feat(dns,nginx): add some weird magic

2025-06-08 02:09:04 +02:00 · 2024-10-26 04:09:35 +02:00 · 2024-10-26 04:09:35 +02:00 · 714a279fc2
commit 714a279fc2
parent ab03b23b45
8 changed files with 127 additions and 72 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -36,17 +36,11 @@ rec {

  mkVPNSubdomain = name: port: {
    luj.nginx.enable = true;
-    security.acme.certs."${name}.luj".server = "https://ca.luj/acme/acme/directory";
    services.nginx.virtualHosts."${name}.luj" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${toString port}";
-        extraConfig = ''
-          allow 100.100.45.0/24;
-          allow fd7a:115c:a1e0::/48;
-          deny all;
-        '';
      };
    };
  };
--- a/lib/dns.nix
+++ b/lib/dns.nix
@ -4,6 +4,16 @@ with lib;

 rec {

+  allowedDomains = [
+    "luj.fr"
+    "julienmalka.me"
+    "malka.family"
+    "luj"
+    "malka.sh"
+  ];
+
+  isVPNDomain = hasSuffix "luj";
+
  hasSuffix' = flip strings.hasSuffix;

  domainToZone = allowedDomains: domain: (findFirst (hasSuffix' domain) null allowedDomains);