hosts/atlas+p-body: use cloudflared

author: seth <[email protected]> 2023-08-04 13:31:42 -0400
committer: seth <[email protected]> 2023-08-04 13:32:48 -0400
commit: b4600bce3f9314e8d7c459be0f170b91031e4dcc (patch)
tree: e520de0664ab3012e34ca07d862565ea07cae4af /hosts/p-body
parent: c71dd50f7c1b99a2a1a6d8ab91597bd2e7113840 (diff)
1 files changed, 16 insertions, 10 deletions
diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix
index 1d491d2..3278870 100644
--- a/hosts/p-body/nginx.nix
+++ b/hosts/p-body/nginx.nix
@@ -1,8 +1,14 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (config.networking) domain;
 in {
-  getchoo.server.acme.enable = true;
-  networking.firewall.allowedTCPPorts = [443];
+  getchoo.server = {
+    acme.enable = true;
+    services.cloudflared.enable = true;
+  };
 
   services.nginx = {
     enable = true;
@@ -12,8 +18,6 @@ in {
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    statusPage = true;
-
     virtualHosts = let
       mkProxy = endpoint: port: {
         "${endpoint}" = {
@@ -22,14 +26,16 @@ in {
         };
       };
 
-      mkVHosts = builtins.mapAttrs (_: v:
-        v
-        // {
+      mkVHosts = let
+        commonSettings = {
           enableACME = true;
           # workaround for https://github.com/NixOS/nixpkgs/issues/210807
           acmeRoot = null;
-          forceSSL = true;
-        });
+
+          addSSL = true;
+        };
+      in
+        builtins.mapAttrs (_: lib.recursiveUpdate commonSettings);
     in
       mkVHosts {
         "api.${domain}" = {
author	seth <[email protected]>	2023-08-04 13:31:42 -0400
committer	seth <[email protected]>	2023-08-04 13:32:48 -0400
commit	b4600bce3f9314e8d7c459be0f170b91031e4dcc (patch)
tree	e520de0664ab3012e34ca07d862565ea07cae4af /hosts/p-body
parent	c71dd50f7c1b99a2a1a6d8ab91597bd2e7113840 (diff)