diff options
| -rw-r--r-- | systems/atlas/default.nix | 7 | ||||
| -rw-r--r-- | systems/atlas/forgejo.nix | 3 | ||||
| -rw-r--r-- | systems/atlas/miniflux.nix | 3 | ||||
| -rw-r--r-- | terraform/dns.tf | 16 | ||||
| -rw-r--r-- | terraform/oci.tf | 24 |
5 files changed, 33 insertions, 20 deletions
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix index 78ffd78..a959a32 100644 --- a/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -18,11 +18,14 @@ loader.efi.canTouchEfiVariables = true; }; - mixins.cloudflared.enable = true; - networking = { domain = "getchoo.com"; hostName = "atlas"; + + firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # HTTPS + ]; }; nixpkgs.hostPlatform = "aarch64-linux"; diff --git a/systems/atlas/forgejo.nix b/systems/atlas/forgejo.nix index e60fafc..719ea7c 100644 --- a/systems/atlas/forgejo.nix +++ b/systems/atlas/forgejo.nix @@ -9,9 +9,6 @@ in services.nginx.virtualHosts = { "git.getchoo.com" = { - enableACME = false; - forceSSL = false; - locations."/" = { proxyPass = "http://unix:${forgejoCfg.settings.server.HTTP_ADDR}"; }; diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix index 179e512..73725f3 100644 --- a/systems/atlas/miniflux.nix +++ b/systems/atlas/miniflux.nix @@ -19,9 +19,6 @@ nginx.virtualHosts = { "miniflux.getchoo.com" = { - enableACME = false; - forceSSL = false; - locations."/" = { proxyPass = "http://unix:${lib.head config.systemd.sockets.miniflux.listenStreams}"; }; diff --git a/terraform/dns.tf b/terraform/dns.tf index cd914bf..31bd9d6 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -28,7 +28,6 @@ locals { } ]]) - getchoo_tunnels = data.cloudflare_zero_trust_tunnel_cloudflared.getchoo_tunnels getchoo_records = [ { name = "@" @@ -47,13 +46,13 @@ locals { }, { name = "miniflux" - type = "CNAME" - content = "${local.getchoo_tunnels["atlas-nginx"].id}.cfargotunnel.com" + type = "A" + content = resource.oci_core_instance.atlas.public_ip }, { name = "git" - type = "CNAME" - content = "${local.getchoo_tunnels["atlas-nginx"].id}.cfargotunnel.com" + type = "A" + content = resource.oci_core_instance.atlas.public_ip }, { name = "@" @@ -63,13 +62,6 @@ locals { ] } -data "cloudflare_zero_trust_tunnel_cloudflared" "getchoo_tunnels" { - for_each = toset(["atlas-nginx"]) - - account_id = var.cloudflare_account_id - name = each.key -} - resource "cloudflare_record" "getchoo_com" { for_each = { for record in local.getchoo_records : "${record.name}-${record.type}" => record } diff --git a/terraform/oci.tf b/terraform/oci.tf index 704ff2c..9801e3b 100644 --- a/terraform/oci.tf +++ b/terraform/oci.tf @@ -55,4 +55,28 @@ resource "oci_core_security_list" "borealis_global" { protocol = "1" source = "10.0.0.0/16" } + + ingress_security_rules { + description = "Allow HTTP traffic" + + protocol = "6" + source = "0.0.0.0/0" + + tcp_options { + min = 80 + max = 80 + } + } + + ingress_security_rules { + description = "Allow HTTPS traffic" + + protocol = "6" + source = "0.0.0.0/0" + + tcp_options { + min = 443 + max = 443 + } + } } |