]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/nginx/aubergine.nix
syncoid: import module isntead of patching nixpkgs
[julm/julm-nix.git] / hosts / aubergine / nginx / aubergine.nix
1 {
2 lib,
3 config,
4 hostName,
5 ...
6 }:
7 with (import ../networking/names-and-numbers.nix);
8 let
9 inherit (config.networking) domain;
10 root = "/var/lib/nginx";
11 in
12 {
13 services.nginx = {
14 virtualHosts."${hostName}.${domain}" = {
15 serverAliases = [
16 "${wifiIPv4}.1"
17 "${eth1IPv4}.1"
18 "${eth2IPv4}.1"
19 "${eth3IPv4}.1"
20 ];
21 #onlySSL = true;
22 #addSSL = true;
23 #forceSSL = true;
24 #useACMEHost = domain;
25 root = root;
26 extraConfig = ''
27 access_log /var/log/nginx/${domain}/${hostName}/access.json json buffer=32k;
28 error_log /var/log/nginx/${domain}/${hostName}/error.log warn;
29 '';
30 locations."/".extraConfig = ''
31 #autoindex on;
32 return 444;
33 '';
34 locations."/perso/photo" = {
35 #basicAuthFile = gnupg.secrets."nginx/perso/htpasswd".path;
36 extraConfig = ''
37 autoindex on;
38 #fancyindex on;
39 #fancyindex_exact_size off;
40 #fancyindex_name_length 255;
41 open_file_cache off;
42 #open_file_cache_valid 1s;
43 '';
44 };
45 locations."/perso/camera" = {
46 #basicAuthFile = gnupg.secrets."nginx/perso/htpasswd".path;
47 extraConfig = ''
48 autoindex on;
49 #fancyindex on;
50 #fancyindex_exact_size off;
51 #fancyindex_name_length 255;
52 open_file_cache off;
53 #open_file_cache_valid 1s;
54 '';
55 };
56 };
57 };
58 systemd.services.nginx = {
59 serviceConfig = {
60 LogsDirectory = lib.mkForce [
61 "nginx/${domain}/${hostName}"
62 ];
63 BindReadOnlyPaths = [
64 "-/mnt/off2/julm/backup/das1/julm/perso/photo:${root}/perso/photo"
65 "-/mnt/off2/julm/perso/camera:${root}/perso/camera"
66 ];
67 };
68 };
69 }