From 0cb0a49565f644bd1ac75b4f626635020666e00a Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sun, 17 Nov 2024 12:52:55 +0100 Subject: [PATCH] kvernberg/taler: move behind nginx --- hosts/kvernberg/configuration.nix | 1 + hosts/kvernberg/services/nginx.nix | 5 +++++ hosts/kvernberg/services/pvvvvvv/bank.nix | 19 +++++++++++++------ hosts/kvernberg/services/pvvvvvv/exchange.nix | 12 +++++++++--- 4 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 hosts/kvernberg/services/nginx.nix diff --git a/hosts/kvernberg/configuration.nix b/hosts/kvernberg/configuration.nix index c665517..9eabc5c 100644 --- a/hosts/kvernberg/configuration.nix +++ b/hosts/kvernberg/configuration.nix @@ -7,6 +7,7 @@ (fp /misc/metrics-exporters.nix) ./disks.nix + ./services/nginx.nix ./services/pvvvvvv ]; diff --git a/hosts/kvernberg/services/nginx.nix b/hosts/kvernberg/services/nginx.nix new file mode 100644 index 0000000..12ea53c --- /dev/null +++ b/hosts/kvernberg/services/nginx.nix @@ -0,0 +1,5 @@ +{ config, lib, ... }: + +{ + services.nginx.enable = true; +} diff --git a/hosts/kvernberg/services/pvvvvvv/bank.nix b/hosts/kvernberg/services/pvvvvvv/bank.nix index ab067c5..fc6aa0a 100644 --- a/hosts/kvernberg/services/pvvvvvv/bank.nix +++ b/hosts/kvernberg/services/pvvvvvv/bank.nix @@ -7,7 +7,6 @@ in { services.libeufin.bank = { enable = true; debug = true; - openFirewall = true; createLocalDatabase = true; initialAccounts = [ { username = "exchange"; @@ -18,23 +17,31 @@ in { settings = { libeufin-bank = { WIRE_TYPE = "x-taler-bank"; - X_TALER_BANK_PAYTO_HOSTNAME = "kvernberg.pvv.ntnu.no:8082"; - BASE_URL = "kvernberg.pvv.ntnu.no:8082"; + X_TALER_BANK_PAYTO_HOSTNAME = "bank.kvernberg.pvv.ntnu.no"; + BASE_URL = "bank.kvernberg.pvv.ntnu.no"; ALLOW_REGISTRATION = "yes"; REGISTRATION_BONUS_ENABLED = "yes"; - REGISTRATION_BONUS = "${CURRENCY}:100"; + REGISTRATION_BONUS = "${CURRENCY}:500"; - DEFAULT_DEBT_LIMIT = "${CURRENCY}:500"; + DEFAULT_DEBT_LIMIT = "${CURRENCY}:0"; ALLOW_CONVERSION = "no"; ALLOW_EDIT_CASHOUT_PAYTO_URI = "yes"; - SUGGESTED_WITHDRAWAL_EXCHANGE = "http://kvernberg.pvv.ntnu.no:8081/"; + SUGGESTED_WITHDRAWAL_EXCHANGE = "https://exchange.kvernberg.pvv.ntnu.no/"; inherit CURRENCY; }; }; }; + + services.nginx.virtualHosts."bank.kvernberg.pvv.ntnu.no" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:8082"; + }; + } diff --git a/hosts/kvernberg/services/pvvvvvv/exchange.nix b/hosts/kvernberg/services/pvvvvvv/exchange.nix index 6e34e3b..b1b3139 100644 --- a/hosts/kvernberg/services/pvvvvvv/exchange.nix +++ b/hosts/kvernberg/services/pvvvvvv/exchange.nix @@ -11,7 +11,6 @@ in { services.taler.exchange = { enable = true; debug = true; - openFirewall = true; denominationConfig = '' ## Old denomination names cannot be used again # [COIN-${CURRENCY}-k1-1-0] @@ -148,16 +147,23 @@ in { MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path; }; exchange-account-test = { - PAYTO_URI = "payto://x-taler-bank/bank:8082/exchange?receiver-name=Exchange"; + PAYTO_URI = "payto://x-taler-bank/bank.kvernberg.pvv.ntnu.no/exchange?receiver-name=Exchange"; ENABLE_DEBIT = "YES"; ENABLE_CREDIT = "YES"; }; exchange-accountcredentials-test = { - WIRE_GATEWAY_URL = "http://kvernberg.pvv.ntnu.no:8082/accounts/exchange/taler-wire-gateway/"; + WIRE_GATEWAY_URL = "http://bank.kvernberg.pvv.ntnu.no/accounts/exchange/taler-wire-gateway/"; WIRE_GATEWAY_AUTH_METHOD = "BASIC"; USERNAME = "exchange"; PASSWORD = "exchange"; }; }; }; + + services.nginx.virtualHosts."exchange.kvernberg.pvv.ntnu.no" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:8081"; + }; }