feat(dns,nginx): add some weird magic

2025-07-02 15:37:20 +02:00 · 2024-10-26 04:09:35 +02:00 · 2024-10-26 04:09:35 +02:00 · 8d987a5e38
commit 8d987a5e38
parent e91ecd2ab6
5 changed files with 125 additions and 72 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -36,17 +36,11 @@ rec {

  mkVPNSubdomain = name: port: {
    luj.nginx.enable = true;
-    security.acme.certs."${name}.luj".server = "https://ca.luj/acme/acme/directory";
    services.nginx.virtualHosts."${name}.luj" = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${toString port}";
-        extraConfig = ''
-          allow 100.100.45.0/24;
-          allow fd7a:115c:a1e0::/48;
-          deny all;
-        '';
      };
    };
  };