harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(attic): enable HTTPS and configure Nginx with ACME

Browse source 
- Allow TCP ports 80 and 443 in the firewall for HTTP and HTTPS traffic.
- Enable Nginx with ACME integration for automatic SSL certificate management.
- Configure a virtual host with proxy settings and support for WebSocket traffic.
This commit is contained in:
Harald Hoyer 2026-03-25 11:18:02 +01:00
parent 51398185e7
commit f039e4af1b
1 changed files with 23 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

24
systems/x86_64-linux/attic/default.nix
View file

@ -44,9 +44,31 @@
address = [ "2a01:4f9:c014:619::1/64" ]; address = [ "2a01:4f9:c014:619::1/64" ];
routes = [{ Gateway = "fe80::1"; }]; routes = [{ Gateway = "fe80::1"; }];
}; };
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
security.acme = {
acceptTerms = true;
defaults.email = "harald@hoyer.xyz";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."attic.teepot.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:8080";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
system.stateVersion = "25.11"; system.stateVersion = "25.11";