Jaculabilis/nixos-configs
1
1
Fork 0
Code Releases Activity

empyrean: Add mTLS domains for mopidy and immich

Browse Source
This commit is contained in:
Jaculabilis 2025-03-11 02:51:42 +00:00 committed by Tim Van Baak
parent d6d62d351b
commit 801eb9d288
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
machine/empyrean/default.nix
View File

@ -74,6 +74,45 @@
# Home service stub domains # Home service stub domains
"mopidy.home.ktvb.site" = service-stub; "mopidy.home.ktvb.site" = service-stub;
"jellyfin.home.ktvb.site" = service-stub; "jellyfin.home.ktvb.site" = service-stub;
# mTLS secure domains
"www.secure.ktvb.site" = {
enableACME = true;
forceSSL = true;
root = "/srv/www.secure.ktvb.site";
extraConfig = ''
# Enable mTLS
ssl_verify_client on;
ssl_client_certificate /etc/nginx/client-ca.crt;
index index.html;
'';
};
"mopidy.secure.ktvb.site" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://10.22.20.2";
locations."/mopidy/ws" = {
proxyPass = "http://10.22.20.2";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
extraConfig = ''
# Enable mTLS
ssl_verify_client on;
ssl_client_certificate /etc/nginx/client-ca.crt;
'';
};
"immich.secure.ktvb.site" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://10.22.20.8:2283";
extraConfig = ''
# enable mTLS
ssl_verify_client on;
ssl_client_certificate /etc/nginx/client-ca.crt;
'';
};
# mirror revproxy # mirror revproxy
"mirror.alogoulogoi.com" = { "mirror.alogoulogoi.com" = {
enableACME = true; enableACME = true;