dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2025-12-26 15:04:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

vira on nginx

Browse source
This commit is contained in:
Sridhar Ratnakumar 2025-09-04 22:01:44 -04:00
parent ae259fa0a2
commit 3bc5b05c42
3 changed files with 47 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
configurations/nixos/pureintent/default.nix
View file

@ -24,6 +24,7 @@ in
services.tailscale.enable = true;
networking.firewall.allowedTCPPorts = [
80
443
];
programs.nix-ld.enable = true; # for vscode server

6
flake.lock generated
View file

@ -1479,11 +1479,11 @@
"tabler-icons-hs": "tabler-icons-hs"
},
"locked": {
"lastModified": 1757034328,
"narHash": "sha256-7pnWkaUaXMRnqZh9X53yo3iIttDmVVu+kvOuFsM84zE=",
"lastModified": 1757036681,
"narHash": "sha256-Yr6x0+/s6vu+vzZPSL1Pi7kCMQQcyPkN6Mg/KCq0tkw=",
"owner": "juspay",
"repo": "vira",
"rev": "fecf73e240cb9661eb4ad745fc731a957197ca6f",
"rev": "45c4d9e5369e4c7f18bb5a71f68dd22685452c91",
"type": "github"
},
"original": {

47
modules/nixos/linux/vira.nix
View file

@ -10,12 +10,51 @@ in
services.vira = {
enable = true;
hostname = "0.0.0.0";
port = 5001;
https = true;
stateDir = "/var/lib/vira";
openFirewall = true;
hostname = "127.0.0.1"; # Cuz, nginx reverse proxy
port = 5001;
https = false; # Cuz, nginx reverse proxy
basePath = "/vira/"; # Cuz, nginx reverse proxy
package = inputs.vira.packages.${pkgs.system}.default;
};
# Configure nginx reverse proxy for vira with SSL
services.nginx.virtualHosts."pureintent" = {
forceSSL = true;
enableACME = false;
sslCertificate = "/var/lib/acme/pureintent/cert.pem";
sslCertificateKey = "/var/lib/acme/pureintent/key.pem";
locations."/vira/" = {
proxyPass = "http://127.0.0.1:5001/";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
# Generate self-signed certificate for nginx
systemd.services.nginx-self-signed-cert = {
description = "Generate self-signed certificate for nginx";
wantedBy = [ "multi-user.target" ];
before = [ "nginx.service" ];
script = ''
mkdir -p /var/lib/acme/pureintent
if [ ! -f /var/lib/acme/pureintent/cert.pem ] || [ ! -f /var/lib/acme/pureintent/key.pem ]; then
${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 -keyout /var/lib/acme/pureintent/key.pem -out /var/lib/acme/pureintent/cert.pem -days 365 -nodes -subj "/C=US/ST=Local/L=Local/O=Local/CN=pureintent"
chmod 600 /var/lib/acme/pureintent/key.pem
chmod 644 /var/lib/acme/pureintent/cert.pem
chown -R nginx:nginx /var/lib/acme/pureintent
fi
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}