hosts/losurdo/nginx.nix

   1 { pkgs, lib, config, hostName, ... }:
   2 let
   3   inherit (config) networking;
   4   inherit (config.services) nginx;
   5 in
   6 {
   7 imports = [
   8   ../../nixos/profiles/services/nginx.nix
   9   nginx/sourcephile.fr.nix
  10 ];
  11 users.groups."acme".members = [nginx.user];
  12 users.groups."transmission".members = [nginx.user];
  13 networking.nftables.ruleset = ''
  14   add rule inet filter net2fw tcp dport 80 counter accept comment "HTTP"
  15   add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS"
  16 '';
  17 fileSystems."/var/lib/nginx" = {
  18   device = "${hostName}/var/www";
  19   fsType = "zfs";
  20 };
  21 services.upnpc.redirections = [
  22   { description = "HTTP"; externalPort =  80; protocol = "TCP"; duration = 30 * 60;
  23     service.wantedBy = ["nginx.service"];
  24     service.partOf = ["nginx.service"];
  25   }
  26   { description = "HTTPS"; externalPort = 443; protocol = "TCP"; duration = 30 * 60;
  27     service.wantedBy = ["nginx.service"];
  28     service.partOf = ["nginx.service"];
  29   }
  30 ];
  31 services.nginx = {
  32   enable = true;
  33   package = pkgs.nginx.override {
  34     modules = with pkgs.nginxModules; [
  35       fancyindex
  36     ];
  37   };
  38   resolver = {
  39     addresses = [ "127.0.0.1:53" ];
  40     valid = "";
  41   };
  42   virtualHosts."_" = {
  43     default = true;
  44     extraConfig = ''
  45       # Connection closed without response
  46       return 444;
  47     '';
  48     forceSSL = true;
  49     useACMEHost = networking.domain;
  50   };
  51 };
  52 }