From 9c32e42dcccba4a967ff450814c3e7a3915bafa1 Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Thu, 12 Jun 2025 12:47:43 +0200 Subject: [PATCH] Add nginx server in tent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Aleix Boné Reviewed-by: Aleix Roca Nonell --- m/tent/configuration.nix | 1 + m/tent/nginx.nix | 54 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 m/tent/nginx.nix diff --git a/m/tent/configuration.nix b/m/tent/configuration.nix index 1495755..c041683 100644 --- a/m/tent/configuration.nix +++ b/m/tent/configuration.nix @@ -7,6 +7,7 @@ ../module/debuginfod.nix ../module/ssh-hut-extern.nix ./monitoring.nix + ./nginx.nix ]; # Select the this using the ID to avoid mismatches diff --git a/m/tent/nginx.nix b/m/tent/nginx.nix new file mode 100644 index 0000000..f67a525 --- /dev/null +++ b/m/tent/nginx.nix @@ -0,0 +1,54 @@ +{ theFlake, pkgs, ... }: +let + website = pkgs.stdenv.mkDerivation { + name = "jungle-web"; + src = theFlake; + buildInputs = [ pkgs.hugo ]; + buildPhase = '' + cd web + rm -rf public/ + hugo + ''; + installPhase = '' + cp -r public $out + ''; + # Don't mess doc/ + dontFixup = true; + }; +in +{ + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."jungle.bsc.es" = { + root = "${website}"; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + ]; + extraConfig = '' + set_real_ip_from 127.0.0.1; + set_real_ip_from 84.88.52.107; + real_ip_recursive on; + real_ip_header X-Forwarded-For; + + location /cache { + rewrite ^/cache/(.*) /$1 break; + proxy_pass http://127.0.0.1:5000; + proxy_redirect http:// $scheme://; + } + location /grafana { + proxy_pass http://127.0.0.1:2342; + proxy_redirect http:// $scheme://; + proxy_set_header Host $host; + # Websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + ''; + }; + }; +}