gergle: big if true

2025-01-11 19:52:03 +01:00
parent 13c921c47b
commit 8a8f5659fb
3 changed files with 95 additions and 26 deletions
--- a/modules/grzegorz.nix
+++ b/modules/grzegorz.nix
@@ -2,6 +2,8 @@
 let
  grg = config.services.greg-ng;
  grgw = config.services.grzegorz-webui;
+
+  machine = config.networking.hostName;
 in {
  services.greg-ng = {
    enable = true;
@@ -16,37 +18,77 @@ in {
    listenAddr = "localhost";
    listenPort = 42069;
    listenWebsocketPort = 42042;
-    hostName = "${config.networking.fqdn}";
-    apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api";
+    hostName = "${machine}-old.pvv.ntnu.no";
+    apiBase = "https://${machine}-backend.pvv.ntnu.no/api";
+  };
+
+  services.gergle = {
+    enable = true;
+    virtualHost = config.networking.fqdn;
  };

  services.nginx.enable = true;
-  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    forceSSL = true;
-    enableACME = true;
-    kTLS = true;
-    serverAliases = [
-      "${config.networking.hostName}.pvv.org"
-    ];
-    extraConfig = ''
-      allow 129.241.210.128/25;
-      allow 2001:700:300:1900::/64;
-      deny all;
-    '';
+  services.nginx.virtualHosts = {
+    ${config.networking.fqdn} = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+    };

-    locations."/" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+    "${machine}-backend.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}-backend.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+        proxyWebsockets = true;
+      };
    };
-    # https://github.com/rawpython/remi/issues/216
-    locations."/websocket" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
-      proxyWebsockets = true;
-    };
-    locations."/api" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
-    };
-    locations."/docs" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+
+    "${machine}-old.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}-old.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+      };
+      # https://github.com/rawpython/remi/issues/216
+      locations."/websocket" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
+        proxyWebsockets = true;
+      };
+      locations."/api" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
+      locations."/docs" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
    };
  };
 }