]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/nginx/aubergine.nix
oignon: sshfs: allow exec
[julm/julm-nix.git] / hosts / aubergine / nginx / aubergine.nix
1 { lib, config, hostName, ... }:
2 with (import ../networking/names-and-numbers.nix);
3 let
4 inherit (config.networking) domain;
5 root = "/var/lib/nginx";
6 in
7 {
8 services.nginx = {
9 virtualHosts."${hostName}.${domain}" = {
10 serverAliases = [
11 "${wifiIPv4}.1"
12 "${eth1IPv4}.1"
13 "${eth2IPv4}.1"
14 "${eth3IPv4}.1"
15 ];
16 #onlySSL = true;
17 #addSSL = true;
18 #forceSSL = true;
19 #useACMEHost = domain;
20 root = root;
21 extraConfig = ''
22 access_log /var/log/nginx/${domain}/${hostName}/access.json json buffer=32k;
23 error_log /var/log/nginx/${domain}/${hostName}/error.log warn;
24 '';
25 locations."/".extraConfig = ''
26 #autoindex on;
27 return 444;
28 '';
29 locations."/perso" = {
30 #basicAuthFile = gnupg.secrets."nginx/perso/htpasswd".path;
31 extraConfig = ''
32 autoindex on;
33 fancyindex on;
34 fancyindex_exact_size off;
35 fancyindex_name_length 255;
36 open_file_cache off;
37 #open_file_cache_valid 1s;
38 '';
39 };
40 };
41 };
42 systemd.services.nginx = {
43 serviceConfig = {
44 LogsDirectory = lib.mkForce [
45 "nginx/${domain}/${hostName}"
46 ];
47 BindReadOnlyPaths = [
48 "-/mnt/off2/julm/backup/das1/julm/perso:${root}/perso"
49 ];
50 };
51 };
52 }