diff --git a/machines/web01/_configuration.nix b/machines/web01/_configuration.nix index 8cb9425..da1e784 100644 --- a/machines/web01/_configuration.nix +++ b/machines/web01/_configuration.nix @@ -19,6 +19,7 @@ lib.extra.mkConfig { "static" "wordpress" "netbox" + "kahulm" ]; extraConfig = { diff --git a/machines/web01/kahulm.nix b/machines/web01/kahulm.nix new file mode 100644 index 0000000..e947881 --- /dev/null +++ b/machines/web01/kahulm.nix @@ -0,0 +1,32 @@ +{ sources, config, ... }: +let + host = "kahulm.normalesup.eu"; + port = 3009; +in +{ + imports = [ (sources.kahulm + "/module.nix") ]; + + services.kahulm = { + inherit port; + enable = true; + baseUrl = "https://${host}"; + sessionSecretFile = config.age.secrets.kahulm-session_secret.path; + }; + + services.nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/machines/web01/secrets/kahulm-session_secret b/machines/web01/secrets/kahulm-session_secret new file mode 100644 index 0000000..d8afbfb --- /dev/null +++ b/machines/web01/secrets/kahulm-session_secret @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA N+d61BeAAJsN9yuUaIAyaeqTxwu/y7fDxTEUZ4Xb2T8 +qisM6kKQfgXqi+8KtX8l61n6axSTOOPTkeXMFM9S40k +-> ssh-ed25519 QlRB9Q O+f6yM7IEAQcGS0tWYI/vaeR9EdLIrMzfou+SkOh0TA +rgcRoVg8ODN3VfSnQgGeE7eeN1de28OiCcE/esQuRlQ +-> ssh-ed25519 r+nK/Q MhWcxBz2Cri5gv+h5Axh2zS9rTSX/0Qq3L1+2XK+Fi4 +RznePCtPEM4Uayr4v6wy8VsU2RhFRrRWdB/+rAqNp5k +-> ssh-rsa krWCLQ +MZ5gQrXVmfKCwtWqFXki5ZTEG4Pa864N9qqjGnyw1vHUFmGBOMFO8Hvasz+iG36V +AmTNFzx3Kjdx+gnJXqC7jISzjg/gT+rOYHZH3hAthEHwdZPAvhQtoHb0asTfNOD7 +mCzM/tkzsygbk3KxicFNdi7rq5dX1K2vrizB+529r0IPCdrVr4KHblahHM1oHdRg +gL8P+LP+suB1xjUaZ+rppbNhqgY2aAIVoDFkIdreDLu/MyDZhNFcFOr0pIOmxBDl +er96RwBjk1cyscRwE1i0xdxSWel1qUEAN+QAaje6w2X5AIsL/1rY1h0UDr0OK81f +77LQ923Haz1osic6ot88Ig +-> ssh-ed25519 /vwQcQ ZS1tjIHOs1T18ZCVfE1KgAgE3cjGtcq5nThfUsV+IDY +A0DpFXoGm83JuHeFmvksUoEckgEeNE+4D6LlKvbM7i8 +-> ssh-ed25519 0R97PA ptvOm/preYyZXdYLaw9QBY1KMTq67twidem8g6gH8iI +i30sxM4XjOihv1ZD8XYFGMo5c83tuNZChVA+MbahCAI +-> ssh-ed25519 JGx7Ng DYanzR7agwBWoVTId0ggLjMJdFZMW0NPeBxUH7J66H8 +DL6XY8wwEmATSMmL1HH0ntA3ZdT44TUOXEI2Cqb/tsQ +-> ssh-ed25519 5SY7Kg XACP1By8MXp+CFyvbEFSJqLiqWqu6h9NQbGsoTdT2m4 +mAvr00GDzJfUFgva+vIMklMpM52EERAkC5DCQaNDCWw +-> ssh-ed25519 p/Mg4Q Eo1StxDOAh69cOqFs8DETqtW097QKYYz2tcNARgqMio +/YMmaZ5fVU0sWa70CB2DzKSFHmt3Q7Rcw2JDoqdJmtQ +-> ssh-ed25519 0IVRbA wZJyhn3bcP1DkVANbc8ot/HFMtg5NFxM1jsNCz2lX1o +lEcvnd+ItoaeozsDoBaGsVJk63kmuUhfkBe2VfDEHMo +--- QCjlcLMF7v9spqfVlUMub5LIDnvWI0nPifeQBQKduCg +>{^פwޅ^@nI,?7<:-Z] ^s60Z۾#