ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add t vault reverse proxy

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-03-08 17:37:37 -06:00
parent 7bcaca441a
commit bb9cd5d9c4
1 changed files with 28 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

48
hosts/linode/l002/nginx.nix
View file

@ -76,6 +76,14 @@
proxyPass = "http://100.64.0.2:6610"; proxyPass = "http://100.64.0.2:6610";
}; };
}; };
"vault.t.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.64.0.2:64608";
};
};
# Redirect self IP to domain # Redirect self IP to domain
"172.234.26.141" = { "172.234.26.141" = {
@ -152,29 +160,29 @@
''; '';
}; };
# this breaks on restart on the server side no idea, can no longer ssh in 22 normally # this breaks on restart on the server side no idea, can no longer ssh in 22 normally
# Convoluted way to get ssh to work for git server while also still allowing # Convoluted way to get ssh to work for git server while also still allowing
# ssh connections to the machine normally (you can't have nginx bind port 22 since sshd does) # ssh connections to the machine normally (you can't have nginx bind port 22 since sshd does)
# but sshd allows us to use a ForceCommand that we cna then proxy through # but sshd allows us to use a ForceCommand that we cna then proxy through
# environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
# # NOTE requires nc which I am getting from somewhere.... would be better to put it here in sys packs? # # NOTE requires nc which I am getting from somewhere.... would be better to put it here in sys packs?
# (writeScriptBin "proxy-to-git" '' # (writeScriptBin "proxy-to-git" ''
# #!${pkgs.bash}/bin/bash # #!${pkgs.bash}/bin/bash
# nc 100.64.0.2 6611 # nc 100.64.0.2 6611
# '') # '')
# ]; # ];
# #
# # TODO havent gotten this fully working yet # # TODO havent gotten this fully working yet
# #
# services.openssh.extraConfig = '' # services.openssh.extraConfig = ''
# Match Host git.joshuabell.xyz # Match Host git.joshuabell.xyz
# ForceCommand proxy-to-git # ForceCommand proxy-to-git
# PermitTTY no # PermitTTY no
# X11Forwarding no # X11Forwarding no
# PermitTunnel no # PermitTunnel no
# GatewayPorts no # GatewayPorts no
# AllowAgentForwarding no # AllowAgentForwarding no
# ''; # '';
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 # web http 80 # web http