setup local telegram bot

2024-06-30 13:53:24 +03:00 · 2024-06-30 13:53:24 +03:00 · 732b0ecfa0
commit 732b0ecfa0
parent 15244723e0
3 changed files with 26 additions and 1 deletions
--- a/machines/AMD-Workstation/default.nix
+++ b/machines/AMD-Workstation/default.nix
@ -81,7 +81,7 @@
  services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";
  services.ratbagd.enable = true;
  # Networking
-  networking.firewall.allowedTCPPorts = [ 8000 5900 52736 ];
+  networking.firewall.allowedTCPPorts = [ 8000 5900 52736 3456 ];
  networking.nameservers = [ "192.168.0.1" ];
  networking.defaultGateway = "192.168.0.1";
  networking.bridges.br0.interfaces = [ "enp9s0" ];
--- a/machines/Home-Hypervisor/default.nix
+++ b/machines/Home-Hypervisor/default.nix
@ -10,6 +10,8 @@ in {
    customProfiles.hardened
    customRoles.hypervisor

+    customProfiles.tg-bot
+
    customProfiles.acme
    customProfiles.attic
    customProfiles.atticd
--- a/profiles/servers/tg-bot.nix
+++ b/profiles/servers/tg-bot.nix
@ -0,0 +1,23 @@
+{ config, ... }:
+let
+  cert-fqdn = "tg.ataraxiadev.com";
+in {
+  security.acme.certs = {
+    ${cert-fqdn} = {
+      dnsResolver = "1.1.1.1:53";
+      dnsProvider = "cloudflare";
+      credentialFiles."CF_DNS_API_TOKEN_FILE" = config.sops.secrets.cf-dns-api.path;
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    ${cert-fqdn} = {
+      useACMEHost = cert-fqdn;
+      enableACME = false;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://192.168.0.100:3456";
+      };
+    };
+  };
+}