]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nginx/sourcephile.fr/www.nix
losurdo: allow access to Yubikey USB node
[sourcephile-nix.git] / hosts / mermet / nginx / sourcephile.fr / www.nix
1 { domain, ... }:
2 { pkgs, lib, config, ... }:
3 let
4 inherit (config) networking;
5 inherit (config.security) gnupg;
6 inherit (config.services) nginx;
7 srv = "www";
8 root = "/var/lib/nginx/${domain}";
9 in
10 {
11 systemd.services.nginx.serviceConfig = {
12 BindPaths = [
13 "/home/julm/work/sourcephile/txt:${root}/${srv}"
14 ];
15 StateDirectory = [
16 "nginx/${domain}/${srv}"
17 ];
18 LogsDirectory = lib.mkForce [
19 "nginx/${domain}/${srv}"
20 ];
21 };
22 services.nginx = {
23 virtualHosts."${srv}.${domain}" = {
24 serverAliases = [ domain ];
25 forceSSL = true;
26 useACMEHost = domain;
27 root = "${root}/${srv}";
28 extraConfig = ''
29 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
30 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
31 '';
32 locations."/".extraConfig = ''
33 #autoindex on;
34 fancyindex on;
35 fancyindex_name_length 255;
36 fancyindex_exact_size off;
37 '';
38 locations."/git".return = "302 https://git.${domain}/$request_uri";
39 locations."/versions".return = "302 https://git.${domain}/$request_uri";
40 locations."/codes_sources".return = "302 http://git.${domain}";
41 locations."/mails".return = "302 https://mails.${domain}/$request_uri";
42 locations."/listes".return = "302 https://mails.${domain}/$request_uri";
43 };
44 };
45 }