create nginx virtual host for home.beta.rz.ens.wtf

machines/core-services-01/subZone.nix

@@ -16,7 +16,7 @@ with my.ipv6; # contains { standard, acme }
   SOA = {
     nameServer = "ns1.${my.subZone}.";
     adminEmail = my.email;
-    serial = 2021111200; # Y M D Version
+    serial = 2021111300; # Y M D Version
   };
 
   NS = [
@@ -35,6 +35,7 @@ with my.ipv6; # contains { standard, acme }
     auth.AAAA = standard;
     push.AAAA = standard;
     ns1.AAAA = standard;
+    beta.AAAA = public-cof-ips;
 
     builders.subdomains = lib.mapAttrs (n: AAAA: { inherit AAAA; }) remoteBuilders;
 

machines/public-cof/configuration.nix

@@ -11,6 +11,7 @@
       ./nextcloud.nix
       ./minecraft.nix
       ./factorio.nix
+      ./nginx.nix
       # TODO monitoring
     ];
 

machines/public-cof/nextcloud.nix

@@ -19,16 +19,6 @@
   };
 
   services.nginx = {
-    enable = true;
-
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    # # Only allow PFS-enabled ciphers with AES256
-    # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
     virtualHosts = {
       "nuage.beta.rz.ens.wtf" = {
         forceSSL = true;

machines/public-cof/nginx.nix

@@ -0,0 +1,26 @@
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    # # Only allow PFS-enabled ciphers with AES256
+    # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+
+    virtualHosts = {
+      "home.beta.rz.ens.wtf" = {
+        serverAliases = [ "beta.rz.ens.wtf" ];
+        forceSSL = true;
+        enableACME = true;
+        root = "/var/public-cof/home";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 80 443 ];
+}