runs on prod now :)

2026-02-10 01:04:47 +01:00 · 2026-02-10 01:04:47 +01:00 · 4c66c514a3
commit 4c66c514a3
parent d7812f37c3
5 changed files with 83 additions and 87 deletions
--- a/modules/containers/nginx.nix
+++ b/modules/containers/nginx.nix
@ -8,7 +8,6 @@
 }: let
  inherit (lib) mkEnableOption mkIf mkOption types;
  cfg = config.horseman.containers.nginx;
-  osConfig = config;
 in {
  options = {
    horseman.containers.nginx = {
@ -22,80 +21,58 @@ in {
  };

  config = mkIf cfg.enable {
-    containers.nginx = {
-      autoStart = true;
-      privateNetwork = true;
-      hostAddress = "172.16.0.1";
-      localAddress = "192.168.100.1";
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "koen.de.ruiter@hotmail.com";
+    };

-      bindMounts = {
-        "/var/www/portfolio" = {
-          hostPath = "/var/www/portfolio";
-          isReadOnly = true;
+    services.fail2ban.enable = true;
+    services.nginx = {
+      enable = true;
+
+      virtualHosts = {
+        "${cfg.domain}" = {
+          forceSSL = true;
+          enableACME = true;
+
+          root = "/var/www/portfolio";
+          default = true;
+          extraConfig = ''
+            error_page 404 /404.html;
+          '';
        };
-        "/var/www/public" = {
-          hostPath = "/var/www/public";
-          isReadOnly = true;
+
+        "public.${cfg.domain}" = {
+          forceSSL = true;
+          enableACME = true;
+
+          root = "/var/www/public";
+        };
+
+        "git.${cfg.domain}" = {
+          forceSSL = true;
+          enableACME = true;
+
+          locations."/" = {
+            proxyPass = "http://${config.containers.forgejo.localAddress}:${toString config.horseman.containers.forgejo.port}";
+          };
+        };
+
+        "vault.${cfg.domain}" = {
+          forceSSL = true;
+          enableACME = true;
+
+          locations."/" = {
+            proxyPass = "http://${config.containers.vaultwarden.localAddress}:${toString config.horseman.containers.vaultwarden.port}";
+          };
        };
      };
+    };

-      config = {
-        config,
-        pkgs,
-        lib,
-        ...
-      }: {
-        services.nginx = {
-          enable = true;
-
-          virtualHosts = {
-            "${cfg.domain}" = {
-              forceSSL = true;
-              enableACME = true;
-
-              root = "/var/www/portfolio";
-              default = true;
-              extraConfig = ''
-                error_page 404 /404.html;
-              '';
-            };
-
-            "public.${cfg.domain}" = {
-              forceSSL = true;
-              enableACME = true;
-
-              root = "/var/www/public";
-            };
-
-            "git.${cfg.domain}" = {
-              forceSSL = true;
-              enableACME = true;
-
-              locations."/" = {
-                proxyPass = "http://${osConfig.containers.forgejo.localAddress}:${toString osConfig.horseman.containers.forgejo.port}";
-              };
-            };
-
-            "vault.${cfg.domain}" = {
-              forceSSL = true;
-              enableACME = true;
-
-              locations."/" = {
-                proxyPass = "http://${osConfig.containers.vaultwarden.localAddress}:${toString osConfig.horseman.containers.vaultwarden.port}";
-              };
-            };
-          };
-        };
-
-        networking = {
-          firewall = {
-            enable = true;
-            allowedTCPPorts = [80 443];
-          };
-          useHostResolvConf = lib.mkForce false;
-        };
-        services.resolved.enable = true;
-        system.stateVersion = "23.11";
+    networking = {
+      firewall = {
+        enable = true;
+        allowedTCPPorts = [80 443];
      };
    };
  };