = [
@@ -31,4 +37,14 @@ in {
     requires              = [ "tazblog-db.service" ];
     wantedBy              = [ "multi-user.target" ];
   };
+
+  # Set up reverse proxy
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts."tazj.in" = blogConfig;
+    virtualHosts."www.tazj.in" = blogConfig;
+  };
 }