From cf4baa6815f50c0b2ec08788db700ee720f295c2 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Mon, 11 Sep 2023 19:11:46 +0900 Subject: Drop auth for comics from OpenNIC --- static.nix | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/static.nix b/static.nix index 71889e8..c8e4eb2 100644 --- a/static.nix +++ b/static.nix @@ -17,7 +17,10 @@ # along with loang configuration. If not, see . { config, lib, pkgs, ... }: -let inherit (config.networking) domain; +let + inherit (config.networking) domain; + inherit (config.services) phylactery; + phylacteryAddress = "http://${phylactery.host}:${toString phylactery.port}"; in { networking.firewall.allowedTCPPorts = [ 80 # HTTP @@ -74,6 +77,24 @@ in { root = "/var/lib/www/khoanh.${domain}"; }; + "xem.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + extraConfig = '' + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + ''; + proxyPass = phylacteryAddress; + }; + }; + + "striproman.pirate" = { + addSSL = true; + useACMEHost = "xem.${domain}"; + locations."/".proxyPass = phylacteryAddress; + }; + "cercle.libre" = { addSSL = true; useACMEHost = "khoanh.${domain}"; @@ -129,18 +150,7 @@ in { ''; }; root = "/mnt/nas/www/px.cnx.gdn"; - }) // (aliasOpenNIC "striproman.pirate" "xem.${domain}" (let - address = "http://${phylactery.host}:${toString phylactery.port}"; - phylactery = config.services.phylactery; - in { - locations."/" = { - proxyPass = address; - extraConfig = '' - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - ''; - }; - }))); + })); }; phylactery = { -- cgit 1.4.1