added endpoints

profiles/sops.nix

@@ -16,7 +16,7 @@
   sops.age.sshKeyPaths = [
 			  "/etc/ssh/nixos"
 			  #"/$HOME/.ssh/nixos"
-        #"/home/gunalx/.ssh/nixos"
+                          #"/home/gunalx/.ssh/nixos"
 			];
   # This is using an age key that is expected to already be in the filesystem
   sops.age.keyFile = "/var/lib/sops-nix/key.txt";

services/nginx.nix

@@ -1,6 +1,12 @@
 { config, pkgs, lib, ... }:
 {  
-
+  #declare secrets
+  sops.secrets."acme/certs" = {  };
+  sops.secrets."nginx/defaultpass" = {
+    restartUnits = [ "nginx.service" ];
+    owner = "nginx";
+  };
+  networking.domain = "addictedmaker.eu";
   #acme and certs helpful blog https://carjorvaz.com/posts/
   security.acme = {
     acceptTerms = true;
@@ -8,10 +14,18 @@
     
     certs."${config.networking.domain}" = {
       domain = "${config.networking.domain}";
-      extraDomainNames = [ "*.${config.networking.domain}"   "lauterer.it" "*.lauterer.it" "*.256.no" "*.256.no"];
+      extraDomainNames = [ 
-      dnsProvider = "domeneshop";   # from here according to privider https://go-acme.github.io/lego/dns/ 
+        "*.${config.networking.domain}"
+        #"${config.networking.domain}"
+        #"lauterer.it"
+        "*.lauterer.it"
+        "*.256.no"
+      ];
+      dnsProvider = "domeneshop";   # from here according to provider https://go-acme.github.io/lego/dns/ 
       dnsPropagationCheck = true;
-      credentialsFile =  config.sops.secrets."acme/certs".path; #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
+      #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
+      #credentialsFile =  config.sops.secrets."acme/certs".path; 
+      credentialsFile =  "/run/secrets/acme/certs"; 
     };
   };
 
@@ -19,14 +33,6 @@
   users.users.nginx.extraGroups = [ "acme" ];
   users.users.root.extraGroups = [ "acme" ];
 
-  #declare secrets
-  sops.secrets."acme/certs" = {  };
-  sops.secrets."nginx/defaultpass" = {
-    restartUnits = [ "nginx.service" ];
-    owner = "nginx";
-  };
-
-  #TODO add oauth2 proxy to auth
   # services.oauth2_proxy = {
   #   enable = true;
   # }
@@ -67,6 +73,27 @@
       };
       basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
     };
+    
+    virtualHosts."home.lauterer.it" = {
+      forceSSL = true;
+      useACMEHost = config.networking.domain;
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://10.0.0.32:8123";
+      };
+      # ignorerer sikkerhet for littegran for å oprettholde lettvinthet og app kompatibilitet.
+      #basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
+    };
+
+    virtualHosts."jellyfin.lauterer.it" = {
+      forceSSL = true;
+      useACMEHost = config.networking.domain;
+      locations."/" = {
+        proxyWebsockets = true;
+        proxyPass = "http://100.84.215.84:8096";
+      };
+      #basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
+    };
 
    # virtualHosts.${"vpn."+config.networking.domain} = {
    #   forceSSL = true;

services/ssh.nix

@@ -2,7 +2,7 @@
 {
   environment.systemPackages = [
     pkgs.openssh
-    pkgs.endlessh
+    pkgs.endlessh-go
     pkgs.sshguard
   ];
 
@@ -21,12 +21,10 @@
     #  # remove some weaker ciphers
     #];
   };
-  services.endlessh = {
+  services.endlessh-go = {
     enable = true;
     port = 22;
     openFirewall = true;
   };
   services.sshguard.enable = true; #protection against brute force attacks like fail2ban
-
-
 }