Simon Bruder
7a7c90f9f9
This also changes fuuko/media to no longer take the htpasswd file from a file locally stored on fuuko, but rather defines it in sops to be usable by all systems.
50 lines
1.3 KiB
Nix
50 lines
1.3 KiB
Nix
{ config, ... }:
|
|
|
|
{
|
|
sops.secrets = {
|
|
media-htpasswd.owner = "nginx";
|
|
media-proxy-auth.owner = "nginx";
|
|
media-sb-proxy-auth = {
|
|
owner = "nginx";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."media-sb.sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
|
|
|
locations = {
|
|
"/" = {
|
|
extraConfig = ''
|
|
rewrite ^(.*/)$ /__regular$1 last;
|
|
rewrite ^(.*\\.[^/]*)$ /__storagebox$1 last;
|
|
'';
|
|
};
|
|
"/__nginx-interactive-index-assets__/".alias = "${builtins.filterSource
|
|
(path: type: baseNameOf path != "default.nix")
|
|
../../../modules/nginx-interactive-index}/";
|
|
|
|
"/__regular/" = {
|
|
extraConfig = ''
|
|
internal;
|
|
proxy_pass https://media.sbruder.de/;
|
|
include ${config.sops.secrets.media-proxy-auth.path};
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
"/__storagebox/" = {
|
|
extraConfig = ''
|
|
internal;
|
|
proxy_pass https://u313368-sub3.your-storagebox.de/;
|
|
proxy_set_header Host u313368-sub3.your-storagebox.de;
|
|
include ${config.sops.secrets.media-sb-proxy-auth.path};
|
|
proxy_buffering off;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|