2 { pkgs, lib, config, ... }:
4 inherit (config) networking;
5 inherit (config.security) gnupg;
6 inherit (config.services) nginx;
8 onion = "dfc66yn2fundui5yvq2ndx4nmcmbxpho4ji32tlc4cncrjvs2b5yu4id";
12 relay.onionServices."nginx/${domain}/${srv}" = {
13 secretKey = gnupg.secrets."tor/onion/${onion}/hs_ed25519_secret_key".path;
16 #{ port = 443; target = { port = 8443; }; }
19 "descriptor:x25519:2EZQ3AOZXERDVSN6WO5LNSCOIIPL2AT2A7KOS4ZIYNVQDR5EFM2Q" # julm
22 client.onionServices.${onion} = {
23 clientAuthorizations = [
24 gnupg.secrets."tor/auth/julm".path
28 security.gnupg.secrets."tor/onion/${onion}/hs_ed25519_secret_key" = {};
29 security.gnupg.secrets."tor/auth/julm" = {};
31 virtualHosts."${srv}.${domain}" = {
32 serverAliases = [ domain "${onion}.onion" ];
37 root = "/var/lib/nginx";
39 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
40 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
42 locations."/".extraConfig = ''
45 locations."/julm".extraConfig = ''
48 fancyindex_exact_size off;
49 fancyindex_name_length 255;
50 open_file_cache_valid 1s;
52 locations."/sevy".extraConfig = ''
53 auth_basic "sevy's area";
54 auth_basic_user_file ${gnupg.secrets."nginx/sevy/htpasswd".path};
59 systemd.services.nginx = {
61 LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"];
63 "/home/julm/dl:/var/lib/nginx/julm/dl"
64 "/home/julm/haskell:/var/lib/nginx/julm/haskell"
67 wants = [ gnupg.secrets."nginx/sevy/htpasswd".service ];
68 after = [ gnupg.secrets."nginx/sevy/htpasswd".service ];
70 security.gnupg.secrets."nginx/sevy/htpasswd" = {
71 # Generated with: echo "$user:$(openssl passwd -apr1)"
sourcephile / git / sourcephile-nix.git / blob