diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index a2d302d3e6..0d3caf697c 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -305,5 +305,10 @@ in { }; }; + my.quotesdb.listen = [ + "185.198.188.29" + "[2a0a:54c0:0:17::2]" + ]; + system.stateVersion = "20.09"; } diff --git a/ops/nixos/lib/quotes.bfob.gg.nix b/ops/nixos/lib/quotes.bfob.gg.nix index 7e84777627..e31e08d930 100644 --- a/ops/nixos/lib/quotes.bfob.gg.nix +++ b/ops/nixos/lib/quotes.bfob.gg.nix @@ -1,4 +1,4 @@ -{ config, depot, lib, ... }: +{ config, options, depot, lib, ... }: let inherit (depot.ops) secrets; @@ -7,7 +7,24 @@ let sock = "/run/quotesdb/gunicorn.sock"; in { - config = { + options = with lib; { + my.quotesdb.listen = lib.mkOption { + type = with types; listOf str; + default = [ "127.0.0.1" "[::1]" ]; + }; + }; + + config = let + nginxListen = (map (addr: { + inherit addr; + port = 80; + ssl = false; + }) config.my.quotesdb.listen) ++ (map (addr: { + inherit addr; + port = 443; + ssl = true; + }) config.my.quotesdb.listen); + in { security.acme = { acceptTerms = true; email = lib.mkDefault "letsencrypt@lukegb.com"; @@ -21,11 +38,13 @@ in services.nginx = { enable = lib.mkDefault true; virtualHosts."qdb.bfob.gg" = { + listen = nginxListen; useACMEHost = "bfob.gg"; globalRedirect = "quotes.bfob.gg"; forceSSL = true; }; virtualHosts."quotes.bfob.gg" = { + listen = nginxListen; useACMEHost = "bfob.gg"; forceSSL = true; locations."/static" = {