Set up secrets domain

3 files changed, 21 insertions, 1 deletions

diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix
index 21da3b4..b54a392 100755
--- a/host/Spacebar-nginx/configuration.nix
+++ b/host/Spacebar-nginx/configuration.nix
@@ -26,6 +26,9 @@
       recommendedTlsSettings = true;
       virtualHosts = {
         "mail.spacebar.chat" = import ./hosts/spacebar.chat/mail.nix;
+
+        #local only
+        "secrets.spacebar.local" = import ./hosts/spacebar.local/secrets.nix { inherit lib config; };
       };
     };
   };
diff --git a/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix b/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix
new file mode 100644
index 0000000..d52d481
--- /dev/null
+++ b/host/Spacebar-nginx/hosts/spacebar.local/secrets.nix
@@ -0,0 +1,17 @@
+{ lib, config }: {
+  root = "/data/nginx/secrets";
+  #use ip from ens18
+  listenAddresses = [ 
+    (lib.head config.networking.interfaces.ens18.ipv4.addresses).address
+   ];
+  locations = {
+    "/" = {
+      extraConfig =
+        "autoindex on;" + 
+        "allow 192.168.1.0/24;" +
+        "allow 127.0.0.1;" +
+        "deny all;"
+        ;
+    };
+  };
+}
diff --git a/modules/base.nix b/modules/base.nix
index c9657e4..9bfc097 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -71,7 +71,7 @@
     sudo = { 
       wheelNeedsPassword = false;
       execWheelOnly = true;
-    }
+    };
     polkit.enable = true;
   };