From aae3d25234cea89b69824a6ed8b7994350a32247 Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Mon, 6 Jul 2020 22:18:43 +0000
Subject: feat(ops/nixos/www): create login.tvl.fyi host

Change-Id: Ifad80915a61a1a5ac14e598a9d788aec3482693c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/936
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
---
 ops/nixos/www/base.nix          | 14 ++++++++++++++
 ops/nixos/www/login.tvl.fyi.nix | 23 +++++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 ops/nixos/www/base.nix
 create mode 100644 ops/nixos/www/login.tvl.fyi.nix

(limited to 'ops/nixos/www')

diff --git a/ops/nixos/www/base.nix b/ops/nixos/www/base.nix
new file mode 100644
index 0000000000..a15db6bb8a
--- /dev/null
+++ b/ops/nixos/www/base.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+{
+  config = {
+    services.nginx = {
+      enable = true;
+      enableReload = true;
+
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+}
diff --git a/ops/nixos/www/login.tvl.fyi.nix b/ops/nixos/www/login.tvl.fyi.nix
new file mode 100644
index 0000000000..8513c6e660
--- /dev/null
+++ b/ops/nixos/www/login.tvl.fyi.nix
@@ -0,0 +1,23 @@
+{ ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = {
+    services.nginx.virtualHosts."login.tvl.fyi" = {
+      serverName = "login.tvl.fyi";
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        location / {
+          proxy_pass http://localhost:8443;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header Host $host;
+        }
+      '';
+    };
+  };
+}
-- 
cgit 1.4.1