hosts/losurdo/nginx.nix

   1 { pkgs, config, hostName, ... }:
   2 let
   3   inherit (config) networking;
   4   inherit (config.services) nginx;
   5 in
   6 {
   7   imports = [
   8     ../../nixos/profiles/services/nginx.nix
   9     nginx/sourcephile.fr.nix
  10   ];
  11   users.groups."acme".members = [ nginx.user ];
  12   users.groups."keys".members = [ nginx.user ];
  13   users.groups."transmission".members = [ nginx.user ];
  14   networking.nftables.ruleset = ''
  15     table inet filter {
  16       chain input-net {
  17         tcp dport { http, https } counter accept comment "HTTP(S)"
  18       }
  19     }
  20   '';
  21   fileSystems."/var/lib/nginx" = {
  22     device = "${hostName}/var/www";
  23     fsType = "zfs";
  24   };
  25   services.upnpc.enable = true;
  26   services.upnpc.redirections = [
  27     {
  28       description = "HTTP";
  29       externalPort = 80;
  30       protocol = "TCP";
  31       duration = 30 * 60;
  32       service.wantedBy = [ "nginx.service" ];
  33       service.partOf = [ "nginx.service" ];
  34     }
  35     {
  36       description = "HTTPS";
  37       externalPort = 443;
  38       protocol = "TCP";
  39       duration = 30 * 60;
  40       service.wantedBy = [ "nginx.service" ];
  41       service.partOf = [ "nginx.service" ];
  42     }
  43   ];
  44   services.nginx = {
  45     enable = true;
  46     package = pkgs.nginx.override {
  47       modules = with pkgs.nginxModules; [
  48         fancyindex
  49       ];
  50     };
  51     resolver = {
  52       addresses = [ "127.0.0.1:53" ];
  53       valid = "";
  54     };
  55     virtualHosts."_" = {
  56       default = true;
  57       extraConfig = ''
  58         # Connection closed without response
  59         return 444;
  60       '';
  61       forceSSL = true;
  62       useACMEHost = networking.domain;
  63     };
  64   };
  65 }