From 4028e24be332ca6a9050c379e22d3455d399adb4 Mon Sep 17 00:00:00 2001 From: Trevor Vallender Date: Fri, 7 Jul 2023 16:42:17 +0100 Subject: [PATCH] Working networking on kernighan, with nginx --- system/kernighan/kernighan.nix | 7 ++++++- system/kernighan/services/nginx.nix | 22 ++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/system/kernighan/kernighan.nix b/system/kernighan/kernighan.nix index 3d09c6d..45662b9 100644 --- a/system/kernighan/kernighan.nix +++ b/system/kernighan/kernighan.nix @@ -11,6 +11,10 @@ networking = { hostName = "kernighan"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; interfaces = { end0.ipv4.addresses = [{ address = "192.168.40.25"; @@ -22,7 +26,8 @@ }]; }; defaultGateway = "192.168.40.1"; - defaultGateway6 = "00:b8:c2:db:b8:57"; + defaultGateway6.address = "fe80::00:b8:c2:db:b8:57"; + defaultGateway6.interface = "end0"; nameservers = [ "208.67.222.222" "208.67.220.220" ]; }; diff --git a/system/kernighan/services/nginx.nix b/system/kernighan/services/nginx.nix index 8c8aeb6..2cab710 100644 --- a/system/kernighan/services/nginx.nix +++ b/system/kernighan/services/nginx.nix @@ -3,17 +3,23 @@ { services.nginx = { enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."test.tsvallender.co.uk" = { - #forceSSL = true; - #enableACME = true; + forceSSL = true; + enableACME = true; root = "/var/www/tsvallender.co.uk"; }; }; - # security.acme = { - # acceptTerms = true; - # defaults = { - # email = "t+acme@tsvallender.co.uk"; - # }; - # }; + security.acme = { + acceptTerms = true; + defaults = { + email = "t+acme@tsvallender.co.uk"; + }; + }; }