diff --git a/ops/nixos/blade-tuvok/default.nix b/ops/nixos/blade-tuvok/default.nix index cfcd11da5c..6ba473a955 100644 --- a/ops/nixos/blade-tuvok/default.nix +++ b/ops/nixos/blade-tuvok/default.nix @@ -42,4 +42,35 @@ in { daemons = [ "3" ]; }; }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + virtualHosts."objdump.zxcvbnm.ninja" = { + useACMEHost = "objdump.zxcvbnm.ninja"; + default = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:7480"; + extraConfig = '' + proxy_redirect off; + client_max_body_size 0; + proxy_buffering off; + ''; + }; + }; + }; + security.acme = { + acceptTerms = true; + email = "letsencrypt@lukegb.com"; + certs."objdump.zxcvbnm.ninja" = { + group = config.services.nginx.group; + dnsProvider = "cloudflare"; + credentialsFile = secrets.cloudflareCredentials; + extraDomainNames = [ + "*.objdump.zxcvbnm.ninja" + ]; + }; + }; } diff --git a/ops/nixos/lib/blade.nix b/ops/nixos/lib/blade.nix index 542f255296..baef3b29d6 100644 --- a/ops/nixos/lib/blade.nix +++ b/ops/nixos/lib/blade.nix @@ -129,6 +129,7 @@ in { global.monInitialMembers = "blade-janeway, blade-tuvok, blade-paris"; global.publicNetwork = "10.100.2.0/24"; global.clusterNetwork = "10.100.2.0/24"; + extraConfig.rgw_dns_name = "objdump.zxcvbnm.ninja"; mon.daemons = [ config.networking.hostName ]; mds.daemons = [ config.networking.hostName ]; rgw.daemons = [ config.networking.hostName ];