From 227371359f7ed654d888de69e497f6767255d73a Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Sun, 8 Dec 2024 14:49:00 -0700 Subject: [PATCH] Add nginx reverse proxy for dev environment. This adds step-ca, but misses the step of having the CA initialize itself and create the certificate and add the cert to /etc/nixos/certs/sovr.[crt|key]. --- nalai/etc/nixos/configuration.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nalai/etc/nixos/configuration.nix b/nalai/etc/nixos/configuration.nix index 064c4b7..2e06a47 100644 --- a/nalai/etc/nixos/configuration.nix +++ b/nalai/etc/nixos/configuration.nix @@ -26,6 +26,12 @@ # Configure console keymap console.keyMap = "us"; + environment.etc."nginx/certs/sovr.crt" = { + source = ./certs/sovr.crt; + }; + environment.etc."nginx/certs/sovr.key" = { + source = ./certs/sovr.key; + }; # Bluetooth hardware.bluetooth.enable = true; # enables support for Bluetooth hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot @@ -73,6 +79,7 @@ }; networking.extraHosts = '' 192.168.1.5 pihole.home.arpa + 127.0.0.1 sovr.home.arpa ''; networking.hostName = "nalai"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -106,6 +113,17 @@ services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; + services.nginx.enable = true; + services.nginx.virtualHosts."sovr.home.arpa" = { + addSSL = true; + enableACME = false; + sslCertificate = "/etc/nginx/certs/sovr.crt"; + sslCertificateKey = "/etc/nginx/certs/sovr.key"; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + }; + # Enable CUPS to print documents. services.printing.enable = true; services.printing.drivers = [ @@ -203,6 +221,7 @@ ndisc6 nfs-utils neovim + nginx om4 poetry python3 @@ -211,6 +230,8 @@ signal-desktop splix spotify + step-ca + step-cli thunderbird tig tmux