gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(utsuho): post-apply setup

Browse source
This commit is contained in:
arcnmx 2024-03-21 08:19:43 -07:00
parent 64354376c7
commit a6fced79d5
10 changed files with 371 additions and 206 deletions
Download patch file Download diff file Expand all files Collapse all files

38
systems/utsuho/nixos.nix
View file

@ -1,11 +1,47 @@
{meta, config, ...}: {
{meta, config, access, ...}: let
inherit (config.services.nginx) virtualHosts;
tei = access.nixosFor "tei";
in {
imports = let
inherit (meta) nixos;
in [
nixos.sops
nixos.base
nixos.reisen-ct
nixos.cloudflared
nixos.nginx
nixos.access.unifi
];
services.cloudflared = let
tunnelId = "28bcd3fc-3467-4997-806b-546ba9995028";
in {
tunnels.${tunnelId} = {
default = "http_status:404";
credentialsFile = config.sops.secrets.cloudflared-tunnel-utsuho.path;
ingress = {
${virtualHosts.unifi.serverName} = {
service = "http://localhost";
};
};
};
};
services.nginx = {
access.unifi = {
host = tei.lib.access.hostnameForNetwork.local;
};
virtualHosts = {
unifi.proxied.enable = "cloudflared";
};
};
sops.secrets.cloudflared-tunnel-utsuho = {
owner = config.services.cloudflared.user;
};
sops.defaultSopsFile = ./secrets.yaml;
systemd.network.networks.eth0 = {
name = "eth0";
matchConfig = {