From 9e5bad593e07542c55114d52935d2089464fcf1a Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 18 Feb 2026 12:12:18 +0100 Subject: [PATCH] remove public-reverse-proxy (it is now on ansible-infra) --- .../public-reverse-proxy/configuration.nix | 10 ---- config/hosts/public-reverse-proxy/default.nix | 8 --- config/hosts/public-reverse-proxy/nginx.nix | 51 ------------------- flake.nix | 9 ---- 4 files changed, 78 deletions(-) delete mode 100644 config/hosts/public-reverse-proxy/configuration.nix delete mode 100644 config/hosts/public-reverse-proxy/default.nix delete mode 100644 config/hosts/public-reverse-proxy/nginx.nix diff --git a/config/hosts/public-reverse-proxy/configuration.nix b/config/hosts/public-reverse-proxy/configuration.nix deleted file mode 100644 index a80f516..0000000 --- a/config/hosts/public-reverse-proxy/configuration.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, pkgs, ... }: - -{ - networking = { - hostName = "public-reverse-proxy"; - domain = "z9.ccchh.net"; - }; - - system.stateVersion = "23.05"; -} diff --git a/config/hosts/public-reverse-proxy/default.nix b/config/hosts/public-reverse-proxy/default.nix deleted file mode 100644 index 20dd895..0000000 --- a/config/hosts/public-reverse-proxy/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ - ./configuration.nix - ./nginx.nix - ]; -} diff --git a/config/hosts/public-reverse-proxy/nginx.nix b/config/hosts/public-reverse-proxy/nginx.nix deleted file mode 100644 index 68c30c2..0000000 --- a/config/hosts/public-reverse-proxy/nginx.nix +++ /dev/null @@ -1,51 +0,0 @@ -# Sources for this configuration: -# - https://nixos.wiki/wiki/Nginx -# - https://nixos.org/manual/nixos/stable/#sec-firewall -# - https://git.grzb.de/yuri/nix-infra/-/tree/3896d34f4f7f3b5dd5cbd270a14b56b102ef3a2a/hosts/web-public-2 - -{ config, pkgs, ... }: - -{ - services.nginx.appendHttpConfig = '' - map $host $upstream_acme_challenge_host { - club-assistant.ccchh.net 10.31.208.10; - netbox.ccchh.net 10.31.208.29:31820; - light.ccchh.net 10.31.208.23; - light-werkstatt.ccchh.net 10.31.208.23; - thinkcccore0.ccchh.net 10.31.242.3; - thinkcccore1.ccchh.net 10.31.242.4; - thinkcccore2.ccchh.net 10.31.242.5; - thinkcccore3.ccchh.net 10.31.242.6; - zigbee2mqtt.ccchh.net 10.31.208.25:31820; - esphome.ccchh.net 10.31.208.24:31820; - proxmox-backup-server.ccchh.net 10.31.208.28; - default ""; - } - ''; - - services.nginx = { - enable = true; - - virtualHosts."well-known_acme-challenge" = { - default = true; - - listen = [{ - addr = "0.0.0.0"; - port = 80; - }]; - - locations."/.well-known/acme-challenge/" = { - proxyPass = "http://$upstream_acme_challenge_host"; - }; - - # Better safe than sorry. - # Don't do a permanent redirect to avoid acme challenge pain. - locations."/" = { - return = "307 https://$host$request_uri"; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 443 ]; -} diff --git a/flake.nix b/flake.nix index ecc9db5..fe0cbdc 100644 --- a/flake.nix +++ b/flake.nix @@ -94,15 +94,6 @@ ]; }; - public-reverse-proxy = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = [ - self.nixosModules.common - self.nixosModules.proxmox-vm - ./config/hosts/public-reverse-proxy - ]; - }; - matrix = nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [